- 13 Ways to Protect Your System, and Further Resources (from CU Denver OIT)
Update your operating system, Office applications, web browsers, and email program on a regular basis. Keep software programs including anti-virus, Java, Adobe PDF and Flash up-to-date.
Web browsing safety
Be EXTREMELY careful about any software you download from the Internet. Know the software's reputation first. Then, make sure that you are at the "true source" of the software before downloading. Looking carefully at the URL to make sure it makes sense for the software you are downloading can be helpful.
Be careful what websites you visit, particularly out of sites you find through web search results. Web pop-ups that say "Virus Detected" are often scams designed to get you to click OK and install what is really malware.
Frequent signs of malware infection include, but are not limited to: inability to browse the Internet, appearance of sudden unwanted browser toolbars, or an automatic change of your home page or default search engine to something you don't want or don't recognize.
HSL IT recommends the program MalwareBytes (from MalwareBytes.org) for remediating malware infections. A free trial download is available of their full product, which proactively acts to help stop malware infections which may occur over the web.
- Attachments: Don't open email attachments from unknown and suspicious sources (with odd subject lines), even if it appears to come from someone you know
- SPAM: Delete chain email and other SPAM from your inbox
- Downloading files: Be careful when downloading files from the internet - which may be linked from emails
- Links: Don't click on links or messages from unknown IM users
- Phishing: Don't fall for a phishing attack (more below)
Use Good Passwords
- Hack-proof your passwords: Cybercriminals have a lot of computing power, but you can make their attempts as difficult as possible. Stop bad password practices!
- Use phrases, not words: Longer passwords are safer passwords. Use at least 10–12 characters, words that are easily spelled but connect them in a seemingly random and nonsensical way. Don’t use popular catchphrases or phrases pertaining to popular culture like iwanttobelieve or zombieslovebrains as passwords.
- Don’t recycle passwords: Don’t use a single password for multiple accounts. Always use a unique password for every account you own. This way, even if one of your accounts gets hacked, your other accounts will remain secure.
- Don’t use anything related to you as password: This includes loved ones’ names, dates of birth, phone numbers, or anything else that anyone can see in your social networking profile. Create passwords that only make sense to you so no one else can guess what they are.
- Don’t share your passwords with anyone: Ideally, you are the only one who should know your passwords. Remember that your privacy is your responsibility.
- Make the answer to your ‘forgot password’ security question a lie or a reminder: Sites that let you change your passwords in case you forget them can be used to crack your accounts. Make the answer something really off-base from what the question is. Or make your answer just a reminder and not the exact answer. If, for instance, the security question you picked is ‘What is the name of your first pet?’, make your answer anything but your first pet’s name.
Thanks to TrendMicro.com for the ideas and tips in this article.
CU IT Services: Resetting your password
- CU IT Services will NEVER ask you for your password. Instead they will direct you to use the https://passport.ucdenver.edu site where you can reset your own password by providing personalized information to verify your identity. See security info from CU Office of Information Technology.
Protect yourself from phishing attempts: Phishing email messages, websites, and phone calls are designed to steal your credentials, in order to gain system access, steal your identity, or steal your money.
- How is phishing done? Cybercriminals install malicious software on your computer or steal personal information off of your computer. They might email you, call you on the phone and try to get you to tell them your password, or convince you to download something off of a website.
- How can I tell if an email is bad?Watch out for spelling and bad grammar. That said, many phishers create spoofs of websites that are so cleverly reproduced they are hard to tell from the real sites. Look carefully at any URLs you visit. Better yet, don't visit via links in emails, handtype the URL into your browser to visit any CU Denver web address.
- How can I tell if a link is bad? Don't click on any of the links in an unsolicited email. Instead, hover your mouse over the link (don't click!) and you should see a pop-up box that shows where the link will take you. You should be able to see if it's the right address it claims to be.
Even clicking the link from a phishing email is dangerous, as the website they have set up for phishing might install malware on your computer.
- What if they ask for my userid and password? Cybercriminals often make threats that your account will be closed if you don't provide your userID and password. CU IT Services will NEVER ask you for your password. Instead they will direct you to use the https://passport.ucdenver.edu site where you can reset your own password by providing personalized information to verify your identity. Look very carefully at the URL any email link may take you to in your browser.
- What if the email looks valid? Just because it looks like a valid email doesn't mean it's trustworthy. Cybercriminals often spoof valid websites or companies.
- Can phishing be done over the phone? Yes, phone calls can be equally deceiving so don't provide your userID or password EVER.
OIT resources on phishing: