K-State broke a record in 2010, but it is not a record to be proud of: 445 K-Staters were tricked into giving away their passwords to criminals in response to spear-phishing scam e-mails. The criminals then used the stolen information to sign in to webmail and send thousands of spam messages.
Obviously, the first thing on this semester’s top-six security list must be:
- Never give your password to anyone in an e-mail message! K-State was plagued by 406 instances of phishing scams in 2010 (compared to 296 in 2009) that try to trick people into replying with their eID password. The hackers responsible for these scams are relentless! If you remember this one simple rule, you can prevent becoming a victim: K-State IT support staff will never ask for your password in an e-mail, nor will any legitimate business or organization. If you get such an e-mail, just delete it. The same holds if you get an email with a link to a web form that asks you to fill in your username and password – don’t do it!
- Learn to recognize scams, frauds, and other forms of malicious communications so you don’t become a victim of identity theft, financial fraud, or end up with a compromised computer. Criminals are using all kinds of new tricks and coming at you from all angles — e-mail, social networking sites like Facebook and Twitter, malicious links on webpages, Instant Messaging, phone calls, and even knocking on your door. As an example, in 2009 more than 230 K-Staters were tricked into opening malicious e-mail attachments, resulting in 230+ compromised computers. Be informed and think before you click!
- Use K-State’s free antivirus software on your Windows or Macintosh computer, which is required by K-State policy if you connect your computer to the K-State campus network, including the residence halls and the wireless network. It’s also available to use on home computers at no cost. This security software by Trend Micro has the added benefit of blocking access to known malicious sites via its Web Reputation Services, thus giving you one more layer of protection against infection.
- Keep your computer AND your applications patched with the latest security patches. Just keeping your operating system patched, like Microsoft Windows or Mac OS X, is no longer sufficient. Hackers are regularly targeting vulnerabilities in applications like Adobe Acrobat, web browsers, e-mail clients, Java, Flash, QuickTime Player, antivirus software, and countless others. Where possible, configure your software applications to automatically check for and install updates.
- Protect your laptop and other mobile devices from theft. The K-State campus and surrounding neighborhoods have seen a significant number of laptop thefts in 2010, so take precautions to prevent opportunistic theft and protect K-State and personal information if it is stolen. Buy a locking security cable and use it! Also never leave a mobile device unattended and unsecured, even if it’s in your office or behind a closed door. For more information, see the recent IT Tuesday article on campus laptop thefts and the PowerPoint presentation from the May 2008 SIRT IT security roundtable on laptop security.
- Do not use peer-to-peer (P2P) file sharing software to obtain or distribute copyrighted or licensed songs, movies, games, or software that you do not have the legal right to possess. It is against the law, against K-State policy, and it puts your computer at risk of being compromised since hackers often attach malicious programs to files obtained through P2P applications. Buy the song or the movie – don’t steal it! See K-State’s website about illegal file sharing for more information.
This is not an exhaustive list of security precautions. More information about IT security is available on K-State’s IT security website and IT policy pages. Visit these sites and become familiar with what is expected of you, so you can function safely online and protect yourself, your colleagues, and K-State’s information resources.