Tips to Protect Your Data

Protecting your computer from risk is vitally important to UNI. Computer security risks and threats continue to rise, and a vulnerable machine can be attacked and infected in a few seconds.

Many computer problems are a result of problems with security. Common problems include a computer that runs slowly or crashes regularly. Common solutions are removing a virus from the computer, cleaning off spyware, and maintaining the latest software updates.

It only takes one time for a security problem to affect your computer indefinitely. The best way to protect your computer from viruses and security breeches is by following a few fundamental steps.

1. Protect your valuable personal information
2. Use an anti-virus program and be aware of steps to take to minimize computer virsus risks
3. Install anti-spyware software and a desktop firewall program
4. Beware of links sent to you in chat sessions and be cautious when viewing email attachments
5. Use strong passwords and change your passwords often
6. Regularly update your operating system and your computer software
7. Take reasonable steps to limit physical access to your computer hardware as well as your computer data
8. Use care when selecting programs to download and install
9. Backup all computer files on a regular basis
10. Know where to go when you require help with your computer   

1. Protect your valuable personal information.

** Be suspicious of any email with urgent requests for personal financial information**

Never respond to unsolicited urgent requests for confidential personal information. Never give out personal information such as bank account numbers, PIN numbers, credit card numbers or your social security number unless you initiated the contact.

Phishing is an Internet scam whereby a message is sent out via email instructing recipients to immediately provide their financial institution with personal financial information. Typically these are urgent requests designed to look like they came from a bank or other service provider demanding that you "confirm" or "update" account information or passwords or risk having an account closed down. Others request you "confirm" personal financial information to assist in a fraud investigation involving a credit card or bank account.  These emails are designed to look like an official communication from a bank or credit card company. They generally instruct you to click on a link in the email leading you to a Web site where you are asked for information like account numbers, contact information, social security numbers or bank/credit card PIN numbers. This link doesn't go to your bank; it actually goes to a computer controlled by fraudsters. Once armed with your data, thieves take out cash advances from your accounts or may attempt to steal your identity and set up fraudulent bank or credit card accounts in your name.

2. Use the standard campus-wide anti-virus program and be aware of steps to take to minimize computer virus risks.

Make certain that anti-virus software has been installed on your computer. All UNI student/staff/faculty members have access to a no-cost, pre-configured and automated full version of Norton AntiVirus from Symantec. This software is designed to automatically update anti-virus software installed on your computer. 

If you use an anti-virus product other than Norton AntiVirus, please be aware of the following:

•  New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. Your anti-virus software should be updated on a schedule; update virus definitions at least every week and, if feasible, every day.

•  Your anti-virus software should always be running and the program should automatically begin working when the computer starts.

•  It is a good practice to enable your anti-virus heuristic controls. Anti-virus heuristic controls can stop the spread and infection of new viruses because they generate a type of scan check for items that could potentially be viruses.

Enable the macro virus protection feature in all of your Microsoft Office applications.
A macro is a mini computer program used to automate repetitive tasks in Microsoft Office applications. Macros are potential vectors for malicious (virus) activity. When you set macro virus protection to "Medium" in each of your Microsoft Office applications, each application will notify you when a macro(s) is contained in a file created and/or opened using the application.

Scan floppy disks, zip disks, USB drives and CDs for viruses before using them.
They may have been in contact with a virus-infected computer.

Disable your email system's preview pane view.
Disable the preview pane view if you use Microsoft Outlook, Microsoft Outlook Express, or Netscape Mail. Even if an email message is not intentionally opened, your computer can be infected with email viruses if the preview pane is enabled.

3. Install anti-spyware software and a desktop firewall program.

Spyware

Spyware is software that is usually downloaded from the Internet, either intentionally under the guise of a service or utility, or without your knowledge as a result of browsing malicious Web sites. Spyware gathers information about how you use your computer. It poses a threat to your privacy and may damage your system.

Download Spybot from http://www.safer-networking.org . This is a free program which does a decent job of preventing and detecting spyware on your computer. During the installation, be sure to enable a component called "tea timer" which provides real-time protection from Spyware. It is a good idea to scan your machine after install and to do so periodically. The software should be updated periodically as well. Some programs claiming to prevent spyware are actually spyware themselves. For a list of known "good" spyware programs, please see the following:   http://www.spywarewarrior.com/rogue_anti-spyware.htm

You may not realize it but you have a choice when it comes to Web browsers. Your Windows system comes with Internet Explorer, which you may recognize by this symbol:

Unfortunately, this browser suffers from inherent security problems making your system more susceptible to spyware. We recommend installing Firefox and setting that as your default browser. This is what the icon for Firefox looks like:

Firefox is available for free online at: http://www.mozilla.org/ .

Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet. Firewalls help guard computers against hackers as well as many computer viruses and worms.

If you are using a computer supplied by Technology Systems and Services, a firewall has been set up on your computer. If you are not sure if your computer has a firewall, ask desktop support.

4. Beware of links sent to you in chat sessions and be cautious when viewing email attachments.

Chat room links and email attachments are both handy features, but they can also be used to spread computer viruses and other malicious programs.

Chat room links
Often when chatting online, a friend will post a link to an interesting or entertaining Web page. But are you sure your friend sent this? Chat rooms are unfortunately plagued with "bots" or automated programs on infected computers that send links to malicious Web sites to anyone in that person's "buddy" or contact list. Clicking on these malicious links can give someone remote control over your computer who may then use your machine to attack other computers, to send out spam, or to host spyware. Once your computer is part of a bot net, aside from the personal security risks, you could harm others and may have your Internet connection suspended by your service provider.

What to do?
If you don't know the person sending the link, definitely don't click on it!

Only click on a link in a chat room after you have verified the sender's intentions. Reply to them and ask if they actually sent the link on purpose and make sure they are who you think they are.

Email attachments
What are attachments?
Attachments are files, such as a document or picture that can be sent along with an email. Viruses spread by hijacking an infected computer's email address book. The virus sends copies of itself as email attachments to everyone in the victim's email address book. This gives the appearance that your friend is emailing you a joke or a document, but it's really the virus attempting to spread itself.

Common-sense precautions
Some common-sense precautions can help us differentiate between legitimate and malicious email attachments.

If you receive an unexpected email attachment, even if you know the sender, do not open the attachment unless you can answer "YES" to all three of the following conditions:

•  I know exactly what this file is.

•  I have scanned this file with my virus scan AND I have ensured that my virus scan was recently updated.

•  I have verified the identity of the sender and their intentions via email or phone call.

It is advisable to ensure that the email program you use does not automatically open or download email attachments.

It can also be helpful to compare the email subject line with the email text (contents) and with the email attachment name. Do the three make sense when compared to each other?

Beware of links to malicious Web sites
Do not click on a hyperlink contained in an email if you do not know where the hyperlink will take you -- even if you know the email sender. This could be a link to a malicious program which could give unwanted access to your computer. Know what the link is before clicking on it and make sure you know the sender really intended to send this to you.

Display email messages in plain text
If you use Microsoft Outlook, Microsoft Outlook Express, or Netscape Mail, consider configuring the program to display messages in plain text versus HTML. When an incoming email message is HTML-enabled, the chances of getting a computer virus are higher than if the incoming message is in plain text.

Beware of virus hoaxes
Do not take action regarding virus warnings that are received via email until you verify that the warning is genuine; instructions in the email hoax may ask you to perform tasks on your computer that may harm it and your data. Check with an authoritative source to determine if the email is a hoax.

5. Use strong passwords and change your passwords often.

•  A strong password is one that is not obvious or easy to guess. A strong password should be 8 - 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols such as punctuation marks and special characters.

•  Do not share information about your user IDs or passwords/PINs with others.

•  Always change the default password when you receive a new account that requires a password and assigns a default.

•  When setting up multiple accounts, try to use unique passwords for each account.

•  Make it a practice to change your password every 90 days, especially when using public computers. This practice will better prevent people from knowing and utilizing your password.

•  Try not to write your passwords down; choose passwords that are easy to remember.

•  Do not log others into a computer with your ID and password.

6. Regularly update your operating system and your computer software.

As flaws are discovered by users, software makers such as Microsoft release software updates. To ensure that your computer is secure, install the appropriate updates. For Administration and Finance division computers, updates are automatically installed by the system's administration.  Microsoft products can be updated from the following Web sites:

•  Microsoft Operating Systems (works with Internet Explorer only)

•  Microsoft Office Products

Helpful information regarding Microsoft Windows security features can be found at:
http://www.microsoft.com/athome/security/protect/windowsxp/default.mspx

Apple Macintosh users should visit the "Apple Downloads" page for important updates:
http://www.apple.com/support/downloads/

7. Take reasonable steps to limit physical access to your computer hardware as well as your computer data.

•  If you are going to step away from your computer for an extended period of time or if you are finished using it, remember to log out.

•  Make it a practice to enable a password-protected screen saver on your computer. The screen saver should activate after an idle time of no more than 10 minutes.

•  Consider using a boot password for your computer.

•  Be aware of who has keys to your work area as well as who has physical access to your computer.

8. Use care when selecting programs to download and install.

Multitudes of no-cost programs are available for all types of operating systems, with more becoming available each day. If a program is written with malicious intent, the author/intruder will not tell you that it will harm your system. Other programs may not be malicious, but may unintentionally interfere with software already installed on your computer.  Many no-cost programs collect data about you and then sell that data to advertisers. These types of programs are called "spyware" (see step 3 above).

9. Backup all computer files on a regular basis.

In case of emergencies, such as a computer local hard drive crash, documents and data files stored only on your local hard drive need to be backed up and backups need to be periodically tested. If you are not sure if your files are being backed up, contact your computer administrator.

Consider encrypting and/or password-protecting files so that data will be unusable if stolen. Note that conventional passwords, such as Windows passwords, do not secure your data.

10. Know where to go when you require help with your computer.
If you are employed by a department within the Administration and Finance division, you may submit your questions and concerns about computer help to the VPAF Help Desk. You can reach the Help Desk by phone at (319) 273-2461 or via email at vpaf-tss@uni.edu. The VPAF Help Desk consultants are a divisional resource for computer services and will help with any technology-related questions. Visit the VPAF Help Desk online at http://www.vpaf.uni.edu/tss/help_desk.asp