The University Information Security Office compiled the following dangerous online practices to help you protect your most valuable data and information. The Office will update this list as needed due to the dynamic nature of the Internet and the ever-evolving tactics of online predators.
1) Opening attachments from unknown senders is the riskiest thing you can do. Research shows that e-mail attachments remain the number one means by which worms and viruses propagate. If you don’t know who sent it, simply delete it. For that matter, it’s a good safety practice to ignore non-business-related attachments from people you do know. These attachments could have Trojans embedded in jokes or photos sent by unsuspecting friends. If the attachment is truly important, the person who sent it will follow-up with a phone call.
2) Installing unauthorized applications such as file-sharing tools (ITunes, Azureus and other Bit Torrent clients) is second on our list. Illegal downloads are against University policy. They, like mailicious e-mail attachments, can put your data at risk for theft or destruction.
3) Disabling security tools is a risky behaviour that many people practice. Many users, while trouble-shooting slow applications, will turn off their anti-virus and/or their firewall. The problem is they forget to turn them back on!
4) Opening HTML or plain-text messages from unknown senders is just as dangerous as opening e-mail attachments from strangers. While most people may know not to open e-mail attachments, many don't realize that dangers can lie in the body of an e-mail as well. HTML e-mail or messages that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.
5) Surfing questionable sites is always dangerous. You will find, more times than not, that porn, gambling and sites that host illegal content are the same sites that install malicious software on your computer.
6) Random surfing of unknown, untrusted Web sites is just as dangerous as surfing questionable websites. Visiting entertainment sites such as MySpace can open your computer up to unwanted Malware. Malware can interrupt your computer's normal functions and allow access to your personal data (i.e., SSN, student records) by other individuals.
7) Giving/lending passwords is as old as computing itself. Be wary of trusting fellow students and colleagues with this precious information. Also, if you write this information down, do not keep it near your PC or laptop. Keep your NetID and password to yourself. Exposing it means you're exposing salary, banking and class registration information!
8) Wireless networks are a huge risk. As many people share this type of network, the risk of a hacker stealing your password or personal data is very high. If you do use a wireless network, use only encrypted wireless networks and be sure to leave a firewall turned on. You should also avoid sending passwords through virtual spaces.
9) Filling in Web forms and registration pages is widely used by many individuals for everything from registering for an event to applying for college. There may be nobody behind you watching you as you type; however, that doesn't stop a keylogger (a program or device that logs all your key-strokes) from collecting your personal information. Try to keep all sensitive material on your own machine (the one that you maintain and protect) instead of on a public computer.
10) Avoid social networking sites like MySpace and Facebook. These sites are a haven for thieves and stalkers. They allow anyone the ability to gather information about you that may aid them in stealing your identity. Think twice before you post any sensitive or damaging information on these sites.
This content was excerpted from NetworkWorld.