University Times

Be safe out there

We depend on technology at work and enjoy the benefits of technology in our private lives. The majority of young people in the United States own some kind of mobile device, and the number of computers owned by a given family has increased from one to five over the past 10 years. Unfortunately, this proliferation of technology has been accompanied by increases in malicious software such as spyware and viruses.

Last month alone, the Postini service — the University’s initial line of malware defense — blocked more than 293,000 malware attempts on Pitt email accounts.

Malicious software (or ‘malware’) is installed on your devices through devious means. The most common methods compromise your computer when you open an infected email attachment that promises something too good to be true or you make a regular visit to an infected web site.

Mobile malware is a threat, too. This malware gets onto your smartphone or tablet when you install a “fake” application that looks real but infects your mobile device.

In the face of all this, what can you do to protect yourself and secure your computer and mobile devices?

Secure your data: A checklist

Awareness and adherence to the basic steps below will keep your devices reasonably secure. The “Secure Your Data” resource in My Pitt (my.pitt.edu) provides several additional steps to keep your technology even more secure.

If you have more specialized security needs or want help with any of the steps here, call the technology help desk (412/624-HELP or 4357) for assistance.

• Install Symantec Endpoint Protection on your computer and laptop.

A good antivirus/anti-malware product will protect your computer against most viruses and malware.

CSSD provides Symantec Endpoint Protection at no cost to all students, faculty and staff for Windows and Macintosh operating systems. Download it through the Software Download Service resource at My Pitt.

You should ensure that the “live update” feature is configured for daily updates.

• Update, update, update.

Use a current version of your computer’s or device’s operating system and configure that operating system to take advantage of security measures such as automatic security updates and the internal firewall.

Vendors typically do not provide security patches for older versions of the operating systems, making those older systems more vulnerable.

• Choose and use strong passwords.

Don’t use the same password on your Pitt account that you use on other web sites or email accounts. (Google “Honan epic hack” if you want to know why.)

CSSD will remind you to change your Pitt account password twice per year, but you’re safer if you change your password(s) more frequently. If you ever think there’s even a slight chance that an account has been compromised, change your password.

Protect your smartphone, tablet, laptop and other devices with the passcode feature on that device. It takes just two seconds for you to tap in that passcode, saving you hours of grief if someone picks up your device and accesses all the private information you have stored on it.

Strong passwords are, first and foremost, private. You can keep them private while keeping track of what they are with KeePass, a free digital “safe” for your passwords. Links to Windows, Mac and Linux versions of KeePass are available through the Software Download Service at My Pitt. MiniKeePass is available for iOS devices.

• Get aggressive: Adjust your spam and virus settings.

Reduce email spam and viruses in your Pitt account by adjusting your spam and virus settings.

Log in to my.pitt.edu and click on the “Spam/Virus Message Center Login” link in the right column. Once you’re in your Spam/Virus Message Center, go to your settings and make sure that they’re set at the “strict” or “aggressive” levels. This will help prevent email viruses, phishing scams and spam.

The graph below shows the number of malware messages that the University’s filtering service has blocked from Pitt email accounts this year.

• Use SecureZip.

Protect data on your portable devices with SecureZip, which provides high level data encryption and file compression. It also has viewers for the Android and iOS operating systems, allowing you to view encrypted files on your mobile devices.

SecureZip is available for download free to Pitt faculty, staff and students through the Software Download Service at My Pitt.

• Avoid suspicious web sites, even when they don’t look suspicious.

Hackers are attacking legitimate public web sites and placing malware on them. Recently, for instance, NBC was hacked; malware was distributed via the NBC web site to several hundred users before it was detected and removed.

If you notice anything that seems even a little bit off when you visit a site, close your browser and run a full scan with Symantec. You can also call the technology help desk at any time, any day, for guidance.

• Keep your laptop secure.

CSSD can install PGP Whole Disk encryption software on faculty and staff laptops.  Your hard disk will be encrypted, and if the laptop is lost or stolen, you won’t need to worry about whether sensitive data has gotten into the wrong hands.

Computrace Plus also can be installed on faculty and staff laptops, and this will greatly increase the likelihood that the police can find your laptop and return it to you should it be lost or stolen. (A different product, Computrace Lojack, is available for students.)

Call the technology help desk to schedule an appointment with a consultant to install these for you. The consultant will come to your office at your convenience.

There are many other things you can do to secure your computers and mobile devices, but adherence to these steps gives you a strong security foundation and leaves you much less vulnerable.

More information and additional tools are available at technology.pitt.edu (select Security from the left column) and in the “Secure Your Data” resource in My Pitt.

Sean Sweeney is the University’s security information officer.

Number of malware messages blocked by the University’s filtering service (Postini) from Pitt email accounts in the past 12 months