Important Computer Safety Information

This page contains basic information on computer safety.

Security - Passwords

Security - Personal Stuff

Safe Computing Practices

Software Updates and Patches

Computer Viruses & Worms

Phishing Scams & ID Theft

What To Do if You Think You've Been Hacked or Infected

Security-Related Policies

Resource Links

Security - Your Passwords

Your University Network ID (uNID) and its password give you access to many IT resources at the University of Utah. You choose your secure uNID password when you use the Campus Information System for the first time. The University has some guidelines about the uNID password you choose.

  • It must be at least 8 characters in length.
  • You're also encouraged to make your uNID password even more secure by using upper and lower case letters, a number and a symbol.
  • These guidelines are appropriate for all electronic passwords, not just your uNID password.

Easy-to-guess, "weak: passwords are the main way hackers gain access to system information. Keeping your passwords safe and hard to guess is critical to ensure that your identity isn't stolen. Choose a password that is easy for you to remember but hard for someone else to figure out. For example, you might say, "I have 2 dogs named Shep and Lassie." Create a password from that statement:

(I) (h)ave (2) (d)ogs (n)amed (S)hep (&) (L)assie. >> Ih2dnS&L

This password incorporates all of the password guidelines. You should never share your password with anyone.

Security – Your personal Stuff

You need to be aware of your more tangible assets, as well. Don't leave your personal belongings unattended. Your purse, wallet, PDA, phone, laptop, etc., all contain personal information that can be exploited at your expense. Keep these items on your person at all times while you are in public. Shred documents that could be used to steal your identity, such as credit card offers. Don't leave mail in an unsecure mailbox - post bills and other financial or sensitive documents in a secure US Post Office box. Find out more about protecting yourself from Identity Theft.

Safe Computing Practices

  • Don't send personal or financial information (SS#s, credit card numbers) via email. Typically, email systems are not encrypted, meaning they aren't secure. It's a good habit to avoid sending any private information via email.
  • Don't send personal or financial information over unsecure websites. A website is (reasonably) secure if the url begins with https:// and if there is a locked padlock in the bottom right corner of the browser window. This means the data is encrypted after you send it until it reaches its destination.
  • You should also log out of your workstation's operating system when you leave, even for a few moments. Having a secure and hard to guess password is useless if a hacker can access your account because it is unattended. See the Campus Help Desk Lock Down webpage for instructions.
  • Use a password-protected screen saver. You can choose the period of time lapse before your screen saver starts. Five minutes is a good choice. See the Campus Help Desk Lock Down webpage for instructions.
  • Back up your data. If you have important files stored on your computer, copy them onto a removable disc, and store them in a safe place.

Software Patches & Updates

Hackers rely on the fact that many computer users fail to install software patches on their machines and create worms and viruses to exploit unpatched systems. Most software vendors, including Microsoft and Apple, offer updates to correct program flaws that malicious programs use to attack your computer. Running McAfee Anti-Virus is not enough. You can configure your computer to automatically seek out updates. See the Campus Help Desk website for details.

Computer Viruses and Worms

We all know the damage that computer viruses can do. Run good virus scanning software upon starting up your machine. Keep it updated. Use it to scan all floppy disks and e-mail attachments before you open or run them. Periodically scan your hard drive(s).

The Office of Information Technology has arranged for McAfee anti-virus/anti-spyware software for home computer use to be offered to students at no charge and to staff & faculty at very low cost. It is available now through the Office of Software Licensing website at www.software.utah.edu. You can download the software, or you can order the software on a cd and pick it up at the OSL office in Research Park. Just search for either McAfee or VirusScan.

You can also find links to other free anti-spyware and firewall software downloads form home computer use on the Security Essentials area of the OSL website.

Avoid Phishing scams & protect your identity

Beware of fraudulent emails and Web sites that masquerade as messages from familiar institutions. By tricking you into disclosing your Social Security Number, PIN number, a password, or an account number, identity thieves can drain your bank account or run up bills on your credit card. The best ways to avoid becoming a victim are:

  • Never disclose personal information in response to an unsolicited email
  • Never click on the link in the email
  • Always access the Web site by manually typing in the Web address in a browser

The University admistration sent out an email warning in 2005 to all campus members about Phishing scams. For more information on such scams, see this Federal Trade Commission Consumer alert and a Washington State Office of the Attorney General "Phishing" article. You can report suspected Phishing scams by sending an email to spam@uce.gov or by visiting the Federal Trade Commission website.

What to do if you've been hacked or infected

Staff or Faculty: Disconnect your computer from the network, but do not unplug your machine. Contact your department computer administrator as soon as possible.

Students connected to the Campus Network : Disconnect your computer from the network, but do not unplug your machine. Contact the Campus Help Desk at 1-4000, option 1, asap.

Security-Related Policies

Copyright Laws and Peer-to-Peer File Sharing

You need to know that it is a violation of federal law and University's Peer-to-Peer policy to share and/or distribute copyrighted materials without the permission of the copyright holder. This is typically done through file-sharing software like as BitTorrent, KaZaA, Emule, and Gnutella. File sharing software is most commonly used to download music, movies, software and other media. This software may turn your personal computer into a server, or upload site, even if that was not your intent. Note: many worms, viruses and other malicious code gets transfered during peer-to-peer file transfers, too.

Please see our Peer-to-Peer web page for more information on consequences and to view Copyright Violation notices.

Network Acceptable Use Policy

In order to use any of the IT resources, you must agree to the University of Utah Network Connection Acceptable Use Policy . In changing your password for the first time in the Campus Information System, you agree to the policy. Please read it and be familiar with the terms; you will be required to comply with them.

In one past semester, the University experienced:

  • Multiple peer-to-peer file sharing complaints from Lawyers representing Music, Movie and Software Industries.
  • Several hacked machines sending pornographic SPAM. Machines are completely compromised meaning any personal data would be available to the hackers. These are the ones that we know of.
  • Literally hundreds of worm infected/virus infected machines, with no way of knowing exact numbers.

Most of these incidents (file sharing and unprotected machines are found in departments as well, though more rare) are due to student activity . These activities bring with them, real consequences, whether you violate University policy, or are a victim of another's disregard for the law.

IT Resource Security Policy

The University Information Technology Resource Security Policy (PPM 1-18) states that "Users of IT Resources must not knowingly retain on personal computers, servers, or other computing devices, Private Sensitive Information, such as Social Security Numbers, financial information including credit card numbers and bank information, or protected health information, including health records and medical information" unless specifically approved by the Dean, Department Chair, or Vice President, and only when absolutely necessary to perform one's official duties.

Each campus member is responsible for:

  • knowing what, if any, private, sensitive data is on their machines,
  • getting approval to retain or access it, and
  • putting in place measures to protect it.
There are sanctions for not following this policy. The administration sent out this email in September 2005 reminding campus members about their individual responsibilities for keeping private information secure. For more information on the IT Resource Security Policy, see the IT Security Policy presentation (ppt).

Resource links