Tips for

Password Security Tips

1. Do not write your password down and leave it near your computer
Writing your password on a 'sticky-note' and sticking it on your monitor makes it very easy for people who regularly steal passwords to obtain yours. Hiding it under your keyboard or mouse pad is not much better, as these are common hiding places for passwords. However if you must write something down, jot down a hint or clue that will help jog your memory or store the written password in a secure, locked place.


2. Be creative with your password
If you can't remember hard passwords no matter how hard you try, put your password in parenthesis. hurling38 is a weak password. (hurling38) is much better.
When you change your password, you should always change at least half of it and when you do, change the parentheses as well. Change the parentheses to asterisks, exclamation points or dollar signs. *sallyandbob39* is better than sallyandbob39, and !jimandbetty93! is better than jimandbetty93.


3. Use a password protected screen saver
Desktop computers should be locked, or logged off when the user steps away from the terminal. Password protecting the Windows screen saver is "locking" the desktop. To do this, right click on the desktop and go to "Properties"; select the "Screen Saver" tab; and check "On resume, password protect".


4. Keep your password secret
Your password is like your bank account PIN - if you give your PIN to someone else, your bank is unlikely to pay you back if it is used to steal from your account. Likewise, your company expects you to use your password to stop others misusing your computer account. If you share your password, you may be held responsible for what other people do with it. Check out IADT’s ICT Acceptable/Appropriate User Policy on IADT’s website for more information on your responsibilities here http://www.iadt.ie/en/Staff/ICTOffice/PoliciesProcedures/.
Below is a good article about percentage of users that would share their passwords:
http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci895483,00.html



Computer Desktop Security

5. Lock your workstation before you leave your desk
Did you know there are keyboard shortcuts other than CRTL+ALT+DEL that you can use to lock your desktop? This will prevent people from walking up and snooping on your computer. You can save a keystroke by simultaneously pressing the Windows key + L. The Windows key has four wavy squares on your keyboard.

Or, to make things even easier, create a desktop shortcut.

Right click any empty area of your desktop
1. Click New
2. Click Shortcut
3. Type in the following: rundll32.exe user32.dll, LockWorkStation
4. Click Next
5. Name your shortcut
6. Click Finish
Now it's as easy as a double click!


Email Security

6. E-mail is insecure by default because it is more like a postcard, not a sealed envelope
A number of people are under the misconception that when they draft and send e-mail, two things occur. Their message gets sealed in an envelope (that's why you have to open e-mail right?) and that it goes directly to the person it was sent to via internet magic. The truth is your e-mail is sent in plain text (i.e. readable by anyone who picks it up along the way) and is passed around the Internet with multiple stops until it reaches its destination. People with evil intentions can intercept your e-mail, read it or even alter it before it reaches your intended recipient.


7. Don't pass on chain messages or send warnings to everyone you know
Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don't pass them on — it is as simple as that. You may get messages from friends, warning you about a new virus, health scare, charity appeal or con trick. These are very likely to be hoaxes or just plain wrong. Be very suspicious of messages that ask you to pass them to "everyone you know". That leads to an endless chain of forwarded messages that go on long past any real or imagined threat. If it is really convincing, pass it to the ICT support desk (support@iadt.ie) for them to consider.


8. When Using Outlook - Use the Auto-Preview, not the Reading Pane
When you are using an older version of Outlook, or if you have managed to reset the security level for e-mails, then you may be at some risk for HTML script-based exploits. Auto-Preview displays the first three lines of the message, enough to identify whether the message is valid, and it displays faster. Here is how to use it.
Disable the Reading Pane and Enable Auto Preview:
a. Open Outlook.
b. Choose View -> Reading Pane -> Off
c. Choose View -> AutoPreview
d. Now you can see what is Junk, and which ones may have an HTML payload.
Alternatively email support@iadt.ie and request your Microsoft Office to be updated to Office 2010


9. Don't open email about Michael Jackson
When a major news event happens, cyber criminals send email with a subject line related to the event and include an attachment that is malware to infect your computer and make it part of a botnet for sending SPAM and conducting other illegal activities. You can see examples of these catchy subject lines at http://www.flickr.com/photos/panda_security/with/3256919391/.


10. Don't be duped by Internet Fraud
We all get offers that seem too good to be true. Whether they come by email or appear on web sites, they are often clever schemes designed to dupe the gullible. Don't be tricked by Internet Fraud. For more information see http://www.lookstoogoodtobetrue.com.


11. Don't fall for phishing schemes
Could you tell if an email message requesting personal information was legitimate? In most cases you can trust your instincts (if an email message looks suspicious, it probably is). However there are some messages that look like the real thing but aren't. If an email message contains any of the following phrases, there's a good chance it could be a phishing scheme.

1. We need to verify your account information.
2. If you don't respond immediately, your account will be cancelled.
3. Click the link below to update your information.
Take the following Phishing Quizzes and see how good you are at identifying phishing schemes:
· http://www.washingtonpost.com/wp-srv/technology/articles/phishingtest.html
· http://www.sonicwall.com/phishing/


Software Security

12. No such thing as a free lunch
A new round of bogus pop-ups offers to scan your computer for infections and vulnerabilities for free. Do not take the bait! By allowing this kind of scan, you may be giving Bad Guys access to your personal information.


13. Don't use unauthorized software
It may be tempting to use useful-looking software that you can get free on the Internet, but these tools may carry a hidden cost. Installing them may often cause other programs to stop working and it can take a long time for IT teams to track down the problem. More seriously, they can display unwanted ads, slow your PC down or make it less secure by letting the PC download more ads from the Internet. Most seriously, they can be infected by viruses or spyware that are intended to damage your PC or steal confidential information.


Shared Computer or Internet Café usage

14. If you access the Internet from a shared computer, make sure you don't leave anything behind
Being able to access the Internet from different locations — the library, a computer lab (in IADT and other educational institutes), an Internet cafe — is a great convenience, but it can also pose a security risk to personal information. If you do access the Internet from a shared computer, here are a few things you need to remember.
a. Don't check the "remember my password" box.
b. When you're done, make sure you log off completely by clicking the "log off" button before you walk away.
c. If possible, clear the browser cache and history.
d. Never leave the computer unattended while you're logged in.
e. Trash all documents you used, and empty the recycle bin.

Mobile Phone Security

15. Know your IMEI?
Did you know there is a unique serial number that identifies each mobile phone? Press *#06# on your phone's keypad, and it will display a 15 digit number. Make a record of that number, it is your International Mobile Equipment Identity (IMEI) number; and, if the phone is lost or stolen, the phone can be identified even if a new SIM card is added. Your provider can also block others from using the phone on their network and other with-in the EU, which could help protect you against expensive 1550 phone calls and similar mischief.


16. Password protect your mobile phone
By setting a password on your mobile phone you give yourself an extra level of security in the case where the phone is stolen, prevent snooping from a colleague or keep the kids away from ringing their friend in Australia or texting those reality TV shows. With the advancements in smart phones your emails maybe accessible, family photos and other data you really don’t want anyone accessing.


17. Don't give away your data when you give away your handheld device
Be careful before you resell or give away your handheld devices like iPhones and BlackBerrys. The new owner can uncover data. At a minimum, figure out how to reset it to the factory standard. Refer to your manual or call the manufacturer. For more information on deleting data: http://www.informit.com/guides/content.asp?g=security&seqNum=234&rl=1



* Most of the above information and tips was gleaned from The SANS Institute, an information security company. http://www.sans.org/about/sans.php