Thousands of new faculty, staff, and students have arrived and a new semester has begun, so it is time to remind everyone of their personal responsibility in protecting themselves online and keeping K-State information and technology safe. To quote IT security experts, “the Internet is a bad neighborhood,”* and based on the number of security incidents at K-State thus far in 2009, it’s getting worse. You can still function safely online, though, if you take the time to learn about security and “think before you click.” Here are five things you need to know about IT security at K-State:
- Never give your password to anyone in an e-mail message. K-State has been plagued by more than 200 instances of e-mail scams over the last year that try to trick people into replying with their eID password (yes, that’s nearly one per day). In fact, thus far in 2009, nearly 300 K-Staters have had their eID password stolen this way. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
- Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, more than 100 K-State computers were compromised this summer when people were tricked into opening malicious e-mail attachments. Be informed and think before you click!
- Use K-State’s free antivirus software on your Windows or Macintosh computer, which is required by policy if you connect your computer to the K-State campus network, including the residence halls and the wireless network.
- Keep your computer AND your applications patched with the latest security patches. Just keeping your operating system patched, like Microsoft Windows or MacOS, is no longer sufficient. Hackers are regularly targeting vulnerabilities in applications like Adobe Acrobat, web browsers, e-mail clients, QuickTime Player, RealAudio player, antivirus software, and countless others. Where possible, configure your software applications to automatically check for and install updates.
- Do not use peer-to-peer (P2P) software to obtain or distribute copyrighted or licensed songs, movies, games, or software that you do not have the legal right to possess. It is against the law, against K-State policy, and it puts your computer at risk of being compromised since hackers often attach malicious programs to files obtained through P2P applications. Buy the song or the movie – don’t steal it! See K-State’s website about illegal file sharing for more information.
This is by no means an exhaustive list of the security precautions people must take. Much more information about IT security is available on K-State’s IT security website and K-State’s IT policy pages. Visit these sites and become familiar with what is expected of you, so you can function safely online and protect yourself, your colleagues, and K-State’s information resources.
* from Firewalls and Internet Security: Repelling the Wily Hacker by William Cheswick, Steven Bellovin, and Aviel Rubin, 2003
