Skip to Navigation
University of Pittsburgh
Print This Page Print this pages

October 23, 2014

Technology Corner: Don’t make it easy for the bad guys

techCorner

This month, FBI Director James Comey was asked if Americans understood the dangers posed by cybercrime in the United States. “I don’t think so,” he replied. “I think there is something about sitting in front of your own computer … that makes it hard to understand the danger.

“The Internet is the most dangerous ‘parking lot’ imaginable. If you were crossing a mall parking lot late at night, your entire sense of danger would be heightened. (Yet) folks are wandering around that proverbial parking lot of the Internet all day long without giving it a thought. And that makes it easy for the bad guys.”

October is National Cyber Security Awareness Month, a good opportunity to review common-sense practices for walking across that dangerous parking lot of the Internet.

Passwords

Would you walk to your car at night with a wad of bills in your hand? Protect your passwords the way you’d protect your money.

Password protection starts with simple steps:

• Use strong passwords of 8-16 characters (letters, numbers and special symbols). Passphrases make a strong password easier to remember: “My grandmother baked the best pumpkin pie” becomes “mgbtbp314!”

• Use a different password for each site/service, and keep track of them with free security apps like KeePass. (KeePass, available through My Pitt’s Software Download Service, also can generate strong passwords for you.)

• Change your passwords often (at least twice a year).

• Never share your password. Don’t share with friends, family or someone who purports to be tech support.

Walk away from phishing scams

Let’s say you’re walking alone at night; someone pulls up next to you and asks for the time. Even if the question is asked with a smile, you’d walk away, right?

Walk away from the Internet equivalent: phishing scams. Phishing scams use fake emails and/or websites to trick you into divulging personal information.

Be suspicious of emails that request personal information, contain spelling and grammar errors, ask you to complete an action (e.g., click on a link or download an attachment), or are from a site or company you do not do business with.

The University will never ask you to divulge your password, nor will any other legitimate organization. Don’t be fooled by an email purporting to be from Pitt and asking for password information, even if the phishing effort includes official-looking logos or images.

If an email looks “phishy,” don’t click on links, open attachments or provide personal information. Instead, if you receive the message in your personal account, just delete it. If the message comes to your Pitt account, please forward it to the help desk (helpdesk@pitt.edu).

As CSSD becomes aware of phishing scams affecting University accounts, we post notices on technology.pitt.edu to help you keep tabs on what’s out there.

Social media awareness: The bad guys are on Facebook, too

The more information you post on your social media accounts, the easier it is for a hacker or someone else to use that information to steal your identity, access your data or commit other crimes, such as stalking.

Be careful when sharing any personal information on social networking sites. Learn about and use privacy and security settings on your account.

Sometimes it makes sense to go your own way in this particular parking lot. Did a friend post something asking you to “click here” to see something amazing? Resist the urge. Malware loves social media clickers.

Malware removal and prevention

Antivirus software is not a magic bullet, but it still offers you an important layer of protection. Consider it the “pepper spray” for your time on the Internet.

Use Symantec Endpoint Protection (SEP) and Malwarebytes in tandem to guard against harmful software. Both are available at no cost to Pitt faculty, staff and students through the Software Download Service at my.pitt.edu. Please download and install them on all of your computers, at home and at the office.

Malware can arrive in a cute or seemingly harmless package, so never plug an unknown device — a free USB key, for instance — into your computer. If you use USBs or other external devices for file storage, use SEP or Malwarebytes to scan them when you plug them into your computer.

Device protection

Would you walk through that unlighted mall parking lot with your sleek new laptop hanging out of your unzipped backpack?

I didn’t think so.

Take basic precautions to protect your devices. Start by locking your smartphone or tablet with a passcode.

Never leave your devices unattended in public areas like the library, the Cathedral, a coffee shop or your car. Enable the Find My Phone function on your mobile devices. Install or activate the appropriate tracking programs for your laptop and mobile. Faculty and staff members can call the help desk to have Computrace-Plus installed on their laptops to help police recover stolen or lost computers. (Students can get the same protection with Computrace LoJack, at no cost.)

You can protect your devices from the inside, too. All software has “bugs” or flaws; sometimes the bugs are security flaws, which can allow hackers to attack your computer or steal data. Protect yourself by keeping your computers and mobile devices up to date with patches. Installing the latest updates for applications such as Adobe and Java also will help keep you secure.

“Just because you’re paranoid doesn’t mean they’re not after you.”

The reported incidents of cybercrime increase every day, yet, as FBI Director Comey points out, most people don’t understand the dangers or take them seriously.

If you don’t take basic precautions against cybercrime, you’re not safe.

A reasonable dose of paranoia is healthy when it comes to using technology. Please protect yourself.

Sean Sweeney is the University’s information security officer. He can be reached at 412/624-5595 or sweeney2@pitt.edu.