The University Information Security Office compiled the following dangerous online practices to help you protect your most valuable data and information. The Office will update this list as needed due to the dynamic nature of Information Security.
- Don't click on the link! Opening attachments from unknown senders is the riskiest thing you can do. Research shows that e-mail attachments remain the number one means by which worms and viruses propagate. If you don’t know who sent it, simply delete it. For that matter, it’s a good safety practice to ignore non-business-related attachments from people you do know. These attachments could have Trojans embedded in jokes or photos sent by unsuspecting friends.
- Installing unauthorized applications such as file-sharing tools (ITunes, Azureus and other Bit Torrent clients) is second on our list. Illegal downloads are against University policy. They, like mailicious e-mail attachments, can put your data at risk for theft or destruction.
- Disabling security tools is a risky behaviour that many people practice (i.e., disabling a firewall or other antivirus program).
- Opening messages from unknown senders is just as dangerous as opening e-mail attachments from strangers. While most people may know not to open e-mail attachments, many don't realize that dangers can lie in the body of an e-mail as well. HTML e-mail or messages that contain embedded photos are just as dangerous. Embedded images and PDFs can contain malicious code that is harmful.
- Surfing questionable sites is always dangerous. You will find that porn, gambling and sites that host illegal content are the same sites that install malicious software on your computer.
- Random surfing of unknown, untrusted Web sites is just as dangerous as surfing questionable websites. Visiting entertainment sites can open your computer up to unwanted malware. Malware can interrupt your computer's normal functions and allow access to your personal data (i.e., SSN, student records) by other individuals.
- Sharing passwords is as old as computing itself. Be wary of trusting fellow students and colleagues with this precious information. Keep your NetID and password to yourself. Exposing it means you're exposing salary, banking and grades!
- Open wireless networks are a huge risk. As many people share this type of network, the risk of a hacker stealing your password or personal data is very high. If you do use a wireless network, use only secure, encrypted wireless networks and be sure to leave a firewall turned on. You should also avoid sending passwords through virtual spaces.
- Filling in Web forms and registration pages is widely used by many individuals for everything from registering for an event to applying for college. There may be nobody behind you watching you as you type; however, that doesn't stop a keylogger (a program or device that logs all your key-strokes) from collecting your personal information. Try to keep all sensitive material on your own machine (the one that you maintain and protect) instead of on a public computer.
- Use caution on social networking sites like Facebook and Twitter. These sites are a haven for thieves and stalkers. They allow anyone the ability to gather information about you that may aid them in stealing your identity. Think twice before you post any sensitive or damaging information on these sites. Be aware of any policy changes and verify that your privacy setting works as expected.
This content was excerpted from NetworkWorld.