October is National Cyber Security Awareness Month

Information Technology Services (ITS) provides cyber security tips about email scams and passwords. There is also a cyber security poster and video contest for students.

Email scams:

This year we've seen a dramatic increase in email scams targeted directly at the UCSC community. It's important to remember that criminals and hackers are constantly coming up with new schemes designed to compromise computers, steal personal or private information or passwords, or trick you out of money. It is cheap and easy to send millions of scam emails in the hopes that someone will take the bait.

Here are a few pointers to avoid getting fooled:

  • Don't give out personal or sensitive information to anyone you don't know or who doesn't have a legitimate need for it - in person, online or over the phone.

  • Any unsolicited email or phone call asking you for account numbers, your social security number, your password or other personal or private information is suspicious. When in doubt, contact the sender separately by a method you know to be legitimate to verify the request.

  • Never respond to any email message or instant message (IM) with your personal information or passwords. UCSC's ITS staff will not ask you to tell them your password and neither should anyone else.

  • Delete spam and suspicious emails; don't open, forward or reply to them.

  • Don't click on links or open attachments in unsolicited or unexpected email.

  • Don't enter personal information or login information into online forms you access via an email or IM link.


Passwords:

Passwords are often the first line of defense against hackers, so it's important to use good, hard-to-guess-or crack passwords to protect your computer and your accounts. It is equally important to keep your passwords secret and secure.

Some key rules of thumb for passwords include:

Passwords should be at least eight characters long with a mixture of upper- and lower-case letters, numbers, and symbols. Passwords that can't be this complex should be at least 10 characters long.

  • Don't use a word found in the dictionary in any language, spelled forward or backward, or a word preceded or followed by a digit (e.g., password1, 1password). Also, avoid common keyboard sequences, such as "qwerty89" or "abc123."

  • Don't use your login name or personal information that someone could know or find out about you, such as names of family, places, pets, birthdays, address, your car model, etc.

  • Never share your password with anyone else.

  • Avoid writing passwords down. If you have to write something down, try to write it in a way that others won't be able to decipher--and store it securely.

  • Change initial passwords, password resets, and default passwords the first time you log in. These passwords can be extra vulnerable.

  • Don't let your applications or browser remember passwords that provide access to sensitive systems or data. That way if someone gets into your computer they don't also automatically get into all of your accounts.


Check out UCSC's Password Standards for additional information.

Poster and video contest for students:

Educause is conducting its third annual contest in search of posters and short computer security awareness videos developed by college students, for college students. Entries are due in April 2009 and cash prizes are available! Please see Educause's website for more information.

Resources:

ITS's Security Awareness website offers a wide range of practical information and resources for safer computing.

Getting help:

If you have a question about a cyber security issue, contact the ITS Support Center:

  • Online

  • Phone: (831) 459-HELP (4357)

  • Email

  • In person: 54 Kerr Hall, Monday through Friday, 8 a.m. to 5 p.m.