Ways To Prevent IT Abuse
You can take specific actions to protect yourself from Internet and email abuse. Please review the suggestions below.
Safeguard Your Password
Protecting your password is the single most important thing you can do to secure your computer account. Most people are careful to protect the PIN numbers for their ATM and credit cards. Your computer account deserves the same level of protection.
Here are a few tips for protecting your password:
- Select a password that's difficult to guess. You might use a simple sentence to create a password. For example, "This is too much fun for me!" might translate into the password "Ti2mf4m!" Don't use your pet's name, a loved one's name, your birthday, a formula from class, or anything else someone might easily guess. Review the guidelines on choosing strong passwords.
- Never write down your password, but if you must, never write it down on a sticky-note next to the computer. Choose a password you can remember.
- Never send your password to anyone over e-mail. University officials never ask users to send passwords over e-mail. No reputable organization or institution will ask you to do this. Each year hackers impersonate "Computer Center" officials in attempts to trick people into revealing their login information and passwords. If you receive one of these e-mails, report it immediately to the IT Abuse Team.
- Occasionally change your password to something completely different. Do this on a regular schedule if you can.
- Don't configure your computer to enter your password(s) automatically when the computer is turned on. A roommate or someone else with access to your computer might take advantage of your computer account. Your roommate might be trustworthy, but his/her friends may not be.
Be aware of phishing messages, which are unsolicited e-mail messages appearing to come from a legitimate company that ask for your login and password and/or other personally identifiable information (PII). A typical phishing e-mail gives you a phony reason, such as a security breach, survey, or contest, to trick you into providing your personal information.
Spear phishing is targeted phishing in which the messages are directed to a specific organization or group; e.g., staff, student groups, etc. Spear phishing messages appear to come from a trusted source, like the IT department or human resources.
If you think the information in the phishing or spear phishing email is important or otherwise useful, verify the information independently. No reputable financial institution will ask you to submit your login, password, or credit card information through email or a link in email. If you receive an email that appears to be from your bank or credit card company, call the 800-number on the back of your bank or credit card and verify.
If you have a question about a phishing message that you receive, send a copy of the message with full headers to firstname.lastname@example.org, and ask the IT Abuse Team to help you determine if the information provided in the message is legitimate.
Do not reply to the sender, or click on any links in these messages. Do not open any attachments, as they may contain viruses or other malware. You might also check the Security Alerts and Warnings page to see if the message has been reported.
Never "Share" Accounts
Do not let anyone, even a trusted friend or family member, use your computer account. Remember that under University policies, the owner of a computer account is responsible for the use of that account.
Beware "Shoulder Surfers"
In public computing environments -- computer labs, classrooms or an office workstation -- stay alert for "shoulder surfers" whenever you must enter in a password. If someone is helping you with a problem, ask them to look the other way while you enter your password into the computer. Stay alert in public computing facilities, and remember to protect your password!
Sign-off Before Leaving a Workstation Unattended
In public computing environments, always sign-off/log-off of your computer account(s) before you leave the workstation unattended. You may only be gone for five or ten minutes, but during this break someone could sit down at your workstation, and use your account. They could even change your password while you're gone, and you wouldn't know until the next time you tried to access your account.
Make Backup Copies of Important Data
You should routinely make back-up copies of all your important work. Having a secure back-up minimizes the impact of a hardware/software problem, as well as the damage caused by Internet abuse.
Use Virus Protection Software
The spread of computer viruses are a common problem on most college campuses. Regularly update virus protection software on your personal computer and schedule scans. Scan also any computer files you receive on disk or through email. Even if you trust the source, it will not hurt to check for viruses or malware. Never start a program if you don't know where it came from, or who sent it to you.
Be Smart about E-Relationships
Computer-mediated communication is one of the most exciting aspects of interacting in cyberspace, but remember this is not like any other form of communication. The people you meet online through social networking websites, gaming environments, or other virtual locations don't always tell the truth about their real identity. Be careful about revealing any personal information to the faceless people you meet on the Internet. Remember, too, that cultural values can unintentionally clash in this environment; for example, what one person considers polite, another may take as an indication for a more intimate relationship. Note that playing online games or clicking on links in social networking sites can also put your personal information at risk. Review the tips on social media safety.
Think Twice Before Taking Action
Always think twice before you take any action someone else might consider to be abuse of the Internet and/or University computing resources. Remember that electronic communication doesn't include the non-verbal signals we take for granted in face-to-face conversations. An e-mail or social networking message may not be understood the way you intended. If you're angry or upset, sending anonymous threats, forged messages, or cyber-bullying, to name a few, are not appropriate responses. These acts are violations of University policies. What starts out as a "harmless" prank may turn out to be more serious than you realize, so think twice before you act.
Report Unusual/Suspicious Activity
Even if you take all precautions, your account may still become involved in an IT-abuse situation. If you begin receiving unusual messages from complete strangers, or if you notice changes to your web pages you don't remember making, or any other suspicious activity, don't hesitate to call the UVa Help Desk or send an email message to the IT-Abuse Team.
Be Aware of Your Responsibilities
Be aware of your responsibilities within the U.Va. community, especially the information in Information Security: A Handbook for Students or Information Security: A Handbook for Faculty and Staff. You may want to re-take the Information Security Awareness Training to help you understand what is expected.