Cyber Security Tips for All of Us
By Scott Valcourt, CIS
October 17, 2007
[ed. Note: October is Cyber Security Awareness Month. For
a list of related events taking place Thursday, Oct. 18,
go to http://cis.unh.edu/index.cfm?id=F94A7FA5-0066-404F-03E5F10176DF2B88 ]
As a longtime fan of the former NBC situation comedy “Cheers” I
often long for the face recognition that the character Norm
received every time he entered Cheers. In today’s fixed
and mobile computing world, to be as well-recognized as Norm
may not be such a good thing, especially if personal data
is unknowingly being readily broadcast by your trusty computer.
With so much of our everyday world interfacing with computers,
there are many things that we can do to protect ourselves
from personal data loss.
First, understand the risks involved in computer usage.
I recall learning to drive a car and watching the scary videos
of accidents that were the result of improper driving habits.
For both a bit of humor and good lessons on cyber security
in everyday computer usage, check out the winners of the
2007 EDUCAUSE Security Video Contest at URL: http://www.educause.edu/SecurityVideoContest2007/13549.
A variety of issues are presented such as dealing with passwords,
Web site and e-mail scams, and virus protection. Knowing
that some things are easily and safely done online while
other tasks are best done in person will go a long way to
protecting yourself from attack.
Second, take steps to ensure a secure visit on the Internet.
When asked for contact information from a Web site, such
as an online retailer or an online marketing page, examine
of the Web site.
Know how the retailer will be using your information. Avoid
providing your birth date and social security number on Web
sites to minimize an attacker from easily acquiring data
about you and hijacking your identity.
Check to see that the online transaction is being encrypted.
Many Web sites use secure sockets layer (SSL) encryption
to transfer sensitive data, and a small padlock icon on the
bottom right side of your browser or the header in the address
text box (Figure 1) of https:// is a good indication that
SSL certificates are being used to encrypt your transaction.
Those transactions that are not encrypted can be viewed by
attackers using sniffing software on the network, making
your personal data vulnerable.
Third, pay attention to e-mail senders and recipients in
your e-mail client. Any address in an e-mail summary listing
that is unknown to you may, in fact, be an e-mail containing
a virus or spyware and merely opening the message using Microsoft
Outlook, Eudora or Thunderbird will cause that message to
infect your system.
While some of the e-mail jokes that get forwarded can be
really humorous, a Trojan horse may be attached, waiting
to wreak havoc on your computer. And even if you do receive
an e-mail message from an account that looks somewhat familiar
to you, never e-mail critical personal data in a message,
such as birth date, social security number, account passwords,
bank account numbers and other identifying information. These
e-mail messages are designed to trick you into revealing
this information in the hopes that you will tell all, a practice
known as social engineering.
Finally, use your computer in a safe environment. Install
anti-virus software and turn it on. UNH students, faculty,
and staff have free access to McAfee Viruscan at http://virus.unh.edu .
If you are connecting to the Internet, be sure that you
are behind some kind of firewall on the network. UNH campus
networks are firewalled from the Internet to keep out many
attackers. However, when at home or traveling, be sure that
the network is secure.
Disconnect your computer from the network when you are not
using it and turn on the personal firewall that many operating
systems, such as Microsoft XP and Vista, offer as part of
the standard software distribution.
The United States Computer Emergency Readiness Team (US-CERT)
routinely reminds users on its Web site and via a regular
e-mail update list about common computer security exploits
that are discovered. A good source for a wealth of cyber
security tips beyond the tips suggested here can be found
on the US-CERT web site at URL: http://www.us-cert.gov/cas/tips/.
By following these few simple steps and being aware of your
Internet surroundings, your personal information can stay
as personal as you can keep it. And when someone recognizes
you, it will be because everyone knows your name and not
all of your personal data associated with it.
Scott Valcourt is the director of IT project management
and consulting services at Computing & Information Services.