by Connie Sadler, Dir. of IT Security, CIS
Security Street Smarts – Staying Safe on Campus
We all know that moving onto a major college campus comes with not only lots of new and exciting
opportunities but with some new challenges as well! Every campus has its own flavor, and while
there are many staff and community members dedicated to making your experience at Brown as productive
and successful as possible, there are certainly hazards as well. And no matter how safe and secure
we think things are, there are some common risks associated with any campus that you should be aware of.
Obviously, the Department of Public Safety is prepared to protect the environment here in a very adequate fashion.
My colleagues in DPS will ask you to use services like safeRIDE, and to be careful about walking the streets near
campus alone late at night. But there are other risks as well – risks associated with the use of technology,
which almost all of us rely on now every day. Here are some basic steps to help you get and keep control over your experience here:
- BEware of MALware!
Universities are targets of hackers – organized hackers.
We are scanned continuously for openings. You just won't be safe unless you run anti-virus software AND
anti-spyware software regularly. Use SpyBot and Ad-Aware and make sure you get them via the right source,
and not from a web site that offers a bad version of the real thing. Use Brown's anti-virus program,
downloaded off of the CIS software download page. You'll get quicker updates that way!
And be very wary of phishing email messages and other ads that just want you to click here, click there,
and click away your privacy! Click on a link, you run a program (someone else's program!),
and who knows what happens next?! Most malware contains keystroke loggers, which can be used to capture all
of your computing session, looking for passwords for banking, etc.,
- Never use the same password
to log into your banking program that you use to
sign up for the local newspaper. Have two or three different passwords – some longer and more
complex for protecting important info.
- Protect your identity.
There is a big price tag on it –and when you
fill out forms giving away your personally identifiable information, it can be stored in large data
stores for later use. Give up a Social Security Number to someone so you can get a free t-shirt or
other give-away is not worth it! Do you really know who is asking and why? It's ok to challenge the
request. Choose good passwords to protect things you care about (course work, bank
accounts, PayPal accounts, etc.). Automated password cracking programs are commonplace and very
effective! Weak passwords are often the weak link.
- Don't get duped.
Make sure you're familiar with the email address or screen
name you answer. If you don't think it's legitimate, or you're being asked for something that
you don't think is appropriate to share, check it out first. A quick phone call now can save
big headaches later.
- Safeguard your reputation.
Take care when providing any personal information
or photos for use on the web (e.g., Facebook or MySpace page), or in response to unsolicited IM
or email requests. You don't know how it might be used now or in the future (once it's out there,
getting it back is like trying to get toothpaste back into the tube).
- Lock up your electronic equipment.
Just like all open campuses, we have people
looking around for any opportunity to snatch up a laptop, an iPod or a cell phone. Don't leave your
stuff lying around. Lock your rooms when you're not home. Some equipment always comes up missing
due to door-rattling, or because it's left lying around unattended in libraries, clusters and other open areas.
- Consider purchasing an inexpensive lo-jack tool for laptops
– something like
CyberAngel for Windows.
You can get Cyberangel at the Computer Store, and it not only gives you an 80% chance of getting a stolen
laptop back, you can also store personal information on an encrypted partition on the hard drive. The
computer store also sells cables so you can lock up your laptop when you're away.
- Keep your operating system and applications patched and current.
Not having the most up-to-date software running can give a hacker an easy way in. They always look for the
low-hanging fruit first. Even if you don't have anything confidential on your workstation, keep it
current so it won't be taken over. If that happens, you have to rebuild.
Avoid popular peer-to-peer applications.
It's tempting because "everybody does it", but if you install P2P apps and download copyrighted materials (songs,
movies or TV programs), you may receive a complaint that will cost you to lose your network privileges – or worse.
It can be very costly to be sued by one of the major copyright holders. It happens even at Brown!
- "Do you know who is watching you?"
is the subject line of a new
phishing attack designed to lure you to click on a link. The body of the message says this:
If you download music or other files, you're being tracked. Read the news on RIAA and what
they are doing to everyone they find. Our software will eliminate any trace to you. This software
is made available free, so we can keep the internet free and private. Click here to download ________ .
Click on the link and your system is history!
So enjoy your time at Brown, and "Be free" of headaches you don't need!
For more information, see
http://brown.edu/Facilities/CIS/itsecurity/getcontrol/ or contact