IT Security Tips

If someone steals and uses your personal information, take these three steps as soon as possible:

1. Report a fraud alert
   Place a fraud alert with the credit reporting companies.
   
   
2. Monitor your credit reports
   Get your free credit reports from all 3 major credit reporting companies.
   
   
3. Create an Identity Theft Report
   You can create an Identity Theft Report by filing a complaint with the Federal Trade Commission and your local police department.

Then, you can begin to repair the damage.

To make sure the identity theft didn't come from your personal account or computer:

1. Change all your passwords
   For help selecting a strong password, visit http://auburn.edu/oit/passwords.
   
   
2. Contact the OIT HelpDesk
   OIT can monitor your university account for suspicious activity.
   
   
3. Scan your system for viruses and malware

Basic system maintenance is essential to keeping your computer and other personal devices free from vulnerability attacks.

1. Update your operating system
   Every operating system (ex. Windows, Mac, Android, iOS, Linux, etc.) provides updates and security patches.
   
   
2. Update your software
   Most software applications provide patches and upgrades.
   
   
3. Install anti-virus software and anti-malware software
   
   
4. Back-up your system regularly
   One Drive, TSM, Dropbox, and external hard-drives are all good options where you can save back-ups of your data.
   
   
5. If your system has a firewall, turn it on

Ironically, one of the more overlooked steps of mobile data security is being physically in control of your mobile devices (smartphones, laptops, tablets, USB drives). Don't leave these devices unattended for even a minute. Here are some other tips you should consider:

1. Lock your device
   Use a secure password and enable a screen lock.
   
   
2. Encrypt your device
   Android and iOS have this feature built-in but it must be turned on. Portable devices such as USB drives and external hard-drives should also be encrypted and secured.
   
   
3. Use a VPN
   Avoid public wireless networks (Wi-Fi) or at least use a VPN to secure the data transmissions.
   
   
4. Secure your home wireless network
   Set both an admin password and a user password on your home wireless network. If not, other could snoop on your network and sniff out your passwords.
   
   
5. Act quickly for lost or stolen devices
   In case you lose your device or it was stolen, you may want to remotely wipe your device:
   1. Login to TigerMail online and go to Options > See All Options > Phone and select your device.
   2. Choose Wipe Device.
   3. Wait ten minutes, then contact your wireless provider to disable the phone.
      If you were using your phone to check any email account via IMAP, change your password for that account. This will not remove the existing email from the phone, but it will prevent future nefarious usage of the account(s).

Online communities such as Facebook and Twitter ask you for a username, email address, and password when you sign up. You may also be asked for more personal information, such as your birth date, occupation, home and work addresses, phone numbers, gender, marital status, and so on. Websites want personal information because it helps them build communities and enables them to provide advertisers with demographic information about their members, but whether to share those details is your decision. 

The more personal information you reveal online, the more vulnerable you are to scams, spam, and identity theft.

1. Be a minimalist
   When signing up for free accounts, give only the required pieces of information.
   
   
2. Look before you post
   Before you sign up with a social networking community, read the privacy policy. It may be really boring reading, but you need to find out how the site will use your personal info you supply when you sign up.
   
   
3. Don't go public
   Many sites enable you to control who can see and comment on your profile.
   
   
4. Think long-term
   Once something is online, you can never really delete it.
   
   
5. Stay alert
   As you get to know more people online, you may begin to share information casually. Scammers count on that false security to gather personal information that can help them commit fraud or steal your identity. Continue to use common sense as you make online friends. Listen to your instincts about people.

Don't be a victim.

1. Share your experiences after you return
   If you post about how much you're enjoying your European vacation, criminals know your house and personal belonging are probably unattended.
   
   
2. Don't accept friend requests from strangers
   Does this really need to be said? Probably since you were able to talk adults have told you, "Don't talk to strangers." The same thing applies online.
   
   
3. Never rush to meet someone you met online
   Even if you've met them on a reputable site and they seem trustworthy, be suspicious if they're pushy about wanting to meet you in person.  Make sure to talk on the phone before meeting, meet in a public place, and bring a friend.

A phishing scam is when someone attempts to acquire your personal information by pretending to be a trustworthy entity in an electronic communication. Did you know every day 80,000 people fall for a phishing scam and voluntarily give away their personal information to a criminal. Learn these phishing warning signs so you're not one of those:

1. Non-personalized greeting
   Phishing messages usually do not address you by name, but use a generic greeting, such as "Dear User" or "Dear Customer."
   
   
2. Urgent/Threatening language
   Threatening language such as "Your access will be revoked if you do not..." or "Your account will be terminated if you do not..." is often used to elicit a response from you.
   
   
3. URLs don’t match and are not secure
   If an email has a link, be cautious. If you're not on a touch device, hover over the link with your mouse. Does the URL displayed match what you're expecting? Never log into a website that's not secure -- look for "https://."
   
   
4. Poor grammar/misspellings
   The largest propagators of phishing attacks are from Russia and China where English is not their first language. Use this to your advantage by spotting poor grammar and misspellings as a red flag.
   
   
5. Subject matter does not relate
   For example, if you don't bank at Wells Fargo, don't fall for a phishing message "from" Wells Fargo.
   
   
6. Request for personal information
   The telltale sign of a phishing message is the request for personal information. Legitimate institutions should never ask for your personal information via email.

Learn more about phishing at http://www.auburn.edu/oit/phishing.

Additional training is always a good idea. On the Students and Employees sections of the OIT website is a "Security Center" section that breaks down some of the topics mentioned above. Another valuable resource is SANS: Securing the Human.