Information Security Awareness

IT Security

Agenda

Recognizing Confidential Information

Protecting Yourself

Your Password

Recognizing Secure Websites

Email Security

Phishing

Protect Your Computer

Antivirus

Software Updates

Virtual Private Network

Useful Links

Recognizing Confidential Information

Create Strong, Memorable Passwords

1. Think of a sentence you can remember

“My son Aiden is three years old.”

2. Does the system allow passphrases?

3. Convert phrase to password

“msaityo”

4. Add complexity

“My SoN Ayd3N is 3 yeeRs old”

“MsAy3yo”

5. Substitute some special characters

“MySoN 8N i$ 3 yeeR$ old”

“M$8ni3y0”

Password Strategies to Avoid

Avoid sequences or repeated characters

“12345678”, “222222”, “abcdefg”, “asdfjkl;”

Avoid using only look-alike substitutions of numbers or

symbols

“M1cr0$0ft”, “P@ssw0rd”

Do not use your login name

Avoid dictionary words in any language

Avoid using the same password everywhere

Sticky notes under the keyboard (or elsewhere)

Keep Your

Password Secret

Do not reveal to others

Protect any recorded

passwords

NEVER provide your

password over e-mail or

based on an e-mail request

Change your passwords at least once a semester

Do not type passwords on

computers that you do not

control (trust)

Only enter passwords into

secure sites

Recognizing Secure Websites

https://

Yellow lock in location or status bars

Blue or green location bar

Firefox Examples

Internet Explorer Examples

Email Security

Most email communication within Bowdoin (a „bowdoin.edu‟ address) is secure

Any message forwarded or sent outside of Bowdoin is 100% insecure** – think of it like a posting on a bulletin board

Do not automatically forward your mail to an outside email account

Be wary of who you forward or send email to within Bowdoin – they may forward mail outside of Bowdoin

** Encryption may be used to secure some communications

Email Security (2)

Do not trust that an email came from the person in the

“From” field

Be wary of attachments received by email – they can

contain viruses

Even Word, Excel, PDF, and picture documents can contain

viruses!

An attachment from someone you know can contain a virus

If you access mail from a mobile device (iPhone, Treo,

Blackberry, etc):

Use a PIN or password to lock the device when not in use

Report lost or stolen devices immediately

Phishing

Mass email sent claiming to be from reputable / trusted organization

May include links to a fake website

May ask you to reply with your username and password

May ask for other personal information (credit card, social security, mother‟s maiden name, etc)

Some are poorly written

Generally do not make sense (out of context)

Mail may originate from or reply to free mail services (Yahoo, Gmail, Hotmail, etc)

Bowdoin will NEVER request your password be sent by email

Antivirus

Sophos is used by the college and available for use on

your home computer

Your work computer is managed and updated by IT

If you do work at home, your home computer must have

an updated antivirus package

Sophos Active

(blue)

Sophos Inactive

(grey)

Automatic Updates and Firewall

Virtual Private Network

Creates a protected connection to the Bowdoin network

Think of it as a dedicated tunnel through the Internet –

no one can see what is in your tunnel

Download from IT software site

QUIZ

Is this a secure site? Why?

Is this a secure site? YES!

Is this Phishing? Why?

Is this phishing? YES!

Is this Phishing? Why?

Is this Phishing? YES!

Is this Phishing? Why?

Is this Phishing? YES!

Is Sophos Working? Why?

Is Sophos Working? Sort of…

Is this Phishing? Why?

Is this Phishing? YES!

Questions?

Reference

Bowdoin Software Download Site (Sophos, VPN)

https://www.bowdoin.edu/agreements/

VPN Instructions

https://www.bowdoin.edu/it/network/vpn/index.shtml

Password Change Website

https://mymail.bowdoin.edu

Information Security Policies

http://www.bowdoin.edu/it/contact/security.shtml