Computer Services
Main Page		  
Computer Services Memo

 
To: The University Community
From:
 Timothy C. O'Rourke,
Vice President of Computer and Information Services
Date:
March 25, 2005
Subject:
 Computer Security Is Everyone's Responsibility
 
Within the past week, Boston College sent out warning letters to 120,000 alumni that a computer containing their addresses and Social Security numbers was hacked by an unknown intruder. Chico State University in California also reported that it was the target of the largest computer hacking incident the college has ever seen. The hackers obtained access to the names and Social Security numbers of 59,000 current, former and prospective students, as well as current and former Chico State faculty and staff members. In addition, DSW Shoe Warehouse discovered that hackers stole customer credit card numbers and other purchasing information. While they did not report the number of customers affected, one can only imagine that it is large.

It is very clear from the ongoing number of incidents that identity theft is reaching epidemic proportions. Hackers and other computer criminals used to break into computers for the thrill and to prove that it could be done. Today, there is also a profit motive so, increasingly, you and I are potential victims.

I am writing to assure you that Temple takes the protection of our computers and your identity information very seriously. We have:

  • implemented a network security policy,
  • installed a state-of-the-art firewall,
  • required the installation of enterprise edition anti-virus software on network connected computers,
  • purchased an industry leading spam and virus filter on our e-mail system,
  • undertaken a major project to be completed this summer to eliminate the use of Social Security numbers as the primary identifier in our administrative systems, and
  • included a qualified Chief Information Security Officer as a key member of the Computer Services staff.

As much as Computer Services has done and will continue to do in the future, you must be aware that computer security is as much your responsibility as it is ours. Hackers are relentless and are always working to get around any security measures put into place. Every computer security professional will tell you that there is no such thing as a perfect security solution. You must be aware of this and begin immediately to take steps to protect your personal identity information.

Here are several tips to guard your personal information:

Protect your passwords.

  • Do not write down your passwords because someone can find them.
  • Create passwords with a series of letters, numbers, and characters, such as te8&pl3. Any word or name in the English language can be figured out within one minute by a good hacker.
  • Change your passwords frequently.
  • Do not share your passwords with anyone.
  • When using your password or PIN, always make sure that nobody can see or hear you.

Protect your personal information.

  • Never send your Social Security number, credit card number, or other personal information in an e-mail message or give this information to someone you don’t know. Also, don’t print this information on a document if you don’t have confidence that it will be kept secure or used properly.
  • Monitor your credit card statements carefully and check your Social Security Earnings and Benefit Statement annually.
  • Be wary of surveys or product registration information that asks for personal information. This information is often used to create mailing lists that are commercially sold and is the basis for much spam.
  • Be wary of joining non-school related Listserv lists. These are a primary source of information for spammers.
  • Never get caught in a phishing scheme. Phishing (pronounced fishing) is a technique in which scammers try to obtain personal information by creating and sending out e-mail messages that look like legitimate business correspondence. For more see http://www.temple.edu/cs/security/phishing.
  • Never give out your e-mail address to a commercial establishment unless you want to be bombarded by spam.
  • Understand what you are getting into when using a free e-mail account, such as Gmail. Remember, nothing is really free. Most of these accounts data mine your e-mail to produce targeted advertisements.

Protect your computer.

  • Make sure your Microsoft Windows Updates are current. Set your computer to obtain these updates automatically. For information on how to do this, see http://www.temple.edu/cs/windowsupdateinstructions.htm.
  • Make sure your Symantec anti-virus software is working and that you have the current updates.
  • Run a spyware package such as Ad-aware frequently. For information on this, go to http://www.temple.edu/cs/security/spyware.
  • Never open an e-mail attachment from someone who you don’t know or an e-mail attachment with an .exe suffix, such as homerun.exe.
  • Never download software from a site you don’t fully trust. If you have questions about a site, call the Help Desk before proceeding.
  • Password protect your screen saver. This will ensure that when you walk away from your computer, it is protected. To enable this protection, right-click on the Windows desktop, select Properties, and click on the Screen Saver tab. Then, click on the box in front of On resume, password protect to place a checkmark.

Finally, remember that if you have any questions about hackers, viruses, spam, identity theft, or any other computer security issue, please do not hesitate to call the Help Desk at 215-204-8000.


.