Kansas State University


IT News

Spring 2010: Five things you need to know about IT security at K-State

In 2009, 431 K-Staters were duped by spear-phishing scam e-mails and gave away their eID password to criminals, who then used the stolen information to sign in to webmail and send hundreds of thousands of spam messages. Obviously, the first thing on this semester’s top-five security list must be:

  1. Never give your password to anyone in an e-mail message. K-State was plagued by nearly 300 instances of e-mail scams in 2009 that try to trick people into replying with their eID password. It has not slowed down in 2010. If you remember this one simple rule, you can prevent becoming a victim of these scams: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it.
  2. Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, more than 100 K-State computers were compromised last summer and another 130 last fall when people were tricked into opening malicious e-mail attachments. Be informed and think before you click!
  3. Use K-State’s free antivirus software on your Windows or Macintosh computer, which is required by K-State policy if you connect your computer to the K-State campus network, including the residence halls and the wireless network. It’s also available to use on home computers at no cost.
  4. Keep your computer AND your applications patched with the latest security patches. Just keeping your operating system patched, like Microsoft Windows or Mac OS X, is no longer sufficient. Hackers are regularly targeting vulnerabilities in applications like Adobe Acrobat, web browsers, e-mail clients, QuickTime Player, RealAudio player, antivirus software, and countless others. Where possible, configure your software applications to automatically check for and install updates.
  5. Do not use peer-to-peer (P2P) file sharing software to obtain or distribute copyrighted or licensed songs, movies, games, or software that you do not have the legal right to possess. It is against the law, against K-State policy, and it puts your computer at risk of being compromised since hackers often attach malicious programs to files obtained through P2P applications. Buy the song or the movie – don’t steal it! See K-State’s website about illegal file sharing for more information.

This is by no means an exhaustive list of the security precautions people must take. Much more information about IT security is available on K-State’s IT security website and K-State’s IT policy pages. Visit these sites and become familiar with what is expected of you, so you can function safely online and protect yourself, your colleagues, and K-State’s information resources.

About Harvard Townsend (harv@ksu.edu)

Chief Information Security Officer