Protect Information when using the Internet and email

How might I be putting information at risk when using the Internet?

  • Privacy on the Internet is a growing concern, especially as more and more people are using it for their professional and personal business, socializing, and entertainment.
  • Information sent over the internet or by email is not necessarily secure.
  • Web pages with URLs that start in "http" not "https" can put information at risk of being intercepted by malicious people.
  • Information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept.
  • Information that you post online may be more public than you think.

(Back to Cyber Security Basics page)


What should you do?

Protecting Privacy

  • Don’t give private information to anyone you don’t know or who doesn’t have a legitimate need for it. 
  • Don’t provide personal, sensitive or confidential information online unless you are using a trusted, secure web page.
    • At a minimum, look for “https” in the URL to indicate that there is a secure connection.
    • Get to web sites by typing the web address in directly. Don’t click on or cut and paste links in unsolicited emails 
    • Remember that links and web sites that look legitimate can really be bogus sites designed to steal information or infect your computer 
  • Don’t put sensitive information in locations that are accessible from the Internet. Even unlinked web pages can be found by search engines.
  • Be especially careful about what you do over wireless. Information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept (most public-access wireless is unencrypted).
    • Only use known, encrypted wireless networks when working with sensitive information
    • Set devices to “ask” before joining networks so you don’t unknowingly connect to insecure wireless network
    • See the “Mobile Device and Wireless” page for more information

Social Networking and Blogs

Social networking sites (such as Facebook and Twitter), personal web pages, and blogs are notorious as public sources of personal information and uncensored opinions.

  • Do not reveal personal details or confidential info online. Assume that anything you post to these websites is public and could potentially be used against you.
    •  A good rule of thumb is to only post information you would be willing to put on a banner displayed in a public place. 
    • Seemingly innocent information about your interests, family, or history could be used by hackers for identity theft, or by stalkers or social engineers.
  • Also keep in mind that once you post something online, it can be very difficult to “take it back.” Even if you delete the information, copies can still exist on other computers, web sites, or in search engines.

Protecting information in Email and IM

  • Never assume that email, instant messages (IM) or attachments are private or confidential.
  • Don't send restricted data or personal information via email or instant message (IM). These are not secure methods of communication. See the “Send Passwords and Restricted Data Securely” page for more information.
  • Avoid sending large attachments. 
  • Use the “Bcc” (blind carbon copy) line for large numbers of recipients. 
    • This protects the email addresses of the recipients by hiding them and makes your email easier to read. 
  • Delete email and attachments when you no longer need them.
    • Emails containing Restricted Data should be deleted securely. See IT Request KB #16804 for more info.

Security Cautions

Don’t click on links or open attachments in unexpected email or in pop-up ads/windows. These could compromise your computer or take you to malicious web sites designed to steal information.

  • Just opening a malicious web page or attachment can infect a poorly protected computer. Make sure you know where you’re going before clicking on a link or opening something. 
  • Instead of clicking on an unknown link – including “tiny URLs” – look up the website yourself (e.g. Google it) and go there on your own
  • See “Beware of Scams” for additional information about protecting yourself

File sharing and IM
Be extremely careful with file sharing software (BitTorrent, Kazaa, eDonkey, Limewire, etc.) and Instant Messaging (IM).

  • File sharing can expose your computer to the risk of malicious files and attackers:
  • Improperly configured filesharing software can allow others access to your entire computer 
  • Files may not always be what they say they are
  • Also, if you share copyrighted files, you risk being disconnected from the campus network, as well as serious legal consequences
  • Some anti-virus programs cannot detect viruses in P2P/IM/chat files, so viruses and other malicious code can be spread this way. 
  • See “Don't Download Unknown or Unsolicited Programs or Files” for additional information. 
  • Students should also check out the ResNet Usage Guidelines for more information. 

A Special Note about Copyrighted Information
You can be sued for copyright violations. The University of California is committed to upholding copyright law. Copying, downloading, using, or sharing copyrighted materials, including movie, music and video files, must be with the permission of the copyright owner or in accordance with fair use laws.


Security and privacy when using Google

Several proactive steps you can take to help maximize security and privacy when using Google are:

  • Enable two-factor authentication 
  • Protect your CruzID Blue password 
    • Don’t reveal it to anyone 
    • Don’t re-use it for other accounts
  • Keep restricted data out of Google, or encrypt it first 
  • Limit sharing of Google Docs to only those who need access, including who can edit vs. view docs
  • Review your sharing settings in Google calendar 
  • Report spam and phishing to Google 
  • Use Google’s “Account Activity” features to help make sure no one else is using your account 
  • Sign out of your Google account when you are not using it

Information and instructions for each of the above items are available at http://its.ucsc.edu/google/security.html


Additional things you can do to avoid identity theft

GETTING HELP

Contact the ITS Support Center if you would like your computer configured to meet these requirements. If you have questions, contact the Support Center or your ITS Divisional Liaison.


(Back to Cyber Security Basics page)

Rev. Nov. 2012