Information Technology Division|Bulletinvol.11 no. 1| October 2014

From Here, It’s Possible

MESSAGE FROM THE CIO

October 2014 marks the 11th year of National Cyber Security Awareness Month (sponsored by The National Cyber Security

Awareness Alliance), and the 10th year that TTU has participated with campus events and education. Cyber security is the practice of

protecting institutional and personal information resources online– we are all responsible for practicing safe computing. We dedicate this

bulletin to timely cyber security topics, and we also publish a brochure – if you would like a personal copy, or copies for

your department/area, please email ITEducation@ttu.edu. You may visit www.safecomputing.ttu.edu for tips and further

information on a variety of cyber security topics. —Sam Segran

Associate Vice President for IT and Chief Information Officer

CYBER SECURITY AWARENESS MONTH

• Regularly monitor your credit card bills carefully and investigate any charge that you do not recognize.

Developing strong passwords will help secure TTU institutional information resources, as well as your personal information. TTU already requires the use of a strong password for eRaider accounts, but for your personal accounts, we recommend that you also create unique and complex passwords. If an identity thief obtains one of your passwords, they may try to access your other accounts using the same password. Here are a few suggestions for creating a complex password that you will be able to easily recall:

• Consider starting with a sentence or phrase that is meaningful to you, but not a common sentence or phrase;

• Remove the spaces between the words in the sentence;• Convert the words into “shorthand” and/or intentionally

misspell a word, e.g. HM for home;• Add length with numbers and symbols that are

meaningful to you; and• Use at least eight characters with a mix of uppercase/

lowercase letters, numbers, and special characters (!,@,#, etc.).

Here is an illustration:

• livefish - is a weak password.• L1veF1sh - is stronger, but uses a pattern (1st letter

capitalized, and i’s substituted by 1’s) easy to detect.• l!v3f1Sh - is much stronger, as the capitalization and

substitution of characters is not predictable.

PASSWORDS CAN BE A STRONG DEFENSE OR A WEAK LINK

IDENTITY THEFT – CRIME ON THE RISE

Identity theft occurs when someone fraudulently obtains personally identifiable information, usually for financial gain. Such information includes name, birthdate, Social Security Number, credit card number, bank account information, usernames and passwords, and other forms of personally identifiable or confidential information. Awareness is one of the most effective weapons against identity theft.

Identity thieves will use a variety of methods to steal your identity, such as:

• Physically stealing your wallet or purse containing IDs, as well as credit cards and banking information;

• Tricking you into sharing your information through phishing and email scams, phony phone calls, or fake websites;

• Searching social media accounts for personal details or clues to passwords and password recovery questions;

• Searching through your trash looking for bills or other papers containing your personal information, commonly called dumpster diving; and

• Installing malware on your devices without your consent or knowledge.

Protect your identity by using the following basic tips:

• Install anti-virus and other anti-malware software on all your systems and devices;

• Configure your system to automatically install updates and security patches;

• Never respond to email requests for usernames, passwords, or any specific account information or other sensitive information. Credible institutions and organizations will not request personal information via email;

• Do not click on links in an email message, instant message, text message, or social media posts, unless you trust the sender and are expecting the information;

• Use a cross-cut shredder to destroy documents containing personal information;

• Shop only at reputable and secure Internet locations. Make a point to look for the “https://” in the address bar; and

Please visit safecomputing.ttu.edu for more tips and information on a variety of cyber security topics. The National

Cyber Security Awareness Alliance also provides tips at http://www.

StaySafeOnline.org

Contributions by: Katherine Austin Beltz, Ph.D., Darrell Bateman, Jeff Barrington, Shannon Cepica, Yung Ng, Amanda Salazar, J Stalcup, William

Watson, and Allen Young.Safe Computing Practices Committee: Sam Segran, Katherine Austin Beltz, Ph.D.,

Darrell Bateman, James Abbott, Ph.D., Jeff Barrington, Shannon Cepica, Daniel East, Scott Hall, Shannon Newsome, Yung Ng, Chris Oglesby, Randall Osborne, Nathan

Rogers, Amanda Salazar, Mike Simmons, Phil Smith, Ph.D., J Stalcup, Britta Tye, Vicki West, Allen Young, and assistance from IT Division staff.

Mail Stop 2008Phone: 742-5151Fax: 742-5155

Copyright 2014 Texas Tech University

IT Website:www.infotech.ttu.edu

Texas Tech University Website:

www.ttu.edu

Computer-BasedTraining(CBT):

cbt.ttu.edu

Safe Computing Practices:safecomputing.ttu.edu

Scan the barcode to view IT Bulletins online

www.infotech.ttu.edu/itbulletin

Internet criminals and hackers often portray themselves as legitimate and trustworthy, in order to gain your trust. We all share a responsibility to Think Before You Click! Clues to help you spot a phishing scam:

• Requests for your username and/or password – credible institutions and organizations will not request personal information via email;

• Time sensitive threats (e.g., your account will be closed if you do not respond immediately);

• Spelling and grammar mistakes;• Vague or missing information in the “from” field or email

signature;• “To” field contains multiple random email address or is

alphabetized;• Impersonal or awkward greetings, such as “Dear Mr.

account holder;”• Unexpected files or downloads;• Links that don’t refer to the sender or sender’s

organization;• Emails about accounts that you don’t have, such as eBay

or PayPal, or banks that you don’t have accounts with;• Emails “from” celebrities;• Asks you to reply in order to “opt out” of a service; or• Plays on human emotions to evoke sympathy, kindness,

fear, worry, anxiety, or excitement.

Although convenient, public wireless connections are typically not secure. Your home or personal WiFi system also may present security risks. TTUnet WiFi service on campus is secured using industry standard and proven security practices. However, most public WiFi available in retail stores, hotels, airports, and conferences are configured for convenience rather than security.

Public WiFi precautions:

• Avoid using public hotspots for important transactions, such as transactions that require a login. You should not make financial transactions or use credit cards over public WiFi;

• Don’t check your email or social media sites on public wireless connections, as you might expose your login information to hackers; and

• Be sure to log out when you are done.

Home WiFi precautions:

• Change the default password when setting up your home WiFi;

• Enable your WiFi router’s strongest security features, such as WPA2;

• Disable remote administration (a feature on newer WiFi routers that allows administration of the router from the Internet);

• Make sure your home WiFi access is password protected because “drive-by hackers” or your neighbors could gain access to your wireless network, steal your personal information, or participate in illegal online activities that could trace back to you; and

• Be selective about providing access to your home WiFi to guests.

Since the Internet has become an indispensable tool for everyday life, “digital citizenship” is an important practice to keep in mind. General rules for principled online conduct include:

• Do not use rude or offensive language;• Do not call people names, lie about them, or post

embarrassing pictures of them;• Do not post or share information about others that you

would not want people sharing about you–respect the privacy and reputation of others;

• Do not immediately react or reply to postings if you are emotional;

• Do not download illegal materials, such as software, games, movies, or music. Make yourself aware of copyright restrictions and follow them;

• Do not break or hack into someone else’s computer;• Do not ask for someone else’s password or try to guess

their passwords to access their information; and• Do not forward chain letters, as they consume valuable

computing resources, and increase spam.

CYBER ETHICS

PHISHING SCAMS: DON’T “TAKE THE BAIT”

WIFI SAFETY AT HOME AND IN PUBLIC LOCATIONS

Think before you click