Security Tip of the Week Archive

Protect Your Computer
Protect Your Data
Protect Yourself
Did You Know?

Protect Your Computer

Laptop Security
Click here for a PDF version of this tip that can be printed as a poster.

Secure laptop computers at all times. If your laptop computer is stolen, important information can be exposed, including your personal and financial information.
1. Always keep your laptop with you - or lock it up securely before you step away.
2. Never leave access numbers or passwords in your carrying case.
3. Buy and use a laptop security device. Laptop lockdown cables are available at University Computer Sales and most computer or office supply stores.
4. Laptops containing any University Confidential or Legally Restricted Data (defined in the University Information Technology Policy) should be encrypted.
If your laptop has been lost, stolen or compromised and it contains University Confidential or Legally Restricted Data, contact Information Technology Security immediately at 273-1804 for University departments or 784-6115 for Medical Center departments.

Click here for more information about laptop security.
Back to top...
Anti-Virus Protection: Doing Your Part
The University coordinated a large volume anti-virus software purchase in 2006 to encourage widespread use of comprehensive anti-virus programs on the University's network. This software, from Sophos, offers a broad range of protection for desktops, file servers, e-mail servers and gateways.

If you do not have Sophos Anti-Virus currently installed, please join the effort to keep the University network virus-free.

For University departments that are not part of the Medical Center, visit here for more information about anti-virus protection, and to download your version today.

For Medical Center departments, please reference http://intranet.urmc-sh.rochester.edu/InfoSystems/
HelpResources/ApplicationTips/AntiVirus/index.asp.
Back to top...
Protecting Cell phones and PDAs
Click here for a PDF version of this tip that can be printed as a poster.

As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims. Most cell phones can send and receive text messages; others connect to the internet. Although these useful features are convenient, attackers can take advantage of them to:
- Abuse your service
- Lure you to a malicious website
- Use your cell phone or PDA in an attack
- Gain access to account information
How to protect yourself:
- Be careful about posting your cell phone number and email address
- Do not follow links sent in email or text messages
- Be wary of downloadable software
- Evaluate your security settings, such as Bluetooth connections, and disable Bluetooth when you are not using it
- Encrypt your cell phone or PDA if it contains sensitive data
Visit http://www.us-cert.gov/cas/tips/ST06-007.html for more information about protecting your cell phone and/or PDA.
Back to top...
Instant Messaging Security
Email isn't the only online communication that has security risks

Instant Messaging has become a popular way for people to communicate over the Internet. For some, it has even replaced email. However, instant messaging has many of the same security threats email does... and then some. Instant messaging can transfer viruses and other malware, provide an access point for Trojans, and give hackers an easy way to find victims. If you regularly use instant messaging, be aware of the security risks associated with it and take steps to protect yourself.

You should:
- Never open pictures, download files, or click links in messages from people you don't know
- Be careful when creating a screen name
- Create a barrier against unwanted instant messaging by not publishing your screen name
- Never provide sensitive personal information
- Only communicate with people who are on your contact or buddy lists
See the following links for more information on instant messaging safety.
Back to top...
Lock Your Computer Screen
When leaving your computer unattended, always make sure the screen is locked and password protected. Locking the screen will prevent others from accessing your session without your permission. All your applications and work will remain open in the background while the screen is locked, so when you return and enter your password, you can pick up where you left off.

See http://www.rochester.edu/its/security/resources/
desktop.html#password for more information on how to set up a password for your computer to lock automatically when the screensaver turns on.
Back to top...
Attack Resistant Computers
An up-to-date, properly configured computer is the best way to keep your computer safe from viruses and attacks. Making sure all security patches are installed, making sure anti-virus software is receiving daily updates, and disabling unneeded features such as file sharing and personal web sharing are all important steps.

You should:
- Make sure that the latest patches are installed on your computer regularly.
  Please see http://www.rochester.edu/it/security/computer/win_patches.php for information concerning Computer Updates.
- Make sure your anti-virus software is kept up to date.
  Sophos anti-virus software is available for all members of the University.
  - While the software is checking for updates, you should notice that the left side of the shield is flashing green. If the updates are unsuccessful, the shield will change its appearance to this: If you see the red X, try to run the updates again by double-clicking on the shield. If this does not work, contact the IT Center at 275-2000 (for University departments that are not part of the Medical Center) or the ISD Help Desk at 275-3200 (for Medical Center departments)..
  - For University departments that are not part of the Medical Center, visit http://www.rochester.edu/it/security/computer/antivirus.html for more information about anti-virus protection.
  - For Medical Center departments, anti-virus protection information can be found at http://intranet.urmcsh.rochester.edu/InfoSystems/HelpResources/ApplicationTips/AntiVirus/index.asp.
- Only install the software packages that you need on your computer.
  Many exploits used by computer hackers target vulnerabilities in computers that are running unnecessary services. The Code Red worm, for example, infected systems that were running Microsoft’s IIS web server, and in many cases the owners of the infected systems were unaware that the IIS service was turned on. You should contact your IT support area if you have questions concerning what software you should be installing.
Back to top...
Don't let spyware control your computer use
Did you know that eight out of ten computers are infected with spyware? Spyware is computer software that is surreptitiously installed on your computer and takes partial control of it without your consent. This malicious software can perform many behaviors, including:
- bombarding you with pop-up advertisements
- changing your home page or search page settings
- adding extra toolbars to your web browser
- slowing down your computer
- crashing your system
- tracking your activities
Lower your risk by taking the following steps:
- Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads
- Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them regularly
- Download free software only from sites you know and trust. Enticing free software downloads frequently contain other software, including spyware
- Don't click on links in pop-ups
- Don't click on links in spam or pop-ups that claim to offer anti-spyware software
Visit http://onguardonline.gov/spyware.html or http://www.rochester.edu/it/security/computer/spyware.php for more information concerning spyware.

Back to top...
Malware
Click here for a PDF version of this tip that can be printed and used as a poster.

Malware is short for "malicious software"; it includes viruses – programs that copy themselves without your permission – and spyware, programs installed without your consent to monitor or control your computer activity. Criminals are hard at work thinking up creative ways to get malware on your computer. They create appealing web sites, desirable downloads, and compelling stories to lure you to links that will download malware, especially on computers that don't use adequate security software. Then, they use the malware to steal personal information, send spam, and commit fraud.
Computers may be infected with malware if they:
- Slow down, malfunction, or display repeated error messages
- Won't shut down or restart
- Serve up a lot of pop-up ads, or display them when you're not surfing the web
- Display web pages or programs you didn't intend to use, or send emails you didn't write.
If you suspect malware is lurking on your computer:
- Stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware on your computer could be sending your personal information to identity thieves.
- Delete all unwanted email messages without opening them.
- Do not click on web links sent by someone you do not know
- Confirm that your security software is active and current. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall.
- Once your security software is up to date, run it to scan your computer for viruses and spyware, deleting anything the program identifies as a problem.
- If you suspect your computer is still infected, you may want to run a second anti-virus or anti-spyware program – or call in professional help.
Monitor your computer for unusual behavior. If you suspect your machine has been exposed to malware, take action immediately. Report problems with malware to your Ineternet Service Provider (ISP) so it can try to prevent similar problems and alert other subscribers, as well as to the Federal Trade Comission.

Back to top...
Public Computer Safety
Click here for a PDF version of this tip that can be printed and used as a poster.

Most of us will occasionally have to use a public computer for one reason or another. Whatever your reasons, using public computers will always carry an inherent risk of exposing your personal data. Here are some things you can do to protect yourself and lessen that risk.

1. Delete your Browsing History
This should be the first step you take to protect your privacy when Web surfing on a public computer. When you’ve finished browsing, it’s a good idea to delete your cookies, form data, history, and temporary Internet files.
How:
- In Internet Explorer 7, you can do this all at once under Tools | Delete Browsing History. In Mozilla
- Firefox, go to Tools | Options, click the Privacy tab, and select Always Clear My Private Data When I Close Firefox. This erases your browsing history, download history, saved form information, cache, and authenticated sessions. Click the Settings button and select the options to erase your cookies and saved passwords, too.
2. Don’t save files locally
When you’re using a computer other than your own, even if it’s a trusted friend’s machine, it’s polite to avoid saving files locally if you can help it. Many of the files you would normally save locally, such as e-mail attachments, can contain private or sensitive information. An easy way to protect this data is to carry a flash drive and save files there when necessary. It’s also a good idea to attach the flash drive to your key ring so you’ll be less likely to misplace it and create a new security problem.

3. Don’t save passwords
This should be obvious when using a public computer, but if the option is already turned on, you might forget about it.
How:
- Internet Explorer 7, go to Tools | Internet Options | Content. In the AutoComplete panel, click the Settings button and verify that the Prompt Me To Save Passwords check box is deselected.
- In Firefox, choose Tools | Options | Security and deselect Remember Passwords For Sites.
4. Don’t do online banking or enter credit card information
You should remember that ultimately, a public computer is never going to be anywhere close to completely secure, so there are some things you just shouldn’t use them for. If you really need to check your balance on the road, you’re much better off finding a branch office or ATM or using your phone.

Public computers are not the place for online shopping. Your purchases from eBay or Amazon.com can and should wait until you can browse from a more secure location. A little added convenience isn’t worth the trouble of having your credit card hijacked.

5. Delete temporary files
Temporary files, often abbreviated to “temp files”, are created when you use programs other than a web browser. For instance, when you create a Word document, in addition to the actual document file you save, Word creates a temporary file to store information so memory can be freed for other purposes and to prevent data loss in the file-saving process. These files are usually supposed to be deleted automatically when the program is closed or during a system reboot, but unfortunately they often aren’t.
How:

Do a search on all local drives (including subfolders, hidden, and system files) for *.tmp,*.chk,~*.*
This will bring up all files beginning with a tilde or with the extensions .tmp and .chk, which are the most common temp files. Once the search is complete, highlight all and Shift + Delete to remove them. (If you don’t hold down Shift, they’ll usually be sent to the Recycle Bin, which you would then have to empty.)

6. Remember to log out
Always log out of Web sites by clicking "log out" on the site. It's not enough to simply close the browser window or type in another address. Also remember to log off of a public machine when you are done using it. You are responsible for what happens while you are logged into your username.

7. Pay attention to your surroundings and use common sense
Finally, you need to remember to pay attention to things outside of the actual computer that could be a risk. Be aware of strangers around you (potential shoulder surfers) and remember that a public computer is just that — public. Don’t view any truly sensitive documents you couldn’t bear for others to see. Remember the security camera over your shoulder. Cover your hands from view when entering any login information to prevent any casual spying.

Most important, remember that there is nothing you can do to make a public computer completely secure. A truly malicious owner or user could install a hardware keystroke logger that would be impossible to detect without actually opening the case and inspecting it. With that less-than-comforting thought, use common sense and use public computers only for non-sensitive tasks. The University has taken many of these risks into account when building the public machines and has made each machine as safe as possible for your use. But always keep these tips in mind when using an unfamiliar computer.

Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Keep Your Computer Virus-Free
Click here for a PDF version of this tip that can be printed and used as a poster.

Are you worried about your computer becoming infected with a virus? Don't want to spend a small fortune on antivirus software? Then today's your lucky day!

The University provides Sophos Antivirus Software FREE to all faculty, staff, and students. This software offers a broad range of protection for desktops, file servers, and email servers and gateways.

Download Sophos desktop antivirus software for PCs and Macs.

Antivirus software helps prevent a virus from invading your computer. Here are some safe practices you can follow:
- If you're unsure about an attachment, delete it. Especially if it's from a source you don't recognize.
- Don't download unknown programs from the Web. This includes freeware, screensavers, games, and any other executable program - any files with an ".exe" or ".com" extension, such as "coolgame.exe." If you do have to download from the Internet, be sure to scan each program before running it.
- Update your antivirus software regularly. New viruses, worms, and Trojan horses are born daily, and variations of them can slip by software that is not current.
- Configure your antivirus software to boot automatically on start-up and run at all times. This will provide you back-up protection in case you forget to scan an attachment, or decide not to.
- Scan all incoming email attachments. Do this even if you recognize and trust the sender; malicious code, like Trojan horses, can slip into your system by appearing to be from a friendly source.
- Delete chain emails and junk email. Do not forward or reply to any to them. These types of email are considered spam - unsolicited, intrusive messages that clog up inboxes and networks.
- Don't automatically open attachments. Be sure your email program doesn't automatically download attachments. This will ensure that you can examine and scan attachments before they run. Refer to your email program's safety options or preferences menu for instructions.
- Back up any important files on an external drive or disk. In case a virus finds its way to your computer, be prepared. If a virus destroys your files, you will be able replace them with your back-up copy. You should store your backup copy in a separate location from your work files.
Become a fan of us on Facebook* for your chance to win a $100 iTunes Gift card. Contest ends October 30, 2009 at noon.

*Faculty and staff please follow your department's guidelines regarding the use of social networking sites.
Back to top...
Laptop Travel Safety
Click here for a PDF version of this tip that can be printed off and used as a poster.
A laptop computer defines convenience and mobility, but chances are you've heard stories about stolen laptops on the news or from friends and colleagues. As the holidays approach, here are some tips to help prevent your laptop from being stolen when you are traveling.
- Keep a careful eye on your laptop when you are in public.
- Password protect your screen.
- Avoid putting your laptop on the floor. If it is your only option, place it somewhere you are aware of it, like in between your legs.
- Don’t keep your passwords in your laptop carrying case. This could make it easier for a thief to access your personal or corporate information.
- Consider using a suitcase, briefcase or a backpack to carry your computer when traveling. Laptop cases advertise what you are carrying.
- Don’t leave your laptop in your car. If you have no choice, make sure that your laptop is completely hidden.
- Don’t leave you laptop for “just a minute.” Take it with you if you can or at least use a cable to lock it.
- Pay close attention in airports especially when you go through security.
- If your laptop has been stolen while you’re out of town report it immediately to the local authorities.
If your laptop that contains University Confidential or Legally Restricted Data has been stolen or compromised contact Information Technology Security immediately at (585) 273-1804 for University departments or (585) 784-6115 for Medical Center departments.

Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Has Your Computer Been Infected?
Click here for a PDF version of this tip that can be printed as a poster.

Chances are you have received an email or had a free antivirus scan pop-up on your screen. Scammers and identity thieves are exceptionally good at identifying new opportunities and one area they have been dabbling in recently is the antivirus and anti-spyware market.

There are many criminals who are now selling, or even giving away, software that would appear to offer essential protection to those who surf the net. In reality, many of the programs do not function at all, or are designed to infect and spread the malicious codes they were supposed to protect against.

What Should I do?
- Never click on pop-up advertisements. Not even to close them. This may cause trouble.
- Only open an email attachment if you are POSITIVE about the source.
- If you land on a website and see a warning from Google about its content, pay attention and leave the website.
- If you aren’t sure if a product is legitimate, search the name on Google to verify its authenticity.
- Only buy anti-virus and anti-spyware products from reputable companies. Remember that scam artists will often use names that make their sites or products appear to be from reputable vendors.
- Remember your home computer needs antivirus protection just as much as your computer at the University does.
- NOTE: The University provides FREE antivirus software to all University students and employees. Download the latest version of Sophos here.
Check out this list of rogue/fake anti-virus and anti-spyware products.

Our archive of past "Security Tips of the Week" is available for your information.
Back to top...

Protect Your Data

Passwords are the key to your data
Click here for a PDF version of this tip that can be printed ans used as a poster.

Create a password that is easy to remember, but hard for anyone else to guess.

When choosing a password:
- Don't use passwords based on personal information that may be easily accessed or guessed.
- Don't use words in any dictionary of any language.
- Develop a mnemonic for remembering complex passwords.
- Create passwords with uppercase, lowercase, and capital letters.
- Also use a combination of letters, numbers, and special characters.
- Use different passwords on different systems.
Visit http://www.rochester.edu/it/security/yourself/passwords.php for more information about strong passwords, and to try the password checker to test the strength of your password.
Back to top...
Desktop Encryption
What is it?

Encryption protects data on all areas of your computer’s internal hard disk from unauthorized access. Once encrypted, if your desktop or laptop should be stolen or misplaced, the computer’s data will not be accessible. This protects individuals who may have sensitive information stored on your computer system, and protects the University by ensuring sensitive and confidential data are not released to unauthorized personnel.

Any laptop or desktop that contains or has ever contained social security numbers or other personal identifying information such as an employee’s home address, phone number, birth dates or personal email address must be encrypted.

If you have more questions, please reference:

University departments:

http://www.rochester.edu/it/encryption/faqs.php.

Medical Center:

http://intranet.urmc-sh.rochester.edu/InfoSystems/
HelpResources/Security/FullDiskEncryption.asp

How do I get my computer encrypted?

As part of a University-wide program to improve data security, University Information Technology and the Information Systems Division have been deploying full disk encryption for designated departments that handle high-risk sensitive data.

If your computer needs to be encrypted…

Windows XP, 2000, 2003, and Vista users
- University departments - call the IT Center at 275-2000.
- Medical Center - call the ISD Help Desk at 275-3200
Macintosh Users
- Use the File Vault application included with OS X to encrypt your computer.
Back to top...
Remote Access Using VPN
When you are off campus and need to access email or other University restricted resources, you should use VPN (Virtual Private Network). VPN provides a secure connection between your off campus computer and University resources while using the Internet.

Please reference the following links for additional information about how to use VPN for remote access:

http://www.rochester.edu/it/vpn for College and University

http://www.rochester.edu/it/vpn/medcenter for the Medical Center
Back to top...
Backing up Your Data
Click here for a PDF version of this tip that can be printed as a poster.

Many people rely on computers to store important information. If this sounds like you, then be sure to back up your data in case of computer theft or malfunction.

You should:
- Backup information that cannot easily be replaced, such as email, address books, bookmarks, personal projects, documents, and digital photographs.
- Backup to removable media, such as an external hard drive.
- Store backup media in a secure location. A good place is a fire proof safe or safety deposit box. Since the media is a collection of your most important information. It is a goldmine for someone looking to steal it.
- If sensitive or confidential data is contained within your backups, use additional protection measures.
- Remember: Under the University’s recently approved SSN-PII policy, any file containing SSN must be stored either in the University Data Center or in encrypted form or in another secure manner that is approved by a University Privacy Officer. This includes backup media that contain SSN. The same rules apply to electronic Protected Health Information under URMC HIPAA policy 0S8.
Visit http://www.rochester.edu/it/security/data/backups.php for more information on backing up your important digital data.
Back to top...
Seven Practices for Safer Computing
1. Protect your valuable personal information
Your Personal Identifiable Information (PII) can provide identity thieves instant access to your financial accounts, credit record, and other assets. Since anyone can be a victim of identity theft, here’s how to stay safe:
2. Know who you’re dealing with
Unfortunately, you must be aware of dishonest people on the internet. Before doing business through an unfamiliar site, do your research.
File-sharing allows access a breadth of information, music, games, and software. It is also opens up your computer to a large amount of harmful viruses and malware. For important information, visit http://www.rochester.edu/it/security/yourself/file-sharing.php .

3. Use security software that updates automatically
To prevent your computer from being taken over by malware and/or spyware, you should have, at minimum, anti-virus and anti-spyware software, and a firewall. Make sure that your security software is up to date by setting the preferences so that your software updates automatically.

4. Learn about the security features of your operating system and Web browser
Hackers take advantage of web browsers, such as Internet Explorer, and operating system software, such as Windows, that don’t have the latest security updates. It is critical to set your operating system and Web browser software to automatically download and install company-issued security patches.

Another way to protect yourself from hackers is to disconnect your computer from the internet when you’re not using it.

5. Protect your passwords
Keep your passwords in a secure place and don’t share them with anyone. Visit http://www.rochester.edu/it/security/yourself/passwords.php for more information on password protection.

6. Back up important information
No system is completely secure. Any important information should be backed up on some sort of removable memory, such as a CD, external hard drive, or flash drive, and stored in a safe place.

7. Know what to do in an e-mergency

If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. The malware could be sending your information to identity thieves. Contact the appropriate authorities, such as the FBI or the Federal Trade Commission, concerning any suspicions of identity theft or fraud.

Click here for a PDF version of this tip that can be printed and used as a poster.

Back to top...
Wireless Security
Click here for a PDF version of this tip that can be printed and used as a poster.

Wireless Internet access offers convenience and mobility but the downside is anyone with a wireless-ready computer can use your connection. Unless you take certain precautions, neighbors, or hackers lurking nearby, could “piggyback” on your network, or even access your personal information. If an unauthorized person uses your network to commit crimes or send spam the activity can be traced back to your account. Here are the following steps you should take to protect your computers on a wireless network:
- Use encryption to scramble communications over the network. If you have a choice, use WiFi Protected Access (WPA) as it is stronger than Wired Equivalent Privacy (WEP).
- Use anti-virus and anti-spyware software, as well as a firewall on both your computer(s) and router.
- Change the identifier on your router from the default so a hacker can't use the manufacturer's default identifier to try to access your network.
- Most wireless routers have a mechanism called identifier broadcasting. Turn it off so your router won't send a signal announcing its presence.
- Change your router's pre-set password for administration to a passphrase or series of letters, numbers and symbols that only you know. The longer the password, the tougher it is to crack.
- Allow only specific computers to access your wireless network using MAC address filtering.
- Turn off your wireless network when you aren’t using it.
- Don't assume public "hot spots" are secure. You should assume other people can access any information you see or send over a public wireless network.
Back to top...
Lock Your Computer Screen
Click here for a PDF version of this tip that can be printed and used as a poster.

Your computer screen is the way you view all of the information on your computer. It takes only a few seconds to secure your computer and discourage malicious individuals from snooping through your files. Lock your computer screen every time you leave your desk.

Here are the ways to secure your computer.

Windows:
1. Click Ctrl+Alt+Delete
2. Select "Lock Workstation"
3. This will bring up your login screen and lock your computer down.
4. To log back in, type Ctrl+Alt+Delete if necessary, and type in your username and password.
Windows XP shortcut: Click the Windows key (the flying window key at the bottom of the key board) and the L key. This will bring up your login screen and lock your computer down

Mac:
1. Open System Preferences.
2. Click on the Security icon.
3. Check Require password to wake this computer from sleep or screen saver.
4. Return to System Preferences and choose the Desktop and Screen Saver icon.
5. Select the Screen Saver tab.
6. Set the amount of time you want to pass before the screen saver starts.
7. Click on the Hot Corners button to set the corner you want to move the mouse to for the screen saver to start instantly.
Back to top...
SSN Registration
This is a reminder to University Faculty and Staff to continue to register Social Security Numbers (SSN).

After the June 30, 2009 deadline, a security breach, loss or potential illegal disclosure of Social Security Numbers that have not been registered will result in financial liability for the department(s) responsible for managing the data.

SSN Registration is an ongoing policy at the University. If changes to a current collection are made, update and register the changes. Be sure to register any new collections.

It is University Policy that all Social Security Numbers (SSN) are registered using the SSN registration form.

For more information on the SSN Registration and SSN Policy visit:
Our archive of past "Security Tips of the Week" is available for your information.

Back to top...

Protect Yourself

Don't get hooked by a Phishing expedition
If you are ever asked to click on an email link to provide security or personal information, use extreme caution! Most of these request types are actually "phishing scams" to obtain your secure information. Lenders, brokerages, and banks would never ask for confidential information via e-mail as it is not a secure method. If you have a question, call the business entity and ask. They can confirm appropriate information requests.
Visit http://www.rochester.edu/it/security/yourself/phishing.php for more information about Phishing.

Back to top...
Identity Protection
Click here for a PDF version of this tip that can be printed as a poster.

Awareness is an effective weapon against identity theft.
- Become aware by learning how information is stolen and what you can do to protect yourself. Learn about how idenity theft can happen here.
- Monitor your personal information to uncover problems quickly and know what to do when you suspect your identity has been stolen.
- Your Social Security Number is a prime target for identity thieves. Only give out your Social Security Number and other personal identifying information when absolutely necessary.
- Many places use Social Security Numbers for user identification. Ask to use an alternate number if possible.
- Do not print your Social Security Number on personal checks.
- Do not carry your Social Security card with you.
Make identity thieves' jobs more difficult by arming yourself with knowledge on how to protect your identity and take action.

Visit http://www.rochester.edu/it/security/yourself/id_theft2.php for more information about Identity Theft and Protection.
Back to top...
National Consumer Protection Week
March 1 - 7, 2009 is the 11th Annual National Consumer Protection Week. This year's campaign is Nuts and Bolts: Tools for Today's Economy, which is intended to highlight consumer education efforts across the nation. Information can help people get the most for their money, whether they are trying to stretch their paychecks, find a quick fix for a spotty credit history, or tell the difference between a real deal and a potentially fraudulent product or service.

Visit the National Consumer Protection Week website (http://www.consumer.gov/ncpw/) to get the information needed to make informed decisions in today’s marketplace.
Back to top...
Social Security Number and Personal Identifying Information
In January, 2009, the University adopted a formal policy on the collection, maintenance and distribution of Social Security numbers (SSN) and Personal Identifying Information (PII). The policy specifies how to protect Social Security Number and employee Personal Identifying Information, which includes such things as employee home address and home telephone number, as well as employee SSN.
- The policy applies to any medium – paper, microfiche, electronic, etc.
- The first protection step is to reduce the number of places sensitive data is stored. By being thoughtful about what really needs to be retained, and then consolidating storage locations from individual offices to a departmental office or to the University’s Official Repository for that data (see new Data Retention Policy), the risk of exposure can be greatly reduced.
- Leverage the "Clean and Go Green" initiative as a way to clear out unnecessary collections of SSN and PII.
- As you dispose of unneeded copies of SSN and PII, you must do so in a manner that makes the data unreadable and unrecoverable.
- If you decide that you need to retain a particular data collection containing SSN, you must register the collection with a Privacy Officer of the University. This registration is to be completed by June 30, 2009.
Where can I get help?

Information concerning the SSN and PII policy is located at http://www.rochester.edu/its/policy/SSN-PII/

If you still have questions, or would like a University Privacy Officer to attend one of your staff meetings to discuss this topic, please call:

University-wide
273-1804
Medical Center specific
275-7059
Back to top...
Physical Safety
Do you know how to contact UR Security? Who to call in the event of an emergency? Report a crime, parking lot incident, or strange occurrence?

Look to the back of your ID badge!

Important University Emergency Phone Numbers: This will connect you to a University Security Emergency Dispatcher
- Dial x13 From Any University Phone
- Dial #413 From Any AT&T or Verizon Cell Phone. Program your AT&T or Verizon cell phone to call #413 for University emergencies. It works anywhere in Monroe County.
- Use x13 or #413 to report University emergencies - dialing 9-1-1 will not provide your exact location and may hinder assistance.
Not Inside or Without Your Cell Phone? Pick up a Blue Light Emergency Phone:
- Pick up a Blue Light Emergency Phone receiver and to be connected to an emergency dispatcher. No dialing is required. If you are being followed, simply drop the receiver and walk toward another blue light emergency phone, repeat and keep walking – the emergency dispatcher will know your direction of travel and dispatch assistance.
- Picture of a Blue Light Emergency Phone: http://security.rochester.edu/emerg.html
- Using x13, #413 and the Blue Light Emergency Phones will provide emergency services, including UR Security, Rochester Police, Ambulance and Fire Department.
Important Non-Emergency Phone Numbers:
- Call UR Security: Dial 275-3333 for non-emergency issues.
- Call University Operators: Dial “0” from any University phone, or dial 275-2121 or 275-2100 from any non-University external phone
For more information, see UR Security’s http://www.security.rochester.edu/safe.html
Back to top...
Copyright and File Sharing
Did you know the University receives hundreds of copyright infringement notifications for students, faculty and staff? These notifications can lead to disconnection from the Internet and fines for students. Notifications pertaining to staff members are passed to their managers for the first offense, and Human Resources for subsequent offenses. Staff members have been dismissed for copyright infringement violations. Faculty members have the first notification passed to their department chair, second notifications are passed to the department chair and the Dean’s Office.

Do not utilize University networks to download or share illegally obtained copyrighted materials. There are many alternatives to illegal file sharing. Please visit http://www.rochester.edu/its
/security/yourself/file-sharing.php for more information concerning copyright and file sharing and to explore links for legal music and movies.

When you connect to the University using VPN, for example from home or coffee shop or conference site, your computer is subject to the same rules and regulations as a computer located at work.
Back to top...
10 Scams to Screen from Your Email
Email users have lost money to bogus offers that arrived as spam in their inbox. Con artists are very cunning; they know how to make their claims seem legitimate. Some spam messages ask for your business, others invite you to a website with a detailed pitch.

To help minimize your risk:
- Protect your personal information. Only provide your credit card or other personal information when you're buying from a company you know and trust.
- Know who you're dealing with. Don't do business with any company that won't provide its name, street address, and telephone number.
- Never give confidential information to an unknown person over the phone, no matter what they seem to know about you. Even if the call seems legitimate, tell the caller that you will call them back via a telephone number that you can verify independently, such as a number listed in a telephone directory
- Take your time. Resist any urge to "act now" despite the offer and the terms. Once you turn over your money, you may never get it back.
- Read the small print. Get all promises in writing and review them carefully before you make a payment or sign a contract.
- Never send money for a "free" gift. Disregard any offer that asks you to pay a fee for a gift or prize. Free means free.
Some of the more common scams include:
Visit http://onguardonline.gov/spam.html for more information about these scams, or http://www.rochester.edu/uit/security/data/e-mail.php for more information concerning email safety.
Back to top...
Online Shopping
Click here for a PDF version of this tip that can be printed ans used as a poster.

Shopping on the Internet can be economical, convenient, and as safe as shopping in a store or by mail, especially if you follow these tips:
- Know who you're dealing with.
  - Be sure the company has a physical address and phone number.
  - If the company is new to you, research them at the Better Business Bureau online (http://www.bbbonline.org).
  - Check the company's website for customer feedback.
- Know exactly what you're buying.
  - Read the seller's description of the product closely, especially the fine print.
- Know what it will cost.
  - Factor shipping and handling — along with your needs and budget — into the total cost of the order.
- Pay by credit or charge card, for maximum consumer protection.
  - The safest way to shop on the Internet is with a credit card. In the event something goes wrong, you are protected under the federal Fair Credit Billing Act. You have the right to dispute charges on your credit card, and you can withhold payments during a creditor investigation. When it has been determined that your credit was used without authorization, you are only responsible for the first $50 in charges.
  - Obtain one credit card that you use only for online payments to make it easier to detect wrongful credit charges.
  - For more information on credit card consumer protections, see http://www.privacyrights.org/fs/fs32-paperplastic.htm#3
  - Always read the privacy statement before you fill in the blanks.
- Use secure web sites
  - Always verify that the site is using encryption before you submit any information — look for https in the web address and for a padlock or key in the lower right corner of your browser.
- Don't send personal information (Social Security number, credit card number, etc.) in an email or through instant messaging.
- If you are required to set up an account, do not use a password that you are using elsewhere.
- Carefully examine any SSL certificate errors.
  - Never enter a password, or other personal information, into a site that does not show https.
- Check out the terms of the deal, including refund policies and delivery dates.
- Print and save records of your online transactions.
- Consider using an escrow service, such as http://escrow.com.
  - This can reduce the potential risk of fraud by acting as a trusted third party that collects, holds and disburses funds according to Buyer and Seller instructions. There is generally a fee associated with using a service such as this.
More information about safe online shopping can be found at http://www.onguardonline.gov/topics/online-shopping.aspx.

Back to top...
Five Ways to Protect against Identity Theft
Identity theft occurs when someone uses your name, Social Security number, credit card number, or some other piece of your personal information for financial gain. Thieves often use this information to apply for a credit card, make unauthorized purchases, gain access to your bank accounts, or obtain loans under your name.

Five tips to help protect your identity:
1. When you order checks, instead of your first name, have only your initials and last name put on them. If someone takes your checkbook, they will not know how you sign your checks. But your bank will know.
2. Do not sign the back of your credit cards. Instead put "PHOTO ID REQUIRED".
3. When writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four digits.
4. Don't list any telephone number on your checks. You can always write it on the check at the time of the transaction. If you have a PO Box, use that instead of your home or work address.
5. Place the contents of your wallet on a photocopy machine. Copy both sides of each license, credit card, etc. If your wallet is ever stolen, you will have a record of all the account numbers and phone numbers when you call to cancel your cards. Store in a secure place and update the copies when you change cards.
More information about Identity Theft can be found at http://www.rochester.edu/it/security/yourself/id_theft2.php.

Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Five Safe Email Practices
Although many people think of email as being an "electronic letter," it's actually more like a postcard that can be read by any number of people along the route between sender and recipient. It can be easily forged and does not afford privacy. Because email is not secure, here are important tips to keep in mind when emailing:

1. Confidential Information
- Never put anything in an internet-based email you're not willing to share with the world.
- Beware of emails that attempt to lure you into divulging personal information.
- Never click links in a message that request personal or financial information.
For more information about phishing, visit http://www.rochester.edu/it/security/yourself/phishing.php.

2. Attachments

Attachments require special attention since even ones coming from friends' computers could contain viruses. Following these tips can help lower the chance of infecting your computer:
- Minimize the use of attachments as much as possible.
- Question unsolicited file attachments.
- Never open attachments from unknown sources or even from trusted senders if you weren't expecting them.
- Question executable (.EXE) programs received via email.
3. Strange Messages
- Examine your list of new messages carefully before you open them.
- Don't reply to unsolicited "spam" mail, or other harassing or offensive email.
- Disable the preview feature in email programs such as Outlook Express. This feature can allow you to unknowingly execute the code in an infected email. To turn off the Preview Pane in Outlook Express, go to the top menu bar > View > Reading Pane > Off.
4. Infected Files

If you receive an infected file from a friend, you should notify them as soon as possible. Do this if you know the person and are certain that the originating email address is accurate. This helps the sender correct the problem within their system before passing the virus on to others.

5. Antivirus Software

Having up-to-date antivirus software installed on your computer is critical. This will help protect your machine and the machines of others on the internet.

For more information about antivirus protection for your computer, visit http://www.rochester.edu/it/security/computer/antivirus.php.

Back to top...
Pharming
Click here for a PDF version of this tip that can be printed and used as a poster.

What is pharming?

Pharming is a hacker's attack to redirect a legitimate website's traffic to a bogus website where a user can be fooled into entering sensitive data such as a password, bank account or credit card number. Once personal information has been entered at a fraudulent website, criminals have the information they need for identity theft. Pharming can be conducted either by changing the host’s file on a victim’s computer or by exploiting a vulnerability in domain name server (DNS) software.

Take these simple precautions to protect yourself from pharming:
- Before clicking on a link in a browser window, place your mouse over the link and check the link's address that's displayed in the bar at the bottom left of the window
- Confirm that a website has a valid certificate of authority, from a service such as VeriSign, which matches the site's name before you enter any personal data.
- Only use a secure web site when submitting credit card or other sensitive information via the web browser. The beginning of a secure web site address should read “https”. The ‘s’ on the end of http signifies it is a secure site.
- Avoid completing forms in email messages that ask for personal financial information.
- Change the default password that came with your wireless router to your own unique, strong password.
- Make sure your browser is up to date and security patches are applied.
- Regularly check bank, credit card, and debit card statements to ensure all transactions are legitimate.
If you believe that you have been a victim of pharming, notify the Internet Fraud Complaint Center (IFCC) of the FBI by filing a complaint on the IFCC’s web site: www.ifccfbi.gov.

Back to top...
Four Steps to Take if Your Identity is Stolen
Click here for a PDF version of this tip that can be printed and used as a poster.

If you are a victim of identity theft, take the following four steps as soon as possible, and keep a record with the details of your conversations and copies of all correspondence.

1. Place a fraud alert on your credit reports, and review your credit reports.
Fraud alerts can help prevent an identity thief from opening any more accounts in your name. Contact the toll-free fraud number of one of the three consumer reporting companies on www.annualcreditreport.com to place a fraud alert on your credit report. The company you call is required to contact the other two, which will place an alert on their versions of your report, too. The Fair Credit Reporting Act guarantees you access to a free credit report from each of the three nationwide reporting agencies every twelve months.

2. Close the accounts that you know, or believe, have been tampered with or opened fraudulently.
Call and speak with someone in the security or fraud department of each company. Follow up in writing, and include copies (NOT originals) of supporting documents. Send your letters by certified mail, return receipt requested, so you can document what the company received and when.

Once you have resolved your identity theft dispute with the company, ask for a letter stating that the company has closed the disputed accounts and has discharged the fraudulent debts to have proof if errors relating to this account reappear on your credit report.

3. File a complaint with the Federal Trade Commission.
This will provide important information that can help law enforcement officials across the nation track down identity thieves and stop them.

You can file a complaint with the FTC using the online complaint form; or call the FTC's Identity Theft Hotline, toll-free: 1-877-ID-THEFT (438-4338); TTY: 1-866-653-4261; or write Identity Theft Clearinghouse, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Be sure to call the Hotline to update your complaint if you have any additional information or problems.

4. File a report with your local police or the police in the community where the identity theft took place.
Call your local police department and tell them that you want to file a report about your identity theft. Ask them if you can file the report in person. If you cannot, ask if you can file a report over the Internet or telephone.

Visit the FTC's Defend site for more information.

Back to top...
11 Ways to Prevent Email Spam
Click here for a PDF version of this tip that can be printed and used as a poster.
1. Use more than one email address: one for personal email and the other for mandatory fields in online forms and access areas.
2. Never post your real email address anywhere online, especially in newsgroups, online chat rooms and online profiles.
3. Always check the privacy policy of any website that requests personal details, such as email addresses. Do not submit your information if the website does not allow you to opt out or does not have a privacy policy.
4. When you are responding via website form, read it thoroughly. Some websites that include an opt-out option usually require you to check a box that you agree to be sent email (either from them or their associates). However, some of them ask that you uncheck a pre-checked box not to be sent email and many consumers have gotten burned by that.
5. Never open email and/or download attachments from anyone if you are not expecting them and always virus scan attachments first.
6. Block future messages from unknown users, if your email client allows it.
7. Never reply to a spam email, not even to “unsubscribe."
8. Keep your operating system, anti-virus, anti-spyware and firewall software up-to-date.
9. Use any spam filters available by default from your ISP.
10. Use anti-virus software and/or firewalls on every computer you own/use. Remember that children are easy prey to the “just click here” tactic so remind them not to click.
11. Stay up to date with current scams and always report suspicious activity.
Back to top...
Log Out of Public Computers
Click here for a PDF version of this tip that can be printed and used as a poster.

To help protect yourself, and your data, please remember to log all the way out of your accounts on public computers or kiosks when you are finished using them. You are responsible for what happens while logged into your username. If the person before you forgot to log out, be courteous and log out for them. To log out of the Public Kiosks, follow the directions on the kiosks’ desktop.
The University of Rochester has taken the necessary steps to make each of the public stations safe for your use. It is up to you to take other precautionary measures to stay safe when using public computers.
- Don’t save any of your login information including usernames and passwords.
- Be aware of potential over-the-shoulder snoops.
- Don’t leave the computer unattended with sensitive information on the screen.
- Don’t enter sensitive information into a public computer like your social security number or any banking information.
- Delete browser history before leaving a public station.
Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Don't Fall for Phishing Schemes
Click here for a PDF version of this tip that can be printed and used as a poster.

Could you tell if an email message requesting personal information was legitimate? In most cases you can trust your instincts, if an email message looks suspicious, it probably is. However there are some messages that look like the real thing but aren't. If an email message contains any of the following phrases, there's a good chance it could be a phishing scheme.

Do you know how to spot a phishing email?
It could be a phishing email if...
- There are misspelled words in the e-mail or it contains poor grammar.
- The sender's name doesn't seem related to the sender email address.
- The message is making you an offer that is too good to be true.
- The message is asking for personally identifiable information, such as credit card numbers, account numbers, passwords, PINs or Social Security Numbers.
- There are "threats" or alarming statements that create a sense of urgency. For example: "Your account will be locked until we hear from you" or "We have noticed activity on your account from a foreign IP address."
- The domain name in the message isn't the one you're used to seeing. It's usually close to the real domain name but not exact. For example:
How good are you at spotting phishing emails? Test your knowledge with these quizzes.
Back to top...
Social Networking Safety
Click here for a PDF version of this tip that can be printed and used as a poster.

Social networking web sites like MySpace, Facebook, Twitter, and LinkedIn are services you can use to connect with others to share information like photos, videos, and personal messages. As the popularity of these social sites grows, so do the risks of using them. Hackers, spammers, virus writers, identity thieves, and other criminals follow the traffic.

Protect yourself and your privacy online by being…
…proactive:
- Understand the privacy policy for any social networking site you plan to use.
- Customize your privacy settings to restrict access to only certain people; the default settings for some sites may allow anyone to see your profile.
- Limit the amount of personal information you post, especially information that would make you vulnerable, such as your address or information about your schedule or routine.
- Be considerate when posting information, including photos, about your friends.
- Accept ‘friends’ on a social network selectively; identity thieves create fake profiles in order to get information from you.
- Protect your account with passwords that cannot easily be guessed.
…aware:
- Once you post information online, you can't delete it. Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums.
- Don't trust that a message is really from who it says it's from. Hackers can break into accounts and send messages that look like they're from your friends, but aren't. If you suspect that a message is fraudulent, don’t open it.
- Don't believe everything you read online. People may post false or misleading information. Take appropriate precautions and verify the authenticity of any information before taking any action. Treat links in messages on these sites as you would links in email messages.
- Be careful about installing extras on your site. Many social networking sites allow you to download third-party applications that let you do more with your personal page. Criminals sometimes use these applications to steal your personal information.
…responsible:
- When at work, follow your department's guidelines regarding the use of social networking sites.
- Talk to your kids about social networking. If you are a parent of a child who uses social networking sites explain what information is private, what pictures are okay to post, and how to decline requests to meet people.
- Use and maintain anti-virus software. Antivirus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage.
Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Staying Safe with Skype
Click here for a PDF version of this tip that can be printed as a poster.

Skype is a software application which allows users to instant message, voice chat, and share files with other Skype users.
- Never use Skype to transfer University files, including documents and data files, and never accept documents from others.
- Skype cannot be used for University conversations that contain confidential information.
- University IT does not condone the use of Skype.
Services like Skype open unsuspecting users to viruses, hackers, and identity thieves. To stay safe while using Skype do the following:
- Read Skype’s Privacy Policy to understand Skype and what you can or cannot do
- Read Skype's Online Safety Web Page
  - Create a strong and unique password
  - Always use antivirus software
  - Keep Skype up-to-date
  - Update Skype’s privacy settings
  - Do not authorize people whom you do not know and/or do not want to talk to
  - Remember:
    - The public parts of your profile can be seen by everyone on Skype
    - Don’t put things in your profile that you wouldn’t normally share with strangers
    - You don’t have to complete your profile and can modify it at any time
  - Never respond to emails that request your credit card details
  - Know how to protect yourself against:
    - online fraud, spam and viruses
    - phishing
  - If you think your account has been compromised, change your password immediately
Visit http://www.rochester.edu/it/security/yourself/passwords.php for more information about strong passwords, and to try the password checker to test the strength of your password.
Back to top...

Create a Strong Password You Can Remember

Click here for a PDF version of this tip that can be printed as a poster.

Strong passwords are important protections to help you have safer online transactions. An ideal password is complex, has 14 + characters, and contains letters, punctuation, symbols, and numbers.

There are many ways to create a long, complex password. Here is one way that may make remembering it easier:

What to do	Example
Start with a sentence or two (about 10 words total).	I hate snow. I much rather be at the beach. (10 words)
Turn your sentences into a row of letters.	ihsimrbatb (10 characters)
Add complexity.	IHSimrbATb (10 characters)
Add length with numbers.	IHS75imrbATb (12 characters)
Add length with punctuation.	!IHS75imrbATb (13 characters)
Add length with symbols.	!IHS75imrbATb#(14 characters)

Test Your Password Strength
If you aren’t sure about how strong your password is use a secure password checker.

Things to keep in mind when creating a password:

Use the entire keyboard, not just the most common characters. - Symbols typed by holding down the "Shift" key and typing a number are very common in passwords. Your password will be much stronger if you choose from all the symbols on the keyboard, including punctuation marks not on the upper row of the keyboard, and any symbols unique to your language.
Avoid using any personal information - Any novice hacker can easily find out your full name, the names of your spouse or children, your pets, or your favorite sports teams. Never choose a password that has anything to do with you personally.
Don’t use real words - You shouldn't use any actual word that can be found in a dictionary as well as words spelled backwards, common misspellings, and abbreviations. Passwords like that can be easily cracked by password software.
Avoid common sequences or repeated characters - Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
Use a password management tool – The main reason that users choose passwords that are easy to crack is that they want to choose passwords that are easy to remember. If you have many passwords that you have a hard time remembering using a password management tool you only have to remember one password. L
Keep your passwords safe – Learn how here.

Read an article about common passwords that hackers love here.

Visit http://www.rochester.edu/it/security/yourself/passwords.php for more information on creating secure passwords.

Top 10 Scams and Rip-Offs of 2009
The Better Business Bureau has released the top 10 Scams and Rip-offs of 2009. These include:

1. Acai Supplements and Other “Free” Trial Offers

2. Stimulus/Government Grant Scams

3. Robocalls

4. Lottery/Sweepstakes Scam

5. Job Hunter Scams

6. Google Work from Home Scam

7. Mortgage Foreclosure Rescue/Debt Assistance

8. Mystery Shopping

9. Over-Payment Scams

10. Phishing e-mails/H1N1 spam

Further information about each of these scams can be found by clicking here.

Remember - consumers or small business owners victimized by a scam can contact their local Better Business Bureau or file a complaint at www.bbb.org. Always research a business with the Better Business Bureau before you sign any contracts or hand over any money.

Our archive of past "Security Tips of the Week" is available for your information.

Back to top...

Did You Know?

Backscatter
If you’ve got questions, we’ll find the answers. Once a month, the University Security & Policy team will answer your information security questions in a new Security Tip of the Week feature called Did You Know? Please email your questions to UnivIT_SP@ur.rochester.edu.

Have you ever received an email informing you that a message was not delivered, but you never sent the message in the first place?

These “bounce back messages” fall under the category of unwanted email called backscatter and are the result of your email address being forged as the sender of spam messages.

Unfortunately, there is no way to avoid receiving these messages and no way to prevent your email address from being forged. However, by limiting where you post your email address online and giving it only to people and businesses you trust, you can reduce the risk that your address will be harvested by someone looking to use it for malicious purposes.

For more information, see our page on forged email.

Back to top...
The Case of the Cyber Criminal
What type of free software may include spyware?

Do you know the answer? Test your knowledge by playing The Case of the Cyber Criminal from OnGuard Online. Here you can test your cyber smarts with any of the interactive quizzes on everything from spam and spyware to phishing and file-sharing.

Back to top...
Finding more security information on Facebook
You can get the latest news, tips, and computer store promotions from University Information Technology by becoming a fan on Facebook at http://www.facebook.com/pages/University-of-Rochester-Get-Technology/101063014272

Our weekly security tips will continue to be posted to http://www.wdev.rochester.edu/it/security/securitytipofweek.php as well as to our Facebook page.

Back to top...
Security Awareness Month
It’s that time of year again! October is Security Awareness Month. Over the next month we will run a series of Information Technology security-based quizzes on Blackboard. Answer the questions right and you will get entered to win one of four iTunes giftcards. Also be on the look out for our latest security campaign posters around campus. To stay up to date on what University IT has in store become a fan of us on Facebook and look for the Security Tip of the Week every week in the Weekly Buzz and @Rochester.

Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Enter to Win $100 Giftcard
Win a $100 iTunes Giftcard...

…by becoming a “fan” of University IT on Facebook.

Become a fan of University of Rochester – Get Technology on Facebook for valuable tips on keeping your computer safe and secure, campus technology updates, and Computer Store promotions and specials. We're here to help you be in the know when it comes to technology at the University and staying secure online!

Become a fan* by the end of October and you will be entered in a drawing for a chance to win a $100 iTunes gift card. Join us today

*Faculty and Staff please follow your department's guidelines regarding use of social networking sites.

Contest ends 12:00 Noon on October 30, 2009.

Back to top...
National Cyber Security Awareness Month
October marks the sixth annual National Cybersecurity Awareness Month sponsored by the Department of Homeland Security. The theme for National Cybersecurity Awareness Month 2009 is “Our Shared Responsibility” to reinforce the message that all computer users, not just industry and government, have a responsibility to practice good “cyber hygiene” and to protect themselves and their families at home, at work and at school.

Americans can follow a few simple steps to keep themselves safe online. By doing so, you will not only keep your personal assets and information secure but you will also help to improve the overall security of cyberspace.

It is Our Shared Responsibility to stay safe online.

How You Can Contribute to Cybersecurity Awareness?

Take Action
- Make sure that you have anti-virus software and firewalls installed, properly configured, and up-to-date. New threats are discovered every day, and keeping your software updated is one of the easier ways to protect yourself from an attack. Set your computer to automatically update for you.
- Update your operating system and critical program software. Software updates offer the latest protection against malicious activities. Turn on automatic updating if that feature is available.
- Back up key files. If you have important files stored on your computer, copy them onto a removable disc and store it in a safe place.
Educate - Find out what more you can do to secure cyberspace and how you can share this with others.
- Review past weekly security tips with your family.
- Print and post these security tips near your computer and network printers each week.
- Use regular communications in your business—newsletters, e-mail alerts, Web sites, etc.—to increase awareness on issues like updating software processes, protecting personal identifiable information, and securing your wireless network.
Cybersecurity Awareness Events 2009

University of Rochester Information Security has a number of activates planned to help increase awareness across campus. Please visit http://www.rochester.edu/it/security/cyberawareness.php for more information about our contests and events.

Cybersecurity Resources
- The U.S. Computer Emergency Readiness Team (US-CERT) offers safety tips, incident reports, and the latest cyber alerts.
- The National Cyber Security Alliance (NCSA) is a collaborative effort among experts in the security, non-profit, academic, and government fields to teach consumers, small businesses, and members of the education community about Internet security by providing free tips, checklists, and best practices for remaining safe while online.
- The Multi-State Information Sharing and Analysis Center (MS-ISAC) comprises members of all 50 states, local governments, and U.S. territories and districts, and provides downloadable awareness materials including newsletters, posters, bookmarks, and briefings.
- The Federal Trade Commission's OnGuard Online Web site provides practical tips and downloadable print and Web materials about how to avoid Internet fraud and how to protect personal information.
Back to top...
DMCA Notices
How many DMCA notices has the University received so far this year?

Between August 1st and October 31st 2009 the University has received 232 illegal file sharing notifications form copyright holders. University IT has sent 148 first notifications to students, 3 to employees, and has disconnected 39 network connections.

Each week we update the DMCA statistics on our Facebook page, www.facebook.com/UR.Technology.

DMCA (Digital Millennium Copyright Act) was passed by Congress in October 2008 to provide legal protection of copyrighted material. The purpose of copyright is to protect the rights of the creators of intellectual property. Copyright holders have the sole right to copy, modify, and distribute their works. Therefore copyright helps to prevent the unauthorized use or sale of these works.

If the University receives a complaint against you from the Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), or other copyright holding associations, you will be notified by email. For each complaint filed against you, there will be escalating consequences:
- 1st complaint- Students will receive a warning from University IT and an informal letter of warning from the Dean of Students Office. Employee's supervisor will notified of the violation.
- 2nd complaint- Students will have your NetID account suspended, there will be official disciplinary action from the Dean of Students' Office (most likely disciplinary probation and community service), and incur a $150 NetID reconnection fee. Human Resources and the employee’s supervisor will be notified and appropriate actions will be taken.
After the second complaint, there may be other actions taken. Here are a few court cases that made the news this year.
- Court orders Jammie Thomas to pay RIAA $1.92 million
- BU student ordered to pay $675,000 in downloading case
Our archive of past "Security Tips of the Week" is available for your information.

Back to top...
Gadgets May Come Preloaded with Viruses
Did you know some of today's hottest gadgets may be preloaded with viruses?

Apple iPods, flash/thumb drives, digital picture frames, and TomTom navigation gear have all been guilty of harboring viruses fresh out of the package in the past. The viruses on these devices can steal passwords, open doors for hackers or make computers targets for spam attacks.

How to protect your computer:
- Keep your antivirus software up to date
- Scan It! - Any time you plug in a new device, like a memory card, digital picture frame, mp3 player or navigation device, into your computer be sure to perform a virus scan on it before you run any programs associated with it
- Disable AutoRun - AutoRun allows executable files on a drive to be run automatically when that drive is accessed. By disabling t AutoRun you can decrease the chances of infecting your computer.
Learn how to disable AutoRun on your Windows system here.
Back to top...
National Consumer Protection Week 2010

The theme for this year's campaign is "Dollars and Sense"

Visit http://consumer.gov/ncpw to get helpful information about topics such as

Banking

Credit and Debt

Health

Identity Theft and Privacy

Investing

Money

Mortgages

Rights and Responsibilities

Scam Watch

Back to top...