Are You Covered? Safeguard Your Computer, Your Information, and Your Identity
Recent, widely-reported security compromises, such as the Zotob worm that affected many major media outlets, and a “phishing” scam that sent tens of thousands of eBay users to a bogus electronic payment site, underscore the continuing need for vigilance in safeguarding our computers, our information, and our identities.
As we begin the new academic year, please make sure you understand safe behavior in the electronic environment, and make sure your computers and your information are secured against viruses, hackers, and other common threats. If you are a faculty or staff member, your Local Support Provider (LSP) has most likely secured your work computer. However, home machines need to have the same protections in place. Best practices include:
Don’t install free utilities, such as filesharing software, Internet accelerators, toolbars, and other purportedly useful pieces of software of unknown origin. Many of these tools come loaded with adware and spyware, which consume your computer’s resources, reroute your network connection, and bring your computer to a grinding halt. Faculty and staff should always check with their Local Support Provider before installing software.
Run the current version of supported antivirus software & set it for regular automatic updates. Current versions provide important new benefits, for example, the current version of Symantec for Windows identifies and removes adware and spyware. Automatic updates (daily for Windows and weekly for Macintosh) ensure that new viruses and worms are recognized immediately.
Assign a hard-to-guess, complex password to your computer. The biggest security problems on campus are the failure to assign passwords to individual computers and the use of weak, guessable passwords that cannot withstand automated password-cracking attempts. Complex passwords are essentially random strings of upper and lower-case characters and numbers that are not associated with your name, birthday, or other personal information and do not include dictionary words.
Be alert for “phishing” scams that can result in identity theft. “Phishing” refers to forged email purportedly from a legitimate business or University office, quite possibly one you’ve dealt with. The email links to a website that looks legitimate but is designed to trick you into entering sensitive information such as your Social Security Number, an account password, a credit card number, or your PennKey password. Never click on a link in an email requiring you to disclose sensitive information. Delete the email, enter the URL manually, or call the organization using a phone number you look up rather than using one in the email.
Apply security “patches” to your operating system promptly. Hackers attempt to exploit security holes inadvertently built into your computer’s operating system. Be sure your computer is set up with Windows Update or Macintosh Software Update to automatically download free software updates that patch newly identified security holes.
Activate your computer’s built-in firewall (Windows XP and Mac OS X). The firewall provides an added protection against malicious activity.
Please consult with your support provider (www.upenn.edu/computing/view/support/) if you need advice or assistance, and see www.upenn.edu/computing/security/ for how-to information. Remember–protecting yourself costs next to nothing.
–Robin Beck, Vice President, Information Systems & Computing
Security Quiz and Prize Giveaway
To learn how to protect your computer, your data, and your identity against compromise or theft, take the security quiz at www.upenn.edu/computing/security/. As a bonus, you’ll be eligible for weekly prizes ($50 gift certificates for the Bridge Cinema, Strikes Bowling, or iTunes) and four grand prizes (Apple iPods and Segway tours).
Almanac, Vol. 52, No. 2, September 6, 2005
September 6, 2005
Volume 52 Number 2