Best Practices in Information Security
- All faculty and staff passwords will be changed three times a year. This began spring 2007.
- All College-owned computers are configured with anti-virus software that centrally reports virus activity.
- All FT employees are entitled to a copy of Sophos anti-virus software for home use.
- All email attachments are scanned for spam, virus or malicious attachments.
- The College receives nearly 200,000 email messages per day and blocks over 80% of them as a result of spam, and 10 of them as a result of a virus-infected attachment.
- All web browser content is scanned for malicious software.
- The College has a formal board-approved Acceptable Use Policy that states user responsibilities, appropriate uses of technology, and forbidden activity.
- Do not send sensitive information via email. Examples would include SSN, passwords, etc.
- Do not open attachments unless you are expecting the file and know the sender.
- Do not trust all incoming email coming from the Internet (see "phishing" on back for more information).
- Please store all College-related files and documents on network storage (not local "C" drive or removable storage devices).
- Do not download College files to non-College owned computers.
- Do not use flash or removable storage to store files containing sensitive information.
- Make sure your home computer is patched with latest OS updates (www.microsoft.com/windowsupdate).
- Make sure your computer is protected with current anti-virus software.
- Make sure to use a firewall when connecting to the Internet.
- Do not open files or install programs unless needed.
- Make sure that you trust others also using your computer (see "keylogger" on back for more information).
- Backup all important files and folders.
- Do not permit others to use your ID to access any service. This includes contractors and student workers.
- Utilize strong passwords that are easy for you to remember. Examples include the use of combined alpha and numeric values.
- Do not store files with sensitive information on any mobile device (notebook, PDA, phone, etc.) without the use of encryption software.
- Do not attach a College notebook computer to a non-College network (wired or wireless) without the personal firewall enabled.
- Do not enable file sharing.
- Make sure your mobile device is receiving OS patches and virus updates.
- Please print only when necessary. Use electronic documents and processes when possible.
- Please properly shred all documents containing sensitive information.
- Do not leave documents with sensitive information unattended for any period of time. Examples include printer and fax output trays.
- Please store all sensitive paper documents in a secure cabinet or closet.
Did you know?
File Access and Sharing
Home Computing
IDs and Passwords
Mobile Computing
Paper Documents
Terms
AdWare - A type of software that is unknowingly installed on a user computer for the purposes of advertising a commercial entity.
BotNet - A type of software that is often unknowingly installed on a user computer. The software participates in a larger network of similarly infected computers and often are used to originate spam messages or specific computer attacks.
Encryption - The act of transforming an original document through the use of a mathematical algorithm. The resultant file cannot be accessed (or decrypted) without the possession of the encryption key.
Keylogger - A device or software used to capture keystrokes entered on a computer. Often used to fraudulently access on-line accounts.
Pharming - Redirection of a website to a bogus location in the efforts of acquiring sensitive information.
Phishing - An attempt to acquire sensitive information by masquerading as a trustworthy entity. Initial communications is often through e-mail or instant messaging.
Spam - Unsolicited Bulk E-Mail. The use of mass e-mail to market products, spread phishing attempts, attempt fraudulent activity, etc.
SpyWare - A type of software that is unknowingly installed on a user computer for the purpose of sending information about the user to the software creator.
Worm - Malicious software that spreads itself through the Internet by taking advantage of system vulnerabilities (often a result of un-patched computers).
