Ten Steps to Protect Your Data
Table of Contents
  1. Protect your valuable personal information
  2. Use the standard campus-wide anti-virus program and be aware of steps to take to minimize computer virus risks
  3. Install anti-spyware software and a desktop firewall program
  4. Beware of links sent to you in chat sessions and be cautious when viewing email attachments
  5. Use strong passwords and change your passwords often
  6. Regularly update your operating system and your computer software
  7. Take reasonable steps to limit physical access to your computer hardware as well as your computer data
  8. Use care when selecting programs to download and install
  9. Backup all computer files on a regular basis
  10. Know where to go when you require help with your computer
1. Protect your valuable personal information.**Be suspicious of any email with urgent requests for personal financial information**

Never respond to unsolicited urgent requests for confidential personal information. Never give out personal information such as bank account numbers, PIN numbers, credit card numbers or your social security number unless you initiated the contact.

Phishing is an Internet scam whereby a message is sent out via email instructing recipients to immediately provide their financial institution with personal financial information.

Typically these are urgent requests designed to look like they came from a bank or other service provider demanding that you "confirm" or "update" account information or passwords or risk having an account closed down.

Others request you "confirm" personal financial information to assist in a fraud investigation involving a credit card or bank account.

These emails are designed to look like an official communication from a bank or credit card company. They generally instruct you to click on a link in the email leading you to a Web site where you are asked for information like account numbers, contact information, social security numbers or bank/credit card PIN numbers.

This link doesn't go to your bank; it actually goes to a computer controlled by fraudsters. Once armed with your data, thieves take out cash advances from your accounts or may attempt to steal your identity and set up fraudulent bank or credit card accounts in your name.

Back to Table of Contents

2. Use the standard campus-wide anti-virus program and be aware of steps to take to minimize computer virus risks. Make certain that anti-virus software has been installed on your computer.
All UWM student/staff/faculty members have access to a no-cost, pre-configured and automated full version of McAfee VirusScan or Virex. This software is designed to automatically update anti-virus software installed on your computer.
If you use an anti-virus product other than McAfee VirusScan or Virex, please be aware of the following:
  • New viruses appear constantly and daily virus definition updating decreases the risk of computers becoming infected. Your anti-virus software should be updated on a schedule; update virus definitions at least every week and, if feasible, every day.
  • Your anti-virus software should always be running and the program should automatically begin working when the computer starts.
  • It is a good practice to enable your anti-virus heuristic controls. Anti-virus heuristic controls can stop the spread and infection of new viruses because they generate a type of scan check for items that could potentially be viruses.
Enable the macro virus protection feature in all of your Microsoft Office applications.
A macro is a mini computer program used to automate repetitive tasks in Microsoft Office applications. Macros are potential vectors for malicious (virus) activity. When you set macro virus protection to "Medium" in each of your Microsoft Office applications, each application will notify you when a macro(s) is contained in a file created and/or opened using the application.

Scan floppy disks, zip disks, USB drives and CDs for viruses before using them.
They may have been in contact with a virus-infected computer.

Disable your email system's preview pane view.
Disable the preview pane view if you use Microsoft Outlook, Microsoft Outlook Express, or Netscape Mail. Even if an email message is not intentionally opened, your computer can be infected with email viruses if the preview pane is enabled.

Back to Table of Contents

3. Install anti-spyware software and a desktop firewall program.Spyware
Spyware is software that is usually downloaded from the Internet, either intentionally under the guise of a service or utility, or without your knowledge as a result of browsing malicious Web sites. Spyware gathers information about how you use your computer. It poses a threat to your privacy and may damage your system.

Download Spybot from http://www.safer-networking.org. This is a free program which does a decent job of preventing and detecting spyware on your computer.

During the installation, be sure to enable a component called "tea timer" which provides real-time protection from Spyware. It is a good idea to scan your machine after install and to do so periodically. The software should be updated periodically as well.

Some programs claiming to prevent spyware are actually spyware themselves. For a list of known "good" spyware programs, please see the following:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

You may not realize it but you have a choice when it comes to Web browsers. Your Windows system comes with Internet Explorer, which you may recognize by this symbol:


Unfortunately, this browser suffers from inherent security problems making your system more susceptible to spyware. We recommend installing Firefox and setting that as your default browser. This is what the icon for Firefox looks like:


Firefox is available for free online at: http://www.mozilla.org/.

Firewall
A firewall is a piece of software or hardware that creates a protective barrier between your computer and potentially harmful content on the Internet. Firewalls help guard computers against hackers as well as many computer viruses and worms.

If you are using a computer supplied by UITS, a firewall has been set up on your computer. If you are not sure if your computer has a firewall, ask your computer administrator.

Windows XP operating systems
Windows XP has a built-in firewall product, but it may not be enabled. For more information about this topic, go to: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx.

Other operating systems
Software firewalls for other operating systems are available from several vendors, including:
Back to Table of Contents

4. Beware of links sent to you in chat sessions and be cautious when viewing email attachments. Chat room links and email attachments are both handy features, but they can also be used to spread computer viruses and other malicious programs.

Chat room links
Often when chatting online, a friend will post a link to an interesting or entertaining Web page. But are you sure your friend sent this? Chat rooms are unfortunately plagued with "bots" or automated programs on infected computers that send links to malicious Web sites to anyone in that person's "buddy" or contact list. Clicking on these malicious links can give someone remote control over your computer who may then use your machine to attack other computers, to send out spam, or to host spyware. Once your computer is part of a bot net, aside from the personal security risks, you could harm others and may have your Internet connection suspended by your service provider.

What to do?
If you don't know the person sending the link, definitely don't click on it!

Only click on a link in a chat room after you have verified the sender's intentions. Reply to them and ask if they actually sent the link on purpose and make sure they are who you think they are.

Email attachments
What are attachments?
Attachments are files, such as a document or picture that can be sent along with an email. Viruses spread by hijacking an infected computer's email address book. The virus sends copies of itself as email attachments to everyone in the victim's email address book. This gives the appearance that your friend is emailing you a joke or a document, but it's really the virus attempting to spread itself.

Common-sense precautions
Some common-sense precautions can help us differentiate between legitimate and malicious email attachments.

If you receive an unexpected email attachment, even if you know the sender, do not open the attachment unless you can answer "YES" to all three of the following conditions:
  • I know exactly what this file is.
  • I have scanned this file with my virus scan AND I have ensured that my virus scan was recently updated.
  • I have verified the identity of the sender and their intentions via email or phone call.
It is advisable to ensure that the email program you use does not automatically open or download email attachments.

It can also be helpful to compare the email subject line with the email text (contents) and with the email attachment name. Do the three make sense when compared to each other?

Beware of links to malicious Web sites
Do not click on a hyperlink contained in an email if you do not know where the hyperlink will take you -- even if you know the email sender. This could be a link to a malicious program which could give unwanted access to your computer. Know what the link is before clicking on it and make sure you know the sender really intended to send this to you.

Display email messages in plain text
If you use Microsoft Outlook, Microsoft Outlook Express, or Netscape Mail, consider configuring the program to display messages in plain text versus HTML. When an incoming email message is HTML-enabled, the chances of getting a computer virus are higher than if the incoming message is in plain text.

Beware of virus hoaxes
Do not take action regarding virus warnings that are received via email until you verify that the warning is genuine; instructions in the email hoax may ask you to perform tasks on your computer that may harm it and your data. Check with an authoritative source to determine if the email is a hoax.

Back to Table of Contents

5. Use strong passwords and change your passwords often.
  • Review the specific guidelines for your ePanther account password.
  • A strong password is one that is not obvious or easy to guess. A strong password should be 8 - 12 characters long and include a combination of upper and lowercase letters, numbers, and symbols such as punctuation marks and special characters.
  • Do not share information about your user IDs/ePantherID or passwords/PINs with others.
  • Always change the default password when you receive a new account that requires a password and assigns a default.
  • When setting up multiple accounts, try to use unique passwords for each account.
  • Make it a practice to change your password every 90 days, especially when using public computers. This practice will better prevent people from knowing and utilizing your password.
  • Try not to write your passwords down; choose passwords that are easy to remember.
  • Do not log others into a computer with your ID and password.
Back to Table of Contents

6. Regularly update your operating system and your computer software.
As flaws are discovered by users, software makers such as Microsoft release software updates. To ensure that your computer is secure, install the appropriate updates. Microsoft products can be updated from the following Web sites:
Helpful information regarding Microsoft Windows security features can be found at:
http://www.microsoft.com/athome/security/protect/windowsxp/default.mspx

Apple Macintosh users should visit the "Apple Downloads" page for important updates:
http://www.apple.com/support/downloads/

Back to Table of Contents

7. Take reasonable steps to limit physical access to your computer hardware as well as your computer data.
  • If you are going to step away from your computer for an extended period of time or if you are finished using it, remember to log out.
  • Make it a practice to enable a password-protected screen saver on your computer. The screen saver should activate after an idle time of no more than 10 minutes.
  • Consider using a boot password for your computer.
  • Be aware of who has keys to your work area as well as who has physical access to your computer.
Back to Table of Contents

8. Use care when selecting programs to download and install.
Multitudes of no-cost programs are available for all types of operating systems, with more becoming available each day. If a program is written with malicious intent, the author/intruder will not tell you that it will harm your system. Other programs may not be malicious, but may unintentionally interfere with software already installed on your computer.

Many no-cost programs collect data about you and then sell that data to advertisers. These types of programs are called "spyware" (see step 3 above).

Back to Table of Contents

9. Backup all computer files on a regular basis.In case of emergencies, such as a computer local hard drive crash, documents and data files stored only on your local hard drive need to be backed up and backups need to be periodically tested. If you are not sure if your files are being backed up, contact your computer administrator.

Consider encrypting and/or password-protecting files so that data will be unusable if stolen. Note that conventional passwords, such as Windows passwords, do not secure your data.

Back to Table of Contents

10. Know where to go when you require help with your computer.On-campus departmental computers
Who provides computer support varies widely from department to department, therefore it is important to be aware of your department's policy about obtaining computer help. If you are unsure about your department's policy about who to contact for computer support, request clarification from your supervisor.

Alternatively, you may submit your questions and concerns about computer help to the UITS Help Desk. You can reach the Help Desk by phone at (414) 229-4040 or via an online form at GetTechHelp.uwm.edu. The UITS Help Desk consultants are a central resource for campuswide services and will help with any technology-related questions. Visit the UWM Help Desk online at http://www.help.uwm.edu/.

Home computers
Questions and concerns regarding problems with your home computer may be submitted to the UITS Help Desk. You can reach the Help Desk by phone at (414) 229-4040 or via an online form at GetTechHelp.uwm.edu. The UITS Help Desk consultants are a central resource for campuswide services and will help with any technology-related questions.

The UWM Information Security Web site also contains a wealth of resources including links to software and a step by step guide to securing your Windows XP computer:
http://www4.uwm.edu/itsecurity.