Cyber Security Information for Students

Quicklinks

  1. Protect Your Passwords
  2. Phishing and Other Scams
  3. Internet Privacy
  4. Privacy and Security Tips for Google@UCSC
  5. Mobile Devices
  6. Filesharing Risks / Copyright 
  7. Video Contest 
  8. Security Website
  9. Getting Help

Cyber Security Guy logoThere are many cyber security threats out there, but it is important to remember that most of them are avoidable. The information below will help you to better protect yourself against some common cyber security threats. For additional cyber security dos and don'ts, check out ITS' "Top 10 List" of Good Computing Practices.

PROTECT YOUR PASSWORDS

Make sure others don’t have the chance to use your accounts maliciously!

  • Don’t share your password with anyone. ITS will never ask you for your password. Neither should any reputable service provider.
  • Always use cryptic passwords that can’t be easily guessed. See the "Top 10 List" or "Protect Passwords" page for additional information and tips.

PHISHING AND OTHER SCAMS

Criminals and hackers continue to come up with schemes designed to compromise computers, steal personal or private information or passwords, or trick you out of money. Don’t get fooled:

  • Don't respond to email, instant messages (IM), texts, phone calls, Facebook messages, tweets, etc., asking you for your password or other personal information.
  • Malicious links can infect your computer or take you to web pages designed to steal your information. Only click on links from trusted sources. Never click on a “mystery link” unless you have a way to independently verify that it is safe. This includes tiny URLs.
  • Don't open unsolicited or unexpected attachments. If you can't verify an attachment is legitimate, delete it.
  • Don't give private information to anyone you don't know or who doesn't have a legitimate need for it – in person, over the phone, via email, IM, text, Facebook, Twitter, etc.
  • Report spam and phishing to Google. See http://its.ucsc.edu/google/security.html#spam for instructions.

INTERNET PRIVACY (Facebook, Twitter, blogs, etc.)

A good rule of thumb is to only post information you would be willing to write on a banner in a public place. 
Privacy on the Internet continues to be a challenge. It is best to assume that any information you enter online is public unless you are using a known, trusted, secure site. Social networking sites (Facebook, MySpace, Twitter, etc.), personal web pages, and blogs are notorious as places people can go to find personal information about you and read your uncensored opinions.

Always remember:
  • Once you post something online, it can be very difficult to “take it back.” Even if you delete the information, copies can still exist on other computers, web sites, backups, or in search engines.
  • You may be sharing what you post with a larger audience than you think, such as prospective employers, landlords, instructors, college officials, coworkers, law enforcement, the government, etc.
  • Seemingly innocent information about your interests, family, or history could be used by hackers for identity theft, or even by stalkers.
  • Other people may not always tell the truth online (or in person, for that matter).
  • Don't give personal, financial, or log-in, information to anyone you don't know or who doesn’t have a legitimate need for it (in person, over the phone, via email or the Internet).

PRIVACY AND SECURITY TIPS FOR GOOGLE@UCSC

Google is great for email and all of its many apps and tools. Don’t forget to protect your account and any private information, though. Several proactive steps you can take to help maximize security and privacy when using Google are:

  • Enable two-factor authentication 
  • Protect your CruzID Blue password
    • Don’t reveal it to anyone 
    • Don’t re-use it for other accounts 
  • Report spam and phishing to Google
  • Limit sharing of Google Docs to those who need access 
    • Including who can edit vs. view-only 
  • Review your sharing settings in Google Calendar 
  • Use Google’s “Account Activity” features to help make sure no one else is using your account 
  • Sign out of your Google account when you’re not using it 

Information and instructions for each of the above items are available at http://its.ucsc.edu/google/security.html.

Additional Google security tips:
http://its.ucsc.edu/google/security.html
http://gmailblog.blogspot.com/2009/10/gmail-account-security-tips.html

MOBILE DEVICES

Assume that at some point your phone and other mobile devices will be lost or stolen or hacked into. Only store information you’re willing to lose. Also think about what you send with your phone. If you want to send something private, make sure you’re connected to a secure, encrypted network or website first, or don’t send it. If you’re not sure, assume it’s not secure.

| Protect Mobile Devices | Checklist for Lost/Stolen Devices | Additional Precautionary Measures | Wireless Security | GPS |

Protecting Mobile Devices

  • Use a complex password, and be sure your device requires a password to start up or resume activity
  • Set it to automatically lock after a short period of inactivity
  • Keep it with you or lock it up securely before you step away -- even just for a second 
  • Don't store sensitive information. Encrypt your device or sensitive contents if you do 
  • Don’t store passwords unless they’re encrypted
  • Run current versions of the operating system and applications. Remember to sync often so you get available updates. Always install updates when your carrier tells you they are available
  • Beware of phishing: Don’t open files, click links, or call numbers in unsolicited emails, text messages or IMs 
  • Use anti-virus/anti-malware software, if it is available for your device, and set it to auto-update as frequently as the settings will allow. 
  • If your mobile device has built-in firewall or access control functionality, turn them on. Default settings are typically fine. 
  • Use known, encrypted networks whenever possible – and always for sensitive data 
  • Disable or remove apps and plug-ins that you don’t actively use 
  • Avoid using auto-complete features that remember user names or passwords 
  • If your device has a web browser, set the browser to block pop-ups. For added privacy, also set the browser to limit the cookies it accepts. 
  • Securely delete all contents before discarding, exchanging, selling or donating a device 
  • For student employees: All devices used for work must meet UC and UCSC security requirements.
  • See the Mobile Device and Wireless page for additional information and details

Checklist for lost/stolen portable devices

  • Immediately report lost or stolen devices to the police 
    • If you used the device for work, also report it to the ITS Support Center (contact info below) 
  • For phones, notify your cellular carrier. Request they deactivate the device if possible 
  • Change all passwords stored or used on the device, including email, Dropbox, banking, etc. 
  • Notify credit card companies and banks if you used the device for shopping or banking 
  • Try to track its location, if possible 
  • Try to remotely wipe your device if the remote wipe feature was enabled and the phone contained sensitive data or passwords

Additional precautionary measures
To help protect your data in case of theft or loss: (not all of the following are available on all devices, and not all are appropriate in every situation)

Wireless Security
Information sent via standard wireless is especially easy to intercept. To protect yourself, use known, encrypted networks when working with sensitive information.

  • Coffee shop/hotel/airport-type wireless is not encrypted 
  • UCSC’s EDUROAM SECURE WIRELESS is encrypted -- available to UCSC students, researchers, faculty, and staff (see below for more about eduroam). 
  • If you’re not sure, assume it’s not encrypted.

Eduroam is a secure wireless service available to all students, researchers faculty and staff at UCSC. Eduroam is available across the campus and at other participating universities. See http://its.ucsc.edu/wireless-secure/ for information and set-up instructions.

A special note about mobile devices with GPS:
If your device has GPS, be aware that you may be sharing information about your location whenever it is on, as well as when you post to the Internet or “check-in” on social networking sites. GPS-enabled phones can also embed location information in pictures. This is known as geotagging. When you post geotagged pictures online, it is possible for others to find out exactly where you took them. To disable geotagging on your mobile device, consult the manual or search for your specific model online. It is also a good idea to review the privacy options on the sites you use, and when possible limit who can see your location to people you know and trust.

More information about Facebook Location/Check-In Services is available at https://www.facebook.com/help/477587325603876 and http://howto.cnet.com/8301-11310_39-57332537-285/how-to-stop-facebook-from-sharing-your-location/

FILESHARING RISKS

It is important to be aware that filesharing can expose your computer to a number of security risks. For example,

  • Although filesharing is not in itself illegal, if you share or download copyrighted material without permission – even unwittingly – you are breaking both the law and UC policy and could be subject to University, civil, and/or criminal penalties. See “More About Copyright” below for more information. 
  • Improperly configured filesharing software (BitTorrent, Limewire, Kazaa, eDonkey, etc.) can allow others access to your entire computer, not just to the files you intend to share. 
  • Viruses and other malware can be transmitted by filesharing software. 
  • The files offered by other users of filesharing software may not always be what they say they are, and may even be malicious. 
  • Because you can’t easily tell where they actually go, tiny URLs can take you to malicious web sites or download malware onto your computer. 
  • Malicious links to fake videos are also common. In this scam, when you click on the link, you get a message that you need to install a plug-in to see the video. The fake plug-in is harmful software that will infect your computer.

What can you do?

  • Run up-to-date anti-virus and anti-spyware.
  • Make sure your filesharing software is configured only to share the files you intend to share.
  • Turn filesharing off when you’re not actively using it to avoid unknowingly sharing personal or copyrighted files.
  • Follow the tips in the “Phishing and Other Scams” section, above, to help avoid malware. 
    Additional information is also avalable on OnGuardOnline.gov's web site.

More About Copyright
The University takes copyright law very seriously. If you share copyrighted material without permission, you are breaking the law and could be subject to University, criminal, and/or civil sanctions. It is up to you to ensure that your use of copyrighted materials is legal. Please see ITS’ Copyright Education web site for more information, including information about campus, civil and criminal penalties for violation of copyright laws. 

Legal Filesharing Services
We strongly encourage you to use legal filesharing services for obtaining music, movies, TV, games, books, etc. on the Internet. A large list of digital music, video, and other services is available from Educause at http://www.educause.edu/legalcontent

SECURITY AWARENESS VIDEO AND POSTER CONTEST

EDUCAUSE is conducting a security awareness video and poster contest for college students. The submission deadline is March 8, 2013, and winners will receive cash prizes.

The contest seeks creative, topical, and effective videos (two minutes or less) and posters that focus attention on information security problems and how best to handle them. The winning videos and posters will be featured on EDUCAUSE's website, YouTube and Facebook and may also be used in campus security awareness campaigns.

For details or to view previous years’ winners, see: http://www.educause.edu/SecurityVideoContest

SECURITY WEBSITE

Check out ITS' Security web site for additional information and resources for safer computing, including the "Top 10 List" of Good Computing Practices

GETTING HELP

If you ever have a question about a cyber security issue, contact the ITS Support Center

Rev. December 2012

Privacy Policy and Terms of Use