Protect Information when using the Internet and Email
RESOURCES ON THIS PAGE:
- Privacy on the Internet is a growing concern, especially as more and more people are using it for professional and personal business, socializing, and entertainment.
- Information sent over the internet or by email is not necessarily secure.
- Web pages with URLs that start in "http" not "https" can put information at risk of being intercepted by malicious people.
- Information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept.
- Information that you post online may be more public than you think.
- Don’t give private information to anyone you don’t know or who doesn’t have a legitimate need for it.
- Don’t provide personal, sensitive or confidential information online unless you are using a trusted, secure web page.
- At a minimum, look for “https” in the URL to indicate that there is a secure connection.
- Get to web sites by typing the web address in directly. Don’t click or cut and paste links in unsolicited emails.
- Remember that links and web sites that look legitimate can really be bogus sites designed to steal information or infect your computer.
- Don’t put sensitive information in locations that are accessible from the Internet. Even unlinked web pages can be found.
- Be especially careful about what you do over wireless. Information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept (most public-access wireless, including CruzNet, is unencrypted).
- Only use known, encrypted wireless networks when working with sensitive information.
- Set devices to “ask” before joining new networks so you don’t unknowingly connect to insecure wireless networks.
- See the “Mobile Device and Wireless” page for more information.
Social networking sites (such as Facebook and Twitter), personal web pages, and blogs are notorious as public sources of personal information and uncensored opinions.
- Do not reveal personal details or confidential info online. Assume that anything you post to these websites is public and could potentially be used against you.
- A good rule of thumb is to only post information you would be willing to put on a banner displayed in a public place.
- Seemingly innocent information about your interests, family, or history could be used by hackers for identity theft, or by stalkers or social engineers.
- Also keep in mind that once you post something online, it can be very difficult to “take it back.” Even if you delete the information, copies can still exist on other computers, web sites, or in search engines.
- Never assume that email, instant messages (IM), texts or attachments are private or confidential. See “Send Passwords and Restricted Data Securely” for more information.
- Avoid sending large attachments.
- Use the “Bcc” (blind carbon copy) line for large numbers of recipients. This protects the email addresses of the recipients by hiding them and makes your email easier to read.
- Delete email and attachments when you no longer need them.
- Emails containing sensitive information should be deleted securely. See IT Request KB0016804 for more info.
Don’t click on unknown links or attachments in email, texts, social networking sites, or pop-up ads/windows. These could compromise your computer or take you to malicious web sites designed to steal information.
- Just opening a malicious web page or attachment can infect a computer. Make sure you know where you’re going before clicking on a link or opening something.
- Instead of clicking on an unknown link – including “tiny URLs” – look up the website yourself (e.g. Google it) and go there on your own. If you can't verify that something is legitimate, DELETE IT!
- See “Beware of Scams” for additional information about protecting yourself
- File sharing can expose your computer to malicious files and attackers. Files may not always be what they say they are.
- Improperly configured filesharing software can allow others access to your entire computer.
- Also, if you share copyrighted files, you risk being disconnected from the campus network, as well as serious legal consequences.
- Some anti-virus programs cannot detect viruses in P2P/IM/chat files, so viruses and other malicious code can be spread this way.
- See “Don't Download Unknown or Unsolicited Programs or Files” for additional information.
- Students should also check out the ResNet Responsible Use Policy for more information.
A Special Note about Copyrighted Information
You can be sued for copyright violations. The University of California is committed to upholding copyright law. Copying, downloading, using, or sharing copyrighted materials, including movie, music and video files, must be with the permission of the copyright owner or in accordance with fair use laws.
- Legal file sharing services: http://www.educause.edu/legalcontent
- UCSC Copyright Education: http://its.ucsc.edu/security/copyright.html
- Information about UC’s commitment to copyright law: http://www.ucop.edu/information-technology-services/initiatives/uc-commitment-to-copyright-law.html
- UC’s Copyright Education Web Site: http://www.universityofcalifornia.edu/copyright
Several proactive steps you can take to help maximize security and privacy when using Google are:
- Enable two-step verification
- Protect your CruzID Blue password
- Don’t reveal it to anyone
- Don’t re-use it for other accounts
- Keep restricted data out of Google, or encrypt it first
- Limit sharing of Google Docs to only those who need access, including who can edit vs. view docs
- Review your sharing settings in Google calendar
- Report spam and phishing to Google
- Use Google’s “Account Activity” features to help make sure no one else is using your account
- Sign out of your Google account when you are not using it
Information and instructions for each of the above items are available at http://its.ucsc.edu/google/security.html
Additional things you can do to avoid identity theft
Rev. Sept 2015