Cyber Security Threats and Tips

This checklist denotes some tips and tricks on protecting a user from the various cyber threats:

Threats		What is it?		How does it spread?		Tips against threats
Phishing		Phishing typically consists of false messages targeted to the victim that promises certain things in exchange of their personal or confidential information.		Usually through fake emails or web pages that masquerade as messages or web pages of banks, institutions, or a rich and famous royalty from another country. Sometimes crafty pop-ups can also lure users into becoming phishing victims		If it sounds too good to be true, then it probably is not true. Legit banks and institutions never ask for personal information (passwords, SSNs) through email. Watch for https in the browser URL. Pages requesting sensitive information must always have https instead of http Check the browser URL, and verify it is a URL from the institution Close all other browser windows when accessing a site with sensitive data (e.g. Bank site) Never submit sensitive information to web sites.
Infected Websites		This is the most prominent of all threats in 2008 and 2009. Over 2.6 million websites are infected, the infected website can install malicious software onto a victims computer in attempt to steal their information or use their computer as a platform to infect other computers. Serious infections can lead to permanent loss of data		This type of threat is spread through infected websites, or infected advertisements displayed on the infected websites. Many legit sites are infected.		Try to stay away from less prominent and smaller websites. Steer away from websites that have an excessive number of advertisements. Keep all software on your computer up to date. At a minimum Windows, Sophos, Quicktime, Firefox, Office and Java should always be kept up to date. Do not use administrative accounts on the computer when browsing the Internet. Do not trust any internet pop-ups that indicate virus infection Avoid opening email attachments from people you don't know Ensure personal firewall is enabled on your computer
Social Engineering		This type of threat involves a person or a group of people who tricks a victim into providing personal or sensitive information		This type of attack typically involves face to face interaction, or over the phone conversation.		If a person is requesting sensitive information, always ask for identification. Be careful of the over friendly strangers. Never give out personal or sensitive information over the phone, unless if you initiated the call.
Theft		This type of threat involves the unauthorized physical access or seizure of information or equipment. This environment has seen a tremendous amount of theft within the last year.		This type of attack involves a person or a group of people as well as inadequate physical security		Always lock sensitive documents, equipment behind a locked cabinet or door. Always lock your office door when you step out of the office Always lock your workstation when you step away from your desk Be aware of strangers in your work area, always ask for proper identification Use encryption and tracking software, as well as cable locks on sensitive IT equipment.

Security Checklist Strong passwords for all accounts Always have up-to-date antivirus and antispyware Never share your account information with others Be sure all software are up-to-date Avoid visiting less reputable websites Lock the door when you step out Open only trusted email attachments

Security Issues Contact Information VCU Police – 828 – 1196 VCU TS Helpdesk – 828 - 2227 VCUHS Helpdesk – 828 - 6647 VCU SOM Security Officer – 827 – 9907 VCU Police crime report page: http://www.vcu.edu/police/reportcr.html

Other resources:

Cyber Security Tips from U.S. Computer Emergency Readiness Team
http://www.us-cert.gov/cas/tips/

VCU Computer Security Policies and Guidelines:
http://www.ts.vcu.edu/policies/

VCU Information Security Website
http://infosecurity.vcu.edu/

Dan's Security Blog
http://blog.vcu.edu/s2dhan