Penn State launches computer security awareness campaign

October 28, 2009

Penn State launched its sixth annual "Take Control" security awareness campaign and contest last week in an effort to increase student, faculty and staff awareness of computer security dangers. This fall, the contest will take the form of a treasure hunt featuring the Information Technology Services (ITS) squirrel, who will make appearances at the HUB-Robeson Center, computer labs and other buildings throughout Penn State, sporting armor and a sword. All students, faculty and staff can register to win an Eee PC Netbook prize during the campaign by participating in the Take Control contest at http://its.psu.edu/takecontrol/ online.

According to Kathy Kimball, senior director of ITS security operations and services at Penn State, Web-based attacks have become an extremely virulent form of breach that Internet users need to be aware of.

"Web-based applications are becoming a critical means of attack," Kimball said. "Criminal hackers and malware makers abound, phishers seek passwords and they steal identities. Users may be victimized by simply visiting an infected Web site. When you visit a Web site, be sure your antivirus and antispyware software is up-to-date and never click on random pop-up ads. Likewise, if you use social networking sites, make sure you set the privacy settings at the highest possible level."

Even these methods are becoming insufficient, however, Kimball warned, emphasizing that all students, faculty and staff should become vigilant about removing or encrypting any sensitive information they have on their computers, such as social security and credit card numbers.

"You also should request that the technical staff in your area create a 'general user access account' for you to use whenever possible (rather than using a higher level 'administrator access account'). Using the lower privilege 'general account' can eliminate a large portion of vulnerabilities and keep you significantly more secure."

As we move into the holiday season, security experts caution that risk for Internet fraud will increase sharply, with over 10 million identity thefts occurring each year in the U.S. alone.

"It is in our staff, faculty and students' best interests to become (and remain) aware about the dangers and what they can do to protect themselves and others. This campaign is designed to help do that, and make known the tools that can help," said Kevin Morooney, Vice Provost for Information Technology.

Computer users can protect themselves and their machines by following the tips below:

Watch out for phishing scams
Keeping your data secure involves more than virus detection, it also means keeping personal data out of the hands of con artists. Phishing criminals send out millions of fraudulent e-mails everyday mimicking the legitimate names and logos of banks, institutions and corporations to fool you into revealing sensitive data such as your password or credit card number. Never disclose personal information and passwords via e-mail, no matter who requests it.

Use social media cautiously
Facebook, MySpace, Twitter and other social networking Web sites are an easy way to meet new people, but forming relationships indiscriminately online can lead to digital theft or fraud. In addition, the materials you post on these sites may cause harm to your reputation. Some individuals have been disciplined by their employers, lost job offers and more, due to the pictures or statements they posted via social networking. Social media sites typically create an illusion of intimacy, but they are not private. They are easily accessible -- not only to school administrators, potential employers and law enforcement officials -- but to scam artists and criminals.

Protect your personal data
People who have experienced identity theft know how much this event has interfered with their lives and daily activities, creating high levels of personal stress, fraudulent expenses, and sometimes ruining credit ratings for years. Protect personal data by eliminating social security numbers and other kinds of sensitive information on your computer, using encryption and downloading anti-spyware software.

Watch out for Web-based attacks
Automated attack tools are always seeking ways to break into and take over your system. Severe attacks may delete important data, crash your system, spawn new attacks or even steal personal data. Be careful to set the most secure settings in your browser and firewall software and to run as a "general user" (see definition in third paragraph above) whenever possible. If you believe your computer has been compromised, contact security@psu.edu immediately.

For more about firewalls, antispyware, antivirus software and the other topics discussed above, visit Penn State's Take Control by visiting the link at the top of this article.

Last Updated October 28, 2009