IT Security Tips
So, how do you have a "strong" password that is easy to remember? While it may seem tough to do this, there are a few simple tips that can make it easy. Note: the examples below illustrate just the concepts being discussed. No single technique should be used on its own, but rather should be used with other techniques. The combination of several will produce a strong password.
- Use a mix of alphabetical and numeric characters.
- Use a mixture of upper- and lowercase; passwords are case sensitive.
- Use symbols if the system allows (spaces shouldn't be used as some applications may trim them away)
- Use a combination of letters and numbers, or a phrase like "many colors" using only the consonants, e.g., mnYc0l0rz or a misspelled phrase, e.g., 2HotPeetzas or ItzAGurl .
- Pick something obscure:
- an odd character in an otherwise familiar term, such as phnybon instead of funnybone;
- a combination of two unrelated words like cementhat
- An acronym for an easy to remember quote or phrase (see below)
- a deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or HersL00kn@U (Here's looking at you).
- Replace a letter with another letter, symbol or combination, but don't be too obvious about it. Replacing o with 0 or a with 2 or i with 1 is something that hackers just expect. It is definitely better than nothing, but replacing 0 with () would be stronger as it makes your password longer and is not as obvious
- An easily phonetically pronounceable nonsense word, e.g., RooB-Red or good-eits .
- Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#
Do Not Choose…
- Your name in any form — first, middle, last, maiden, spelled backwards, nickname or initials.
- Any ID number or user ID in any form, even spelled backwards.
- Part of your userid or name.
- Any common name, e.g., Sue, Joe.
- Passwords of fewer than six characters.
- The name of a close relative, friend, or pet.
- Your phone or office number, address, birthday, or anniversary.
- Acronyms, geographical or product names, and technical terms.
- Any all-numeral passwords, e.g., your license-plate number, social-security number.
- Names from popular culture, e.g., Harry_Potter, Sleepy.
- A single word either preceded or followed by a digit, a punctuation mark, up arrow, or space.
- Words or phrases with all the vowels or white spaces deleted.
- Words or phrases that do not mix upper and lower case, or do not mix letters or numbers, or do not mix letters and punctuation.
- Any word that exactly matches a word in a dictionary, forward, reversed, or pluralized, or with some or all of the letters capitalized
The following websites will help test and generate secure passwords
- Test - http://www.passwordmeter.com/
- Generate - http://passwordsgenerator.net/
- Generate - http://www.bad-neighborhood.com/password-generator.htm
If your computer is in an area where other people may have physical access to it while it is up and running, you should lock your computer when leaving the computer unattended. If you lock your computer, others will not have access to your desktop and open applications in your absence.
Desktop locking is especially important if you leave applications running, and have access to sensitive or confidential information.
1. Press the control-alt-delete keys at any time, and you'll be presented with an option panel.
2. Select "Lock Workstation".
Why should I back up data on my computer?
Information or data on your computer could be lost, if:
- The hard drive in your computer fails
- The data on your computer is corrupted for a variety of reasons
- Your computer is lost or stolen
- Your computer is in a fire or other environmental event
- A virus infects your computer and deletes or corrupts your files
Consider the inconvenience of having to recreate all of the information stored on your computer - how much of it is important to your academic or professional career - and how much of it might actually be irreplaceable.
What should I back up?
Back up any information that is important to you. Consider not only the documents folders where you store the files you create, but also your Web browser bookmarks, contacts databases, and files stored on your desktop.
- Students should consider making a daily back up of assignments they are working on.
- Faculty and staff may find it helpful to make a back up copy of files they are creating as they work on them.
It's generally not practical or appropriate to back up copies of programs you have installed, but you should always make sure you keep the installation disks or files. This way, you will be able to reinstall programs that you own, if your computer is reimaged or replaced.
How should I back up my data?
There are a number of ways to back up your data. They generally fall into two categories: backing up to the network and backing up to an external disk or drive.
Backing up to the network: This is the recommended way to back up important files. All faculty and staff have a personal network drives where they can store files not intended to be shared with others. The network drive is a secure location, accessible from on or off campus using the https://myfiles.okanagan.bc.ca portal or the virtual private network (VPN) . Additionally, each department has its own shared network drive where faculty and staff can store files that are intended for collaboration or sharing with colleagues. Both of these drives are good locations for you to store copies of important files after making changes to them.
The network drives are recommended back up locations for a variety of reasons:
- Access to these drives is restricted to authorized accounts.
- All the data on these drives is backed up to tape daily.
- These drives are available from anywhere on the Internet.
Backing up to an external disk or drive: There are a variety of types of external drives, such as CD or DVD burners, which can write your data to a disk for back up. Additionally, USB drives come in a variety of sizes; some very small and portable, some too big to carry in your backpack every day. The larger USB drives are a generally reliable option for backing up your data. However, the smaller thumb or flash drives are only recommended for temporary storage of data, such as carrying information from home to campus for a presentation. These drives fail frequently and are not recommended for long term storage.
You should back up your data as soon as you have created enough new files or changes to existing files that it would be difficult to recreate them, if lost. IT Services recommends backing up individual files daily if you are saving to the local drive of your computer.
Many devices at Okanagan College contain faculty and student personal information.
British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) dictates how public bodies, including Okanagan College, must protect personal information. Rulings from the BC Information and Privacy Commissioner's Office, which oversees FIPPA's application and compliance, have made it mandatory for personal information to be encrypted on mobile devices. OC must take the necessary steps to protect its data and be compliant with the rulings.
The following devices should be encrypted:
- USB Sticks
Learn how to secure your devices!
IT Services has recently developed an OC IT Security course and Self-Assessment. This course and assessment should only take 10 minutes.
- Log into Moodle (myOkanagan credentials)
- Click Site home in the Navigation block at the top left
- In the Search courses field at the bottom center enter: Security Self-Assessment
- Click on the course name, then click the Enrol me button
Come get your encrypted USB stick!
Help desk is handing out encrypted USB sticks for all staff. IT will be happy to answer any questions that you have with regards to the course materials or the process to ensure your devices are protected from data theft. If you have your own blank USB stick, we can encrypt it for you.
Phishing is a scam intended to steal personal and financial information from unsuspecting victims. Passwords, credit card numbers, bank account information, Social Security number, or other sensitive information–all are valuable to scam artists. Be proactive in protecting yourself. Phishing emails come in many forms and though the most important thing you can do is to avoid them altogether, here are some useful tips to avoid getting hooked:
It is trivially easy to make a link lie to you. Instead of clicking a provided link, use your browser to go to the known and trusted website by typing the link into your web browser yourself.
For example, take this link: http;//www.google.com/ If you click this, it will not take you to Google, it will take you somewhere completely different. Scammers use this trick all the time to trick you to going to malicious websites.
You can tell where a link is going to take you by hovering over it with your mouse. Don't click. Hover. If you do this for the link above you will see "www.okanagan.bc.ca" pop up in a box by your pointer or in a space at the bottom of your email client or browser.
If you are on a smartphone, click and hold the link to have a box appear that will show you the real destination and ask if you really want to go there.
General rule: if the email message is lying to you about where it wants to send you, it is a scam.
Phishing scams generally come in the following formats. Recognize them when you see them.
It is a scam. Delete it. You will never be asked for your account password from a legitimate source.
Typically, phishers send an e-mail or pop-up message that claims to be from a business or organization that you may deal with — for example, an Internet service provider (ISP), bank, online auction service, online payment service, travel service, or even a government agency.
The message may ask you to update, validate, or confirm your account information. Some phishing emails threaten a dire consequence if you don't respond. The messages direct you to a website that looks just like a legitimate organization's site. It is almost certain a scam and could look something like this:
"We suspect an unauthorized transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity."
"During our regular verification of accounts, we couldn't verify your information. Please click here to update and verify your information."
These files can contain viruses or other software that can weaken your computer's security.
They may be videos sent to you from a friend's account that has been compromised. They may be PDF files from some company claiming to contain an invoice from a recent purchase you did not actually make. They might be "screen savers" or executables masquerading as any number of believable things.
Know what is normal for you, so you can recognize the abnormal.
Be suspicious of email messages that claim to be from a business and yet contain errors in grammar, use of words, spelling or punctuation should send you a red flag. Most businesses have several layers of review before a message is approved for release to the public. Obvious errors will typically be caught and removed during this process.
Familiarize yourself with Okanagan College's "Responsible and Appropriate Use of IT Resources" policy.
- Never deliberately download software to your computer from the internet, no matter how helpful or interesting it may appear, unless you are sure you trust the source. Even innocuous toolbars and nifty utilities can be packed with unwanted spyware. Be especially wary of file-sharing programs, which you shouldn’t be using in the office anyway.
- Stay away from any questionable sites, including music sharing, hacking, screensaver, or other off-beat sites.
- Whenever an unwanted or unexpected pop-window appears, shut it down immediately by clicking on the “x” in the upper right hand corner of the window. Never click on any button, even if it says “Cancel” or “Close” on the window itself. These buttons can masquerade as innocent features that inadvertently start an unwanted download of spyware.
- Be suspicious if endless pop-up windows start opening simultaneously, or if the performance of your workstation slows to a crawl. Assume that you’ve been hit by spyware and seek assistance from the Help Desk.