Published October 14, 2016
If you’re wondering how you can keep your devices and personal information safe while online, look no further than UBIT's new Safe Computing section.
Here, you’ll find everything you need to know about avoiding email scams, keeping your password safe, protecting your devices and reporting security concerns, like hacking and phishing attempts.
Until now, it wasn’t always easy to find useful information about IT safety at UB. UB’s Information Security Office was contacted again and again by students and faculty asking many of the same questions. That’s why the new Safe Computing section answers all of these questions in a logical, easy-access layout.
One of the main ideas addressed in the new section is how to report a security concern. If your email has been barraged with phishing attempts, you’ll want to contact the Information Security Office at email@example.com. As indicated in these instructions for reporting a phishing attempt, it’s essential that you forward the original phishing message with the email header information inserted at the top.
"It's not enough to simply forward the suspicious email," says Dr. Catherine Ullman, Senior Information Security Analyst. "That only shows us who sent the message in theory. But how do we know if it really came from them? Think of it like a physical letter you get in the mail. I can put any ‘from’ address in the universe on that envelope. Email works the same way."
The only way that security analysts can know for sure who sent an email is to look at the header information. Steps for displaying message headers in a variety of email services are included in these instructions.
"Those email headers tell us exactly where it came from," says Dr. Ullman. "They actually show us the machine that sent the email." With this information, security analysts can determine whether the email account has been hacked.
It's important to note that the Information Security Office handles only security issues like phishing attempts and hacked accounts, not social media offenses like cyberbullying. To report cyberbullying, you should contact University Police.
Also emphasized in the new Safe Computing section are the dangers of UBITName password theft.
"The theft of your UBITName and password can now put your social security number at risk," said Dr. Ullman. "If someone has your UBIT information, they can log in into your HUB account and see your social security number in clear text. If you’re a faculty or staff member and you set up NYS Payroll Online, your UBIT info can give someone access to your W2 form."
With this personal information, malicious individuals can defraud the government under your name, take out loans and credit cards, fraudulently file your income taxes and falsify documents, like passports. Other risks include identity theft, access of sensitive or confidential data, unauthorized adding or dropping of courses in your HUB account, as well as the possibility that spam could be sent from your email address.
So how can you keep your password safe? The first step is making sure your password is tough to crack.
"With the rise of more sophisticated password-cracking techniques, the thinking on passwords has changed," Dr. Ullman added. "Length is key now. You want your password to be more like a passphrase."
Since a passphrase contains a larger and more complex combination of characters than does a single word, it’s much more difficult for malicious individuals to guess. If your password is short or simple, it’s best to change it to something more substantial as soon as possible. To change your password, just follow these steps.
The month of October, recognized nationally as Cyber Security Awareness Month,is rapidly approaching. To bring attention to the importance of cyber security, UB’s Information Security Office will be hosting a local awareness event on Friday October 14, 2016, from noon to 2 p.m. in the Ellicott Food Court on UB’s North Campus.
Casey Riordan Millard’s "Shark Girl"—a sculpture that has become an artistic fixture of Buffalo’s Canalside—will appear as an ambassador for the anti-phishing message: "don’t get hooked." Prizes will be given away, and the event is sure to be an enjoyable and educational experience for all who attend!