Skip to main content

Passwords, WiFi, Malware

IT Security

A strong password is your first line of defense when protecting your information. It is important to develop a password that is easy for you to remember, but not easy for someone else to guess. Developing a good password takes some thought. Reivew the tips and guidance on how to strengthen your passwords published by the Cybersecurity & Infrastructure Security Agency (CISA) here.

In addition to a strong password, MC requires Two-Factor Authentication (2FA) as an added layer of security to protect accounts. For tips and FAQS, visit the 2FA website to learn more.

Standards for a strong password:

  • MyMC minimum requirement is eight characters in length however, the longer it is, the stronger it is
  • Contains numeric characters alternating with alphabetic characters
  • Includes symbols such as: !, @, (, $, %, ^, &, *, ) and # whenever the site or system allows
  • Contains both upper and lowercase letters in alternating format
  • Does not contain any portion of your name, address, date of birth, SSN, login ID, nickname, family member names, pet name, or sports team name 
  • Avoids reference to the work place or work responsibilities such as “college1”, “Rockville”, “pa$$word”, or “c0mputer”
  • A passphrase helps create strong, easy to remember passwords

An easy way to create a strong password is to use an easy to remember passphrase of 4 - 7 unrelated words.

Example:
Phrase: MooseBlueCoverWalkHayRock

Note: You can use spaces before or between words to help strengthen the password.

Guidelines for keeping passwords safe:

  • Use a different password for every account
  • Use a Password Manager – it is hard to remember all these passwords!
  • Never reveal or share your password
  • Never write passwords down or conceal them near a workstation
  • Change passwords periodically (at least every six months) and never reuse
  • Change passwords immediately and contact the IT Service Desk if an account or password is suspected to have been compromised

When you are on the move and using a WiFi hotspot provided in a coffee shop, bookstore, campus, or airport you need to be wary of hackers waiting to access your network or steal your information. Most public WiFi hotspots do not provide security protection for their users. Here are some ideas to make those hotspots safer:

Hackers are able to capture network traffic with little effort and chance of being caught. Make sure that sensitive data is encrypted during transport and not sent in clear-text. Only submit your credit card and other personal information to secure websites.  How do you tell if your communications are protected (encrypted)?  Web browsers use various methods to notify the user that the connection is secure such as:

  • changing http:// to https:// by adding an “s”
  • displaying a gold lock symbol
  • changing the color of the address bar
  • notifying the user that the browser session is encrypted
  • displaying a browser alert message when a site’s security certification is invalid

Configure your laptop to allow only connections to approved access points.

  • Disable Automatic Wireless connections
  • Verify that you are connecting to the appropriate SSID
  • Disable ad-hoc capability which allows other wireless users to connect directly to your laptop
  • Disable your wireless card when not in use

Disable File and Printer Sharing to prevent disclosure of your shared files and to reduce the chances of your computer being compromised.

Use a personal firewall.

Use anti-virus and anti-spyware protection software.

MALWARE

There are simple steps that you can take at work and at home to ward off virus, spyware, and other malware attacks:

  • While at work, do not open an e-mail from someone you don’t recognize.
  • Be very cautious with any e-mail attachment.
  • Be careful what you download.
  • Make sure you have Anti-Virus software.
  • Keep your Anti-Virus software and firewall up to date. 

SCAREWARE

Scareware is another type of malware that has caught even experienced IT professionals off guard. The user might notice a pop-up appearing while browsing the Internet. The pop-up will indicate that a virus or other type of malware problem has been detected on the user’s PC and ask if the user wants to fix or remove the problem. Unfortunately, when the user responds, what may actually occur is that an executable virus is installed on the computer. With the virus install complete, the next step is for the offending software company whose software provided the virus to offer a solution for the virus but at a price to the user.

Once active on a computer, scareware can block attempts to update Windows or anti-virus software, prevent an anti-virus software scan, or automatically hijack a web browser. Scareware is also very difficult to remove, often immune to file deletion measures causing the user to have to reformat the computer’s hard drive (s) and reinstall an operating system and other applications.

Although not foolproof, the following measures can help to protect against a scareware attack.

  • Keep the computer’s Windows software updated
  • Use legitimate anti-virus and anti-spyware software and keep them updated
  • Don’t automatically click on an unfamiliar or suspicious pop-up. Think before you click!
  • Remove any suspicious pop-up by right-clicking on the item in the task bar at the bottom of the screen and selecting “Close” or by manually exiting the browser session using Ctrl-Alt-Delete. Avoid clicking on the exit symbol in the upper right hand corner of the pop-up.

SPYWARE

Spyware is software that collects information from your computer as you use the Internet to visit websites. Spyware is automatically downloaded on to your computer when you visit some websites and used to track your internet activity. Spyware is known to hide in free software downloads and is sometimes known to carry viruses. You might even freely agree to accept commercial spyware when you agree to the end-user license agreement of a new downloaded program or game. What are symptoms of a spyware-laden computer?

  • A barrage of pop-ups
  • A hijacked browser – you type in an address and the browser takes you somewhere else
  • New or unexpected toolbars or icons
  • Sluggish system performance

Install anti-spyware software to ward off this threat.