Tips for using passwords to keep your information safe:

TIP: Never share your password with anyone - not even your loved ones or co-workers.
While you may trust these people, you shouldn’t trust that they know how to keep passwords secure. Never, never respond to a request from any organization (particularly a financial institution) that requires you to submit your login and password by email, since it's probably a hoax.

TIP: Never leave your password written down where someone could find it.
Anyone wandering by your desk and seeing a password on a sticky note could log on to your computer as you, and commit crimes in your name - including copyright violations, child pornography, threats, and fraud. If these are done with your logon, especially from your computer, it becomes difficult to prove it wasn’t you!

TIP: Make your password hard for someone else to guess.
Short, common passwords are easy to “brute-force”. Lists of the encrypted versions of short passwords are already posted on the Internet, so it’s trivial to compromise your computer if your password is “password”, the name of your pet, or “gorams”. Choose something more random-looking that you can still remember, using numerals, some upper-case letters and special characters, like “Nitw**D!” (Now is the winter of our discontent!). Hardware restrictions currently prevent your eID password from being more than 8 characters, but that should be fixed by December, so next time you change it can be much longer (and harder to guess).

TIP: Don’t use your important passwords for gaming or social networking sites.
If your password is compromised, then any system you access with that password could be compromised. So, if you use your banking password for a YouTube account, it’s like an open invitation to have your bank account emptied. Fixing this means keeping track of more passwords, but there are tools to make it easier. For Windows, Linux and PocketPC, one of the best is the Open Source tool PasswordSafe. For Mac OSX, there's the Keychain Access included in the OS, and the free download 1Passwd for more functions.

TIP: PayPal offers a one-time password generator for use with eBay and PayPal.
For only $5.00, you can rest assured that nobody can log into your eBay or PayPal account but you. You can purchase the Security Key, a one-time password generator not much bigger than a USB key. Every time you log in to your account, it provides a different string of numbers that you append to your password. So, even if your logon is intercepted on its way across the Internet, it won’t do anyone any good because your password will be different the very next time. PayPal is selling these for next to nothing because they know people care about security, and they think $5.00 is a reasonable amount. If you use EBay or PayPal, get one to show them they’re right! While you’re at it, ask your bank why THEY don’t use something like this.

Tips for avoiding viruses and worms:

Viruses and worms are two types of a broader category called "malware" - generally, any software that is designed intentionally to cause harm. Several years ago (remember blaster, nimda, code red?) worms tended to overwhelm networks. More recently, criminals and virus writers are more interested in profits they can make illegally while a network is up. For this kind of activity, they spread viruses and trojans and spam. The primary modes of distribution (or "vectors") are email, web pages, file sharing and chat. Here are some tips to help keep yourself safe...

TIP: Use common sense.
It's always better to err on the side of safety. If you're unsure about an email attachment, delete it... especially if it's from a source you don't recognize. Even if it's from a trusted source, if it's not something you're expecting, email or call the sender to confirm that they actually sent it.

TIP: Use anti-virus software at home.
CSU has a license for Symantec AntiVirus that you can use FOR FREE on your home computer. Just go to the CSU Software Download Page.

TIP: Upgrade your anti-virus software frequently.
An anti-virus program is only as good as the frequency with which it is updated. New viruses are written daily, and subtle variations in their programming can allow them to slip by older virus definitions. Make sure your computer is set to automatic updates, and check to be sure it's working.

TIP: Exercise caution when downloading files from the Internet.
Ensure that the source is a legitimate and reputable one. Verify that an anti-virus program checks the files on the download site. If you're uncertain, don't download the file.

TIP: Notice changes in your computer's performance.
Malware can take up a lot of your computer's resources, making it hard for normal applications to work properly. If your computer is suddenly very slow, especially on the Internet, it may be a sign of infection. Have it checked by the CTSS help desk or a professional tech support company.

TIP: Report suspicious behavior.
If strange things start happening on your computer (lots of windows opening and closing, for example), don't wait for the problem to go away... get help! Call your department/college tech person right away. If your computer has been infected with a virus, your information will be safer if it can be caught early. What's more, if a tech person can look at a machine while it's misbehaving, it's easier to discover where the problem lies.

Thanks to McAfee and Symantec for some of these tips.

Tips for avoiding phishing scams:

“Phishing” is the name for a tactic that takes advantage of trust and curiosity in order to circumvent technical protections. Popular phishing scams involve well-known names like AOL, eBay, Amazon, and major banks. Typically, an email will arrive claiming to be from one of these organizations, and will say that they need you to reply with your username and password. They may say that it’s for account maintenance, or because someone has tried to steal from your account. Another common tactic is “You’ve got an electronic greeting card from ”. The Web link, presumably to get the nice message, actually takes you to an attacker’s site and downloads viruses or other malware to your computer!

TIP: Use common sense.

It's always better to err on the side of safety. If you're unsure about an email, delete it... especially if it's from a source you don't recognize. Even if it's from a trusted source, if it's not something you're expecting, email or call the sender to confirm that they actually sent it.

TIP: Read email as plain text to expose phishing scams.

If you view an email using HTML (the default for some mail clients like Outlook), there’s nothing that requires the title of a Web link (the URL that you see) to be the same as the back-end code that directs your computer where to go when you click the link. If you view the email in plain text, either by changing your Outlook settings or by right-clicking and selecting View Source, you might notice that the text of the link (say, www.ebay.com) is different from the actual address (http://bobthehacker.comcast.net). You’ve just exposed a scam!

TIP: Don’t click Web links in email unless you’re absolutely sure.

Another way to avoid the URL spoofing described in the previous tip: instead of clicking the link in your email client, open a browser and manually type in the URL as it appears in the email. That way, you actually do go to eBay, and you can log in as normal.

TIP: Don’t be afraid to confirm a suspicious request.

If you receive a message you’re not sure about, ask someone you trust. Or, call the main number of the company the email claims to represent. You can ask them if the request is legitimate.

TIP: Tell your IT support folks if you make a mistake.

It’s natural to be embarrassed if you accidentally click on a scam email and download something nasty. It’s easy to think that you ought to have known, but it happens to us all. Tell your support person what happened, and it will be easier to clean up!

TIP: Report suspicious behavior.

If strange things start happening on your computer (lots of windows opening and closing, for example), don't wait for the problem to go away... get help! Call your department/college tech person right away. If your computer has been infected with a virus as a result of replying to a phishing scam, your information will be safer if it can be caught early. What's more, if a tech person can look at a machine while it's misbehaving, it's easier to discover where the problem lies.

Tips for safely dealing with attached files:

TIP: Use common sense!
Don't just click on everything that shows up in your inbox. Email attachments are currently one of the leading distribution methods for malicious programs.

TIP: Confirm unexpected attachments.
Even if you know the sender, the attachment could have been included by a virus, without the sender's knowledge. If you receive an attachment you're not expecting, don't be shy to ask the sender if the attached document is legitimate.

TIP: Scan any attached files with antivirus software.
Don't assume that just because an attachment made it through the CSU virus filters for email that makes it safe. Virus writers keep coming up with clever ways to avoid detection. Learn to use the manual attachment scanning feature of whichever email-reading program you use.

TIP: Save attachments to disk before reading them.
Even if you're reasonably sure an email attachment is legitimate, it's safer to save it to your hard drive first rather than opening it from within your email program. This way, your desktop antivirus program has a chance to scan it (even if it wasn't set to scan incoming email).

TIP: Don't forget about IM spam.
Email is not the only thing to worry about. Any application that lets one user send embedded files to another, including Instant Messaging, is a potential source of malicious attachments. Use the same care you would for email.

Tips for avoiding spyware:

TIP: Use current anti-spyware software.
Download Symantec Anti-Virus from the ACNS Downloads Page for use on your computer at home... Configure it to use File System Auto Protect for all types of files in order to protect against spyware.

TIP: Use common sense!
Some spyware is installed without your knowledge or consent, but other spyware is installed if you accept default configurations while installing other software. Be sure to read what you are agreeing to before clicking "Install" or "OK".

TIP: Read pop-up messages.
Your operating system, or your software firewall, may periodically ask your permission to do something that it views as unusual. Don't just get in the habit of clicking "OK" to such messages, because you may be granting permission for spyware to operate.

TIP: Pay attention to performance.
Not all spyware degrades system performance, but you may notice slower performance in your applications or your network connections, especially if you have many different pieces of spyware competing for your system's attention and your network bandwidth.