Document Best Practices
Always keep a backup! When you do, ensure that you protect your backup in the same manner that you’d protect the actual data. Remember, you no longer need the password to take a backup and read it on a different computer.
If you use a cloud-based service such as iCloud, Dropbox, Google Docs or Amazon E3, do so knowing that your information may be accessed by this vendor according to their terms of service. Please refer to their terms of service prior to storing anything sensitive such as financial documents, bank statements and account information.
Home Networking Best Practices
If someone can get access to your home network, they can conceivably download and make malicious use of your personal information. They can also use your bandwidth to engage in illegal activities. For these reasons, it is important that you follow these simple principles when setting up your home network. If you have a wireless router in your home, always place the router towards the middle of your home. That way a weaker signal will bleed through your walls to the outside of your home. Always set the password for your home router. Hackers will know the default passwords for dozens of home networking devices so you will not be secure. Always lock down your home wireless network. You should use WPA2 with a strong password (sometimes called pre-shared key) with the AES algorithm. If your home router does not support WPA2, you should use WPA.
If you must, use WEP for legacy wireless devices, but choose 128-bit WEP and use a randomly generated WEP key. WEP is less-secure than WPA2/WPA, but it will dissuade the passersby from using your Wireless Networking.
Mobile Device Security
Creating a strong password for your e-mail account is a good first step towards being secure. However, many smart phones will have the Username and Password fields populated during their configuration. This is a nice feature for ease of use, however anyone can simply pick up your phone and go through your e-mail. Many Smart Phone’s come with the capability to lock and password-protect the device when not in use. This is critical to keeping your personal information safe. A malicious individual can make use of not only your e-mail, but your recent call list and phone book.
In addition to locking the device, ensure that you install software from trusted vendors. iPhone’s make use of the App Store, which is fully vetted by Apple Computers to ensure that every program is safe and secure. If you Jailbreak your iPhone, you may add some additional capabilities but you are sacrificing a line of defense between malicious programs and your mobile device.
There are good programmers, and bad programmers in this world. While some would like to introduce new software to improve your day-to-day, others are trying to rip off your financial information so they can sell it to the highest bidder. It is important to be mindful of the latter and ensure that your computer is secure at all times. On University Machine’s we use a product called Forefront Endpoint Protection to monitor all computers for Viruses, Malware and Spyware. All three are malicious types of programs designed to harvest sensitive information, passwords and decrease productivity.
If you would like to protect your personal computer, you can download Microsoft Security Essentials for free via the link http://windows.microsoft.com/mse. Microsoft Security Essentials will scan running processes and downloaded files to ensure they contain no malicious code. It is important to update the Definitions for your virus scanner often to ensure you are protected against the newest threats that exist.
Recognizing a Phishing Attempt
For Identity Thieves, one of the most lucrative means of collecting personal information is called Phishing. It involves a malicious individual sending misleading e-mail requesting your personal information. Typically, they will require your Username and Password for some purpose such as ‘preventing your account from being disabled’, or ‘to receive your cash prize’. Phishing e-mail is simply a modern take on a very old scam. Once the user gives up their username and password, their e-mail account is harvested for Financial Information, Blackmail Material and then used to send additional phishing e-mails to their contacts.
No reputable organization will ever ask for your username and password via e-mail. If they need to reset your password, they will not need your current password to do so. Be very careful to whom you give any personal information to. Below you will see samples of actual Phishing Attempts that were received by University Personnel. Never give your username and password to anyone who asks for it via e-mail!
Phishing Example 1:
Subject: EMAIL QUOTA ALERT!!!
Your Mailbox Has Exceeded It Storage Limit As Set By Your Administrator, And You Will Not Be Able To Receive New Mails Until You Re-Validate It.
To Re-Validate –> Follow Link Here
Notice in Example 1 that this malicious individual is attempting to create an immediate need to ‘validate’ your e-mail address. This is done to cause anxiety for the reader and hopefully get them to follow its instructions before thinking about it. To reiterate, no Systems Administrator will ever ask for your Username and Password via e-mail.
Phishing Example 2:
From: firstname.lastname@example.org; on behalf of; Long Island University email@example.com Subject: Notice
Your account subscription has expired and your email account is about to be suspended, Confirm your account information to keep your email active.Click the secured below to extend your account.
© 2012 – Long Island University
Notice in Example 2 that the e-mail is purportedly coming from Long Island University, yet the actual e-mail address is firstname.lastname@example.org. Also, the spoofed account is misspelled as email@example.com instead of firstname.lastname@example.org. Those are both red flags, and should cause the reader to question the validity of this e-mail and simply delete it. To reiterate, no Systems Administrator will ever ask for your Username and Password via e-mail!