Follow simple tips to boost cyber security

October--also known as National Cyber Security Awareness Month--is a good time to think about how to prevent everything from identity theft to e-mail scams, according to UCSC's Information Technology Services.

Many cyber security threats are largely avoidable. Some key steps that everyone can take include:

. Use good, cryptic passwords that can't be easily guessed--and keep your passwords secret

. Make sure your computer's operating system and applications are protected with all necessary security "patches" and updates

. Make sure your computer is protected with up-to-date antivirus software

. Don't click on unknown or unsolicited links or attachments, and don't download unknown files or programs onto your computer

. Remember that information and passwords sent via standard, unencrypted wireless are especially easy for hackers to intercept

To help reduce the risk, make sure web pages have https, (not http,) in the web address (URL) before you enter any sensitive information or a password. Also avoid standard, unencrypted e-mail and unencrypted Instant Messaging (IM) if you're concerned about privacy

E-mail scams

It is important to remember that cyber-criminals are constantly coming up with new e-mail scams, so be alert. Deceptive e-mails often look legitimate but are designed to compromise vulnerable computers or steal information.

Some key indicators that an e-mail is not legitimate--even if it appears to be from a company or person you are familiar with--are:

. It is not addressed to you personally

. The sender isn't specified, isn't someone you know, or doesn't match the "from" address

. It has spelling or grammatical errors

. It has a link that doesn't look legitimate or doesn't seem to match where the e-mail says the link will take you

. It is an unsolicited or unexpected e-mail with an attachment, or it has an attachment with a name that doesn't make sense or match what it is supposed to be

. It is an unsolicited or unexpected e-mail (or phone call) asking you to disclose financial account information, your social security number, your password, or other personal or private information

. It asks you to update your account information using a link or phone number provided in the e-mail

. It asks you to send money

To protect yourself:

. Don't click on links or open attachments in unsolicited or unexpected e-mail

. Don't open, respond to or forward spam e-mail

. If you are uncertain about an e-mail or phone call, contact the sender separately using a method you know is legitimate to verify that the message is from them

UCSC's Information Technology Services (ITS) Security Awareness web site offers a wide range of information about these and many other practical cyber security tips and pointers for safer computing, including:

. A "Top 10 List" of Good Computing Practices

. Information about protecting sensitive data

. Online computer security training and tutorials

. How to report computer security incidents

. Excellent UCSC and non-UCSC resources

If you are in doubt about a cyber security issue, contact the ITS Support Center. Help is available online at, from the ITS Support Center homepage,

by calling (831) 459-HELP (4357), and via e-mail at

In addition, the ITS Support Center at 54 Kerr Hall is open Monday through Friday, 8 a.m. to 5 p.m; please bring a photo ID or Student ID card with current sticker.