The Top Seven Information Security Practices
Information security is everyone's responsibility. If we all do our part, we may be able to lessen the risks to campus data and computing resources. Below are seven practices you can follow to better protect yourself and the University.
Protect your password
Do not share your password or post it anywhere. Do not use dictionary words or family or department names. Change your passwords often.
Security experts estimate that millions of passwords have already been stolen. If someone guesses or steals your password, he or she can access all of the information tied to your password. This could include access to your files, confidential university information, your e-mail, your bank accounts, credit cards, and more.
If your password is stolen, you are not the only person affected. An intruder could gain entry to your system to control other machines and systems, capture information about local users, and eventually control remote systems.
It is very important to choose a strong password. Hackers use many tools, such as dictionary programs, to assist them in guessing your password.
- Do not use dictionary words, keyboard sequences, words spelled backwards, or foreign words.
- Use as many characters as allowed
- Intersperse punctuation marks or symbols
- Use a mix of upper and lower case characters
- Make your password easy for you to remember. Pick letters from a phrase that's meaningful ("Do you know the way to San Jose?" could be D!Y!KtwTSJ?)
- Never write down your password where someone could see it
- Select a unique password, not one you use for other purposes, such as your bank PIN or your password to another system.
For more information...
Protect confidential information
By law, most student information is confidential. To be safe, be cautious with any private data and store as little confidential information on your computer or in unlocked areas as possible.
Security of confidential data is of utmost importance at CSU, Chico. Be cautious with any protected data, and store as little on your computer or in unlocked areas as possible.
Do not store level 1 protected data (e.g., social security or credit card numbers) on your workstation or on your desk. Do not post social security numbers or grades in any public location or on the Internet. Confidential grade posting is possible through your WebCT course. See Faculty WebCT Resources.
When the security of personal information is believed to be breached, hundreds of hours of both university and outside staff time are involved in investigating and repairing the breach and notifying those affected.
Each faculty, staff, and student user of CSU, Chico's computer communications systems is responsible for the material that he or she chooses to send or display using the campus computing and communications resources. All data processed is considered sensitive and/or confidential. Anyone utilizing/accessing university computer systems, related data files, and information shares the responsibility for the security, integrity, and confidentiality of information. For more information see the Policy on Use of Computing and Communications Technology EM 97-18 or the revised Policy on Use of Computing and Communications Technology for Faculty 07-01.
For more information...
Update system patches, security fixes, and anti-virus software
Make sure home and office Windows machines have the latest patches and security fixes and update anti-virus software. Set your computers to have updates downloaded automatically.
Make sure home and office computers have the latest patches, security fixes, and anti-virus software. Unprotected computers can be vulnerable to outside attack and data loss, and leave the university network vulnerable to damage and failure.
To obtain the latest Windows patches and security fixes, install critical updates by visiting http://www.windowsupdate.com. If your machine is relatively up-to-date, the updates should take just minutes to install. This process is automatic on most faculty and staff PCs and Macs.
Everyone is encouraged to install a virus program and update it weekly. Campus PC users have access to McAfee virus software for state-owned computers, and Mac users should use Virex. Call the help desk at x6000 and have a technician install the software, and check http://www.csuchico.edu/itss/virus-security/index on keeping software current.
Home users are encouraged to visit AS ComputerWorks for virus software and pricing.
For more information...
Contact IT Support Services at x6000
Use secure and supported applications
Insecure applications such as Hot Bar and Kazaa can cause trouble for your computer and leave the University open to network attack.
Did you know that applications such as HotBar, Gator, Gnutella, and BitTorrent can increase e-mail spam, collect and transmit personal data, and leave your machine and the university open to network attack?
Disguised as fun add-ins or programs, these applications (known as adware and spyware) often covertly gather user information through an Internet connection, usually for advertising purposes. They are typically freeware or shareware programs and monitor your activity on the Internet. Their objective ultimately is to transmit your personal information (e-mail addresses, passwords, credit card numbers) to someone else.
Hackers distribute such software to collect user ids and passwords. Others use them to collect e-mail addresses, which they sell to spammers. Similar to a computer virus, you could unknowingly install one of these insidious programs just by clicking an enticing link on a Web site. Never download an application or click on any link about which you are uncertain.
A list of spyware programs is available here.
One application that will safely remove spyware from your computer is Spybot.
Call IT Support Services before downloading any questionable software. Additionally, ITSS only recommends and supports the software listed here.
Don't open suspicious e-mail attachments
Many viruses and worms are spread through e-mail files.
To protect your computer from viruses and worms, delete e-mail messages and attachments from unknown sources and keep your anti-virus software up-to-date.
Viruses and worms can harm your computer and files and interfere with networks and servers. Some spread by replicating and e-mailing itself to others in your address book or by copying itself over local area networks, such as KaZaa, IRC, and others.
Viruses and worms are typically spread by one of the following methods:
- E-mail messages containing an attachment with the virus or worm. You can get a virus by opening these attachments.
- Downloaded files from the Internet. When these files are opened, the virus or worm can spread on your computer.
- CD-ROMs, Zip disks and thumb drives should be scanned before opening any files on them.
For more information...
Back up your data
Protect your important information by making sure your data is backed up regularly, either remotely, or by doing it yourself.
Use a password protected screensaver to "lock" your computer when unattended, and turn off your computer at night (unless it is backed up at night and must be left on)
Turning off your computer will save energy and will protect it from outside network attack.
Use a password protected screensaver to "lock" your computer when unattended. Locking your computer's screen saver with a password is an easy way to increase the security of your system and campus resources. Visit the IT Support Services Web page for information targeted at the various operating systems.
It is also important to turn off your computer at night (unless it is backed up at night and must be left on). Turning off your computer will save energy and will protect it from outside network attack. A computer that is left on and connected to the network is vulnerable to outside hackers who could gain access to your computer and steal information and passwords.
For more information security tips and updates...
For more information or to report an incident or security breach...
ITSS Help Desk (faculty, staff) 898-6000
University Police - Threats to Personal Safety, 898-5555 or 911
Student Computing 898-HELP
Information Security Office, 898- 6212 or