Skip to main content

Passwords, Wifi, Malware

IT Security

A strong password is your first line of defense when protecting your information. It is important to develop a password that is easy for you to remember, but not easy for someone else to guess. Developing a good password takes some thought. Do you have a strong password?
All employees are invited to register for Two-Factor Authentication (2FA) to increase their privacy and security. This added layer of security will help decrease account compromises and identity theft, and provide real-time alerts for password protection. Visit the 2FA website to learn more.

Standards for a strong password:

  • At least eight characters in length – the longer it is, the stronger it is
  • Contains numeric characters alternating with alphabetic characters
  • Includes symbols such as: !, @, (, $, %, ^, &, *, ) and # whenever the site or system allows
  • ! might serve as an l and $ might serve as an S
  • Contains both upper and lowercase letters in alternating format
  • Does not contain any portion of your name, address, date of birth, SSN, login ID, nickname, family member names, pet name, sports team name or word that appears in a dictionary spelled forward or backward
  • Avoids reference to the work place or work responsibilities such as “college1”, “Rockville”, “pa$$word”, or “c0mputer”
  • A pass phrase helps create strong, easy to remember passwords

An easy way to create a strong password is to use an easy to remember phrase that is important to you. This phrase can be from a movie, book, song or a saying.
Make sure it is not so important that it is easy to associate with you.

Examples:

Phrase: One day I hope to be a millionaire!
Password: 1DiH2BaM!

Phrase: When angry, count to ten; when happy, whistle!
Password: wAct10;wHw!

Notice that we use the first letter of every word and convert the letters by substituting numbers, lower and upper case and special characters. Make sure it is more than eight characters long.

Guidelines for keeping passwords safe:

  • Never reveal or share your password.
  • Never write passwords down or conceal them near a workstation.
  • Change passwords periodically (at least every six months) and never reuse.
  • Use unique passwords for every account – especially the important ones!
  • Change passwords immediately if an account or password is suspected to have been compromised.
  • Do not save passwords in your browser no matter how convenient.

When you are on the move and using a Wi-Fi hotspot provided in a coffee shop, bookstore, campus, or airport you need to be wary of hackers waiting to access your network or steal your information. Most public Wi-Fi hotspots do not provide security protection for their users. Here are some ideas to make those hotspots safer:

Hackers are able to capture network traffic with little effort and chance of being caught. Make sure that sensitive data is encrypted during transport and not sent in clear-text. Only submit your credit card and other personal information to secure websites.  How do you tell if your communications are protected (encrypted)?  Web browsers use various methods to notify the user that the connection is secure such as:

  • changing http:// to https:// by adding an “s”
  • displaying a gold lock symbol
  • changing the color of the address bar
  • notifying the user that the browser session is encrypted
  • displaying a browser alert message when a site’s security certification is invalid

Configure your laptop to allow only connections to approved access points.

  • Disable Automatic Wireless connections
  • Verify that you are connecting to the appropriate SSID
  • Disable ad-hoc capability which allows other wireless users to connect directly to your laptop
  • Disable your wireless card when not in use

Disable File and Printer Sharing to prevent disclosure of your shared files and to reduce the chances of your computer being compromised.

Use a personal firewall.

Use anti-virus and anti-spyware protection software.

MALWARE

There are simple steps that you can take at work and at home to ward off virus, spyware, and other malware attacks:

  • While at work, do not open an e-mail from someone you don’t recognize.
  • Be very cautious with any e-mail attachment.
  • Be careful what you download.
  • Make sure you have Anti-Virus software.
  • Keep your Anti-Virus software and firewall up to date. 

SCAREWARE

Scareware is another type of malware that has caught even experienced IT professionals off guard. The user might notice a pop-up appearing while browsing the Internet. The pop-up will indicate that a virus or other type of malware problem has been detected on the user’s PC and ask if the user wants to fix or remove the problem. Unfortunately, when the user responds, what may actually occur is that an executable virus is installed on the computer. With the virus install complete, the next step is for the offending software company whose software provided the virus to offer a solution for the virus but at a price to the user.

Once active on a computer, scareware can block attempts to update Windows or anti-virus software, prevent an anti-virus software scan, or automatically hijack a web browser. Scareware is also very difficult to remove, often immune to file deletion measures causing the user to have to reformat the computer’s hard drive (s) and reinstall an operating system and other applications.

Although not foolproof, the following measures can help to protect against a scareware attack.

  • Keep the computer’s Windows software updated
  • Use legitimate anti-virus and anti-spyware software and keep them updated
  • Don’t automatically click on an unfamiliar or suspicious pop-up. Think before you click!
  • Remove any suspicious pop-up by right-clicking on the item in the task bar at the bottom of the screen and selecting “Close” or by manually exiting the browser session using Ctrl-Alt-Delete. Avoid clicking on the exit symbol in the upper right hand corner of the pop-up.

SPYWARE

Spyware is software that collects information from your computer as you use the Internet to visit websites. Spyware is automatically downloaded on to your computer when you visit some websites and used to track your internet activity. Spyware is known to hide in free software downloads and is sometimes known to carry viruses. You might even freely agree to accept commercial spyware when you agree to the end-user license agreement of a new downloaded program or game. What are symptoms of a spyware-laden computer?

  • A barrage of pop-ups
  • A hijacked browser – you type in an address and the browser takes you somewhere else
  • New or unexpected toolbars or icons
  • Sluggish system performance

Install anti-spyware software to ward off this threat.

The Office of Information Technology (OIT) will perform critical system updates to the Virtual Private Network (VPN) servers on Sunday, August 1, 2021, 10:00 p.m. - 11:00 p.m.

What this means for you: 

• During this update period, limited VPN access will be available, with one server up at time. If you are not able to gain access on VPN01, try VPN02 and vice-versa.
• After the upgrade, at first VPN connection attempt, VPN users will be prompted to update their VPN F5 BigIP Edge client, or if using a Web browser to connect, the VPN components.

Follow the VPN guide (PDF, Get Adobe Acrobat PDF Reader.-Link opens in new window.) to complete the update.

©