Monday, October 15, 2012 - 09:34

Can you tell the difference between a scam site that is attempting to get your personal information versus the real site?  Head over to OpenDNS's Phishing Quiz and see how you do.  This is an excellent test to help you understand how to tell real websites from the scam sites: http://www.opendns.com/phishing-quiz/

 

The quiz can help you improve your immunity to phishing, and you should remember that phishing and malware scams could take the form of:

 

  • Electronic greeting cards
  • Requests for charitable contributions
  • Order confirmations for orders you haven’t placed
  • Credit card applications
  • Online shopping advertisements

 

All of which are emails you are likely to see as the holidays get underway. Please stop and think about the source before opening an attachment or clicking on a link, especially if the email is unexpected.

 

Successful scammers may use your credit card information to buy themselves something nice, but they are likely to use compromised Duke credentials to send spam from Duke mail systems, or steal Duke data.

 

Duke uses challenge questions to verify your identity via phone if your NetID account becomes compromised. To be entered to win an iPad 3or Nexus tablet, go set or update your challenge questions at: http://oit.duke.edu/selfservice. Everyone who completes our quiz, changes their NetID password, and sets or updates their challenge questions will be entered to win!

Monday, October 8, 2012 - 08:58

How am I supposed to keep up with all of my passwords?

You know that you’re supposed to have a unique and strong password for every account you log into, but you don’t do it because that’s just too hard to remember! Basic safety and security is worth a little extra effort, though – you probably wash your hands to avoid getting sick during cold and flu season, right?

 

Maybe you have long passwords with a variety of characters, but you write them down in order to keep track of them. Unfortunately, these common places make it very easy for unsavory types to find your password and use it to access your computer, email, online accounts, etc.:

 

• Under the keyboard
• Under the phone
• Under the mouse pad
• On the monitor
• In the top drawer
• Under the desk

 

There are several password management tools that can make it easier for you, and many of them will generate a strong password for you, too.

 

1Password (https://agilebits.com/onepassword), Keepass (http://keepass.info/), and LastPass (https://lastpass.com) are all good options. You can try them out and see how they match up with your personal work style.

 

To be entered into the University IT Security Office’s contest to win an iPad 3 or Nexus tablet, go to http://oit.duke.edu/selfservice and change your NetID password. Everyone who completes our quiz, changes their NetID password, and completes one other task (to be announced soon), will be entered to win!

Monday, October 1, 2012 - 10:02

 

National Cyber Security Awareness month is here!

As National Cyber Security Awareness month rolls around again, the University IT Security Office is coordinating several events on campus and continuing our annual contest, where you could win an iPad or a Nexus tablet.  First, take our IT security quiz. You will also have to complete two other tasks to be entered to win. We’ll include those in future blog posts.

 

This year we will sponsor a panel discussion of data security topics for international travelers – do you know how to ensure that your personal data and the Duke data you have access to are protected when you’re abroad?

 

We’re also sponsoring a lunch and learn session on mobile applications and one about password management, and several computer health checks on campus. For details, see the Duke events calendar (http://calendar.duke.edu/events/) or the ITSO events page (https://security.duke.edu/it-security-events).

 

On the topic of computer health, too often we don't think about our systems’ health until it is too late and we have malware on our computer, we lose our important data, or our computer has become part of a botnet.  Here are a few preventative maintenance tips and resources to help you protect your personal computer:

 

1.  Patch your operating system.

  • For Windows 7: Click on the Start Button -> All Programs -> Windows Update
  • For Apple OS X: Click on the Apple in the top left corner -> Software Update

2.  Patch your applications.

  • For Windows: Go to http://software.informer.com and download and install Software Informer.  This will scan your system for missing patches and update them for you.
  • For Apple OS X: Go to http://mac.informer.com and download and install Mac Informer, which will also scan your system for missing patches.

3. Install an antivirus client on your computer.

4. Turn on your personal firewall.

  • For Windows 7: Click on the Start Button -> Control Panel -> Windows Firewall
  • For Apple OS X: Click on System Preferences -> Security & Privacy -> Firewall

5. Secure your browser

  • For Google Chrome and Firefox users, install Adblock and Web of Trust (more advanced users might consider installing noscript)
  • Be careful about clicking on links!  The most important component of browser security is YOU.

6. Make sure that your computer is password protected.

  • For Windows 7: Click on the Start Button -> Control Panel -> User Accounts, and select "change your password"
  • For Apple OS X: Click on System Preferences -> Users and Groups, and select "change your password" 

7. Make a good backup of your system.  Windows 7 and Apple OSX have built in back up utilities, and there are a number of low-cost online options.

  • For Windows 7: Click on the Start Button -> All Programs -> Maintenance -> Backup and Restore
  • For Apple OS X: Click on System Preferences -> Time Machine
  • Cloud Options include: CrashPlan (http://www.crashplan.com). and Mozy (http://www.mozy.com)

 

See http://tiny.cc/Computer-Hygiene-Tips for more great information on protecting your computer.

Pages