The following Top Ten List addresses simple ways you can protect your computer and your data. The tips are focused on information security issues that are especially important at WSU.
In addition, several consortiums have provided Websites with in-depth treatment of this topic. See the Related information section at right for links to these Websites.
If you need help with any information security issues, check with the tech support staff in your school or department, or contact the Computing & Information Technology (C&IT) Help Desk by phone to (313) 577-4778, Monday–Friday, 8 a.m. to 8 p.m. (fall/winter terms) and 8 a.m. to 6 p.m. (spring/summer terms), or by e-mail to helpdesk@wayne.edu.
#1 Choose passwords that provide the maximum degree of protection for you and the university.
#2 Run an anti-virus program regularly, and keep it up to date.
#3 Update your operating system and other software with security patches as soon as they are released.
#4 Don't fall for scammers who try to trick you into revealing sensitive information through a "phishing" attack.
#5 Add password protection to your screensaver.
#6 Beware of spyware.
#7 Don't open an attachment or click a link in an e-mail unless you know for sure that it is safe to do so.
#8 Don't leave your laptop computer or PDA unattended in a public place or an unlocked office.
#9 Keep your home wireless network safe, and be careful using wireless Internet while traveling.
#10 Make regular backups of the files and data on your computer.
No password can guarantee absolute protection against a determined intruder armed with password-breaking software, but you might as well make it as difficult for intruders as possible:
What makes a good password?
Most likely you use a number of passwords, including the one for your WSU AccessID and as well as passwords needed for access to various websites. Try to use a different password for each of these purposes. That way, if someone discovers one of your passwords, the damage that can be done with it is limited. See WSU's Strong Password Standard.
Make sure you have anti-virus software on your computer! Wayne State University provides Symantec AntiVirus for free to all students and employees. It can be downloaded from the Software Clearinghouse. Remember, anti-virus programs need regular updates so they can recognize the new viruses that emerge daily. Always set up Symantec AntiVirus to update itself automatically at least once a week.
Regularly download security updates and "patches" for operating systems and other software. Sometimes bugs are discovered in a program that may allow an intruder to access your computer. Most major software companies release updates and patches to close newly discovered vulnerabilities in their software—many of you are familiar with Windows XP Service Pack 2, for example, but all operating systems need to be kept up to date.
A "phishing" attack is an e-mail message that purports to be from a well-known company, advising that you must "re-enter" your security information. Usually it will direct you to what appears to be the company's website, and ask you to enter your password, account number, or social security number. But it's a scam: the sender is an imposter trying to steal your identity. Phishing e-mails purporting to be from Citibank, Citizens Bank and other well-known financial institutions have recently been making the rounds. Banks never send out e-mails asking you to click on some link or go to a website to "update" your password. If you have received one of these, you can help by sending the entire e-mail message to the Federal Trade Commission (FTC), spam@uce.gov. (Whenever you forward spam to a reporting agency, it's important to include the full e-mail header—look at the help files for your e-mail program for how to do this.) Phishing e-mails purporting to come from Citibank can also be brought to the attention of the Citibank Anti-Fraud Division. Go to www.citibank.com and click on "contact us," and then on "report a suspicious e-mail."
Don't allow strangers to play with your computer. Whenever you are away from your computer for any length of time, either turn it off or set up your screensaver so it requires a password to return the computer to its normal operation. Some operating systems (including XP) allow you to lock your keyboard with a single keystroke. This prevents passers by, both the curious and the malicious, from accessing your computer.
Many websites, including those operated by responsible businesses, place hidden "spyware" programs on your computer that track your web surfing and report which sites you visit. Spyware can seek out and transmit to a remote location more sensitive information too. Just clicking on certain website links is enough to trigger a "driveby download" that installs spyware without your knowledge. Some filesharing programs (particularly those that help you download music, movies or software) also install spyware without making an adequate disclosure. To remove spyware from your computer, consider installing an anti-spyware program such as Spybot Search and Destroy (available at www.spybot.info). Although this software may be a little complicated to install, your tech support person or the C&IT Help Desk can guide you.
Don't open an attachment or click a link in an e-mail message unless you are absolutely certain you can do so safely. Even messages from addresses you recognize may be "spoofed" (have faked return addresses). It's safer to have your correspondent resend a real attachment than to click on one you aren't certain of and infect your computer—and probably many others also, since this kind of attachment can install attack programs on your computer.
One of the easiest things you can do to secure your computer from intruders is to pay attention to its physical security:
If you use a wireless connection with your laptop or PDA, make sure the connection is secure. Never send a password over a wireless connection if the website isn't secure (the URL/address of a secure website will begin with "https"). If you have a home or office wireless router, set it up to require strong security. Otherwise, any person within range of your wireless signal can get unauthorized access to your computer, creating a variety of security problems.
Experienced computer users know that there are two types of people: those who have already lost data and those who are going to experience the pain of losing data in the future. Back up small amounts of data on floppy disks or zip drives and larger amounts on CDs or a USB flash drive. If you have access to a network, consider saving a copy of your data on another computer in the network. Many people make weekly backups of all their important data. And make sure you have your original software installation disks handy and available in the event your computer system files get damaged and you need to reinstall the software. Be prepared!
