- Get Started
- Accounts & Access
- Classroom Services
- Communications & Collaboration
- Computing & Printing
- Policies, Forms & Guidelines
- Safe Computing
- 2017: Becoming Cyber-mindful
- 2016: A Year of Safe Computing
- Confidential Data
- Phishing, Scams & Spam
- Protect Your Devices
- Teaching and Research
- Technology Skill Enhancement
- UDit A to Z Index
- About UDit
- Get Help
- Contact Us
SPRING CLEAN YOUR MACHINE
Phil saw his shadow last month, but don't lose hope - spring is just around the corner. And with spring comes cleaning! This month, take a few minutes to dust off your desktop, tidy your tablet, neaten your notebook and mop your mobile (metaphorically, of course). A few suggestions to get you started:
Phones & Tablets
- Update your apps and operating system
- Delete apps you no longer use; update the ones you do
- Set a PIN, fingerprint or password to lock your phone
- Encrypt your phone. iPhones are auto-encrypted; Androids: go to "settings" - "storage" - "phone storage encryption"
- Install anti-virus (Avast and Lookout are two good options)
- Delete wireless networks you don’t regularly use and disable “auto-connect” (Here’s why. And How >>)
- Turn off bluetooth and near-field communications (NFC) if you don’t use them
Desktops & Laptops
- Log out of your UD machine nightly to receive automated updates (and, if prompted to install a software update and reboot during the day, say yes!)
- Have a UD-owned laptop? Make sure it’s been loaded with encryption software (check with our IT Service Center if you’re not sure)
- Back up important, irreplaceable files somewhere offline (like an external hard drive or encrypted USB)
- Check for updates to your home machine’s anti-virus, operating system and other software
- Scan your home computer for signs of trouble with free computer security check-up tools, courtesy of Stay Safe Online
TAKING CONTROL OF PASSWORDS: CREATING SUPER-PASSWORDS
Last month we prematurely pondered a perpetual password perplexity: how do I create a long, complicated yet memorable password? Presently, we provide a proposition.
- Go Long: Many sites set a six or eight character minimum, but you can do better than that. Shoot for at least 12-15 . . . or even longer. Consider starting with a sentence or series of words that you’ll remember, and then . . .
- Cut Them Short: Don’t use full words - if you’re starting with that sentence or series of words, just use the first letter or two of each word
- Avoid Unspecial Specials: If there’s a special character requirement, avoid the most common ones: ! @ # $
- Keep the Kids Out of It: Don’t use common (or Facebook-available) info in your passwords, like your kids’ names and birthdays
(Loosely) Related Linkages
- Take a look at Network World’s list of 2016’s worst passwords
- This OUCH! Newsletter offers advice for using “passphrases” to build passwords.
- Speaking of phrases, Robin’s many exclamations would provide memorable passphrase fodder (But that’s not an official recommendation. Because, Merle.)
What's The Deal with Poor Ole' Merle?
Whenever UDit publishes any kind of password guidance, our system administrators immediately prohibit the use of “sample” or “example” passwords suggested therein. “MerleHaggard1troubador” fell victim to that fate after being suggested as an example by (none other than) our own Phish Commish several year back.
Similarly, you may have received Safe Computing post-it notes last year; the “Keep-1tS@fe” password on those is *also* blocked. As is “Lk,500mnkys!” (original usage unknown). As you might suspect, our system admins aren’t big fans of our clever, new password examples, but we appreciate their forbearance.
And now, as Paul Harvey would say, you know the rest of the story.
THE PHISH COMMISH SAYS: REAL PEOPLE DON'T EMAIL AT 3 A.M.
Sure, some people do. But probably not your boss with a legitimate request for a list of salaries or a bank transfer. The “when” matters. Our March phish training will employ tells based on Date/Time and Subject Red Flags. Here’s your cheat sheet:
And now, a recap of our February phish training. Below is the “Oops!” message that displayed if someone clicked the link in that shifty message from “FedExx.” It outlines the “tells” you might’ve noticed:
The campus “click-rate” (calculated by “link clicks,” not opening the message itself) was 13.3%. We know messages purporting to be from services we know, love and use are particularly tempting click-bait, but our Phish Commish was still a bit dismayed (he prefers to see us in the single-digits); his reaction can best be summed up thus:
But the Phish Commish will survive. And we shall go forth to confidently detect and conquer the March training phish.
SCAM OF THE MONTH: TO UNSUBSCRIBE OR NOT TO UNSUBSCRIBE
Looking to “spring clean” your inbox? We received an interesting question last week: “I've often been told that unsubscribing from email distribution lists actually elicits more unwanted email. Is this true?”
We’ve heard this, too. As the story goes, spammers include “unsubscribe” links to determine if the account is being actively used. If you click the link, they know they’ve got a “live one” and send you even more spam as a result. Tricky.
Spam (unlike phish) aren’t inherently dangerous - they’re basically the mosquitos of our email accounts - but clicking any unsolicited link could potentially land you in a (cyber)pickle. So here’s the scoop on “unsubscribing,” best we can tell (and thanks to The Spam Primer for the following info!):
If you didn’t sign up for an email list to begin with, there’s little reason to believe they’ll let you off the hook with their unsubscribe link. So ask yourself the following:
- Does the spam come from a real address? (i.e. email@example.com, not firstname.lastname@example.org)
- Does it come from the same address each time?
- Are the opt-out instructions the same every time?
These are all good indications that unsubscribing is a safe approach. But unsubscribing, when legit, should work the FIRST time you try it, so if it doesn’t, don’t keep trying. Just resign yourself to deleting those messages. Forever.
And if you *did* sign up for those emails but you’re now sick of seeing them? Take the time to unsubscribe rather than marking them as “spam,” which ends up punishing the company unnecessarily for trying to market responsibly.