IT Security Essentials Lesley A. Bidwell, IT Security Administrator
The Security Mantra Confidentiality Integrity Availability
SUNY Oneonta Security Program Developed by a working group of faculty and staff Adopted by President’s Cabinet in March 2005 Available from the campus network at
SUNY Oneonta Security Program “This program applies to all faculty, staff and students of the College, or others … who may utilize the College’s technology and related facilities.”
Why all the concern about security? Computer hacking has become big business We store vast amounts of personal data in our systems – on students and employees We need that data to be accurate and available in order to do our jobs We must comply with State and Federal regulations
What are we doing about it? Constantly monitoring systems and threats to keep our servers and our network secure Implementing policies, procedures and practices to assure only authorized users have access to data Educating users
What can you do? Security is everyone’s responsibility Check out the security program Contact the IT Security Administrator with any questions or if you suspect there has been a security breach Follow some basic guidelines:
Be aware Make information security a regular practice Recognize poor security practices in your own habits and in your office Remain vigilant where information security is concerned
Passwords Never share a password –If more than one person needs access work with us to set up a network share so each can use their own password –Even the IT Helpdesk should never ask for your password
Passwords Choose strong Passwords –Will be required soon –Use a phrase that’s easy to remember but hard to guess –Must contain 3 of 4 Upper case letters Lower case letters Numbers Special Characters See acy/password.mspx
Passwords Examples: Weak fluffy password2 bidwella Strong str0ngPa55 2&2=Four myc4tisf!uffy
Passwords Change passwords regularly –Will be required soon –Every 180 days –Limits the length of time a hacker can use a compromised password –ALWAYS change passwords if you suspect your password has been stolen
Passwords Never post your password –On your computer monitor –Under your keyboard –In the desk drawer –Anyplace that someone might look
Passwords Never save passwords in applications – , Web Authoring, PPP for dial-in –Anyone who sits at your computer has access –Equally important at home
Physical Security Always lock your computer when you leave it unattended (ctrl-alt-del) Never leave hard copies with sensitive data in plain view Always log out of web applications (Banner, ) and close browser
Laptops and Mobile Devices Theft Access on insecure networks Strong passwords Encryption
Malware A general term for malicious software Includes viruses, trojans, rootkits, spyware, etc. Vectors of infection include , web pages, links sent through IM sessions, hidden in other programs
Malware Anti-virus software –Must be up to date –Must be running –Use on-access scanner –Schedule daily scans
Malware Anti-spyware software –Must be up to date –Must be running –Good choices include Microsoft Defender, Spybot Search & Destroy and Adaware – /modules/wfdownloads/viewcat.ph p?cid=3
Malware Operating system patches –Apply critical patches as soon as possible –Use automatic updating when possible –Important for Macs and Linux machines as well as Windows
Malware – Signs of Infection Computer slows down New homepage, toolbars, default search pages or favorites in browser Anti-virus and/or anti-spyware software get turned off
Malware Be sure to use these procedures at home Call the Information Technology Helpdesk about using the ASCI or Secure Desktop program for your office computer
Business Continuity Planning Remember “Availability?” All departments need one Test it!
Questions? Lesley Bidwell x2628 Information Technology Helpdesk x4567