Information Security

• Never include sensitive personal or banking information in email correspondence
• If you print it, go get it right away
• Never respond to an email asking for personal information
• Do not download files from unknown sources
• Never leave your computer logged in when you walk away
• Watch out for shoulder surfers who read over your shoulder or try to steal your password
• Do not check "remember my password" boxes
• Do not use reuse passwords
• Do not use unauthorized software
• Do not leave thumb drives or other small devices lying around
• Do not plug in USB drives that you do not own

More Information

Helpful Password/Passphrase Tips

• DO Make your password UNIQUE to your life and not something that is easily guessed.
• DO Have a different password for each online account.
• DO Change your password several times a year.
• DO Make your password between 8 to 20 characters long. The longer and more complex it is, the harder it is to crack.
• Do NOT share your password with others.
• Do NOT write your password down and leave it under your keyboard or on a sticky note on your monitor.
• Do NOT Use your name, Social Security number or any other personal information that could identify you. This means pet names, girlfriend/boyfriend names, birth dates, phone numbers, license plates, car models or addresses.
• Do NOT Use any word found in a dictionary longer than three letters. Hackers use automated programs to crack passwords using special programs that scan for any word found in a dictionary. This includes any word spelled backwards.
• A Strong Passphrase:
  • Is 20 to 30 characters long.
  • Is a series of words that create a phrase.
  • Does not contain common phrases found in literature or music.
  • Does not contain words found in the dictionary.
  • Does not contain your user name, real name, or company name.
  • Is significantly different from previous passwords or passphrases.
• Help yourself remember your strong password or passphrase by following these tips:
  • Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
  • Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December, 2004 could become Mi$un's Brthd8iz 12124, which would make a good passphrase.
  • Relate your password or passphrase to a favorite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.

Here are a few ways to avoid phishing attacks:

• Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information
• Do not provide personal information or information about your organization
• Do not reveal personal or financial information in email
• Do not send sensitive information over the internet before checking a website's security
• Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site
• If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly
• Install and maintain anti-virus software, firewalls, and email filters
• Take advantage of any anti-phishing features offered by your email client and web browser

See more Information here.

• Do not give your email address out arbitrarily
• Check privacy policies
• Be aware of options selected by default
• Use email filters
• Report messages as spam
• Do not follow links in spam messages
• Consider opening an additional email account when posting to public mailing lists, social networking sites, blogs, and web forums
• Use privacy settings on social networking sites
• Do not spam other people
• Do not use unsubscribe, as it verifies the email is active

See more Information here.

• When choosing a mobile phone, consider its security features
• Configure the device to be more secure
• Configure web accounts to use secure connections
• Do not follow links sent in suspicious email or text messages, such links may lead to malicious websites
• Limit exposure of your mobile phone number
• Carefully consider what information you want to be stored on the device
• Be careful when selecting and installing apps. do a little research on apps before installing them
• Maintain physical control of the device, especially in public or semi-public places
• Disable interfaces that are not currently in use, such as Bluetooth, infrared, or Wi-Fi
• Set Bluetooth-enabled devices to non-discoverable. When in discoverable mode, your Bluetooth-enabled devices are visible to other nearby devices
• Avoid joining unknown wi-fi networks and/or using public Wi-Fi
• Perform a factory reset before discarding your old phone
• Do not "root” or “jailbreak” the device

See more information here.

• Review your bank’s information about its online privacy policies and practices
• Before setting up any online bill payment, check the privacy policy of the company or service you will be sending payments to
• For security purposes, choose an online personal identification number (pin) that is unique and hard to guess
• Install anti-virus, firewall, and anti-spyware programs on your computer and keep them up to date
• Regularly check your online account balance for unauthorized activity
• Use a credit card or PayPal to pay for online goods and services
• Avoid situations where personal information can be intercepted, retrieved, or viewed by unauthorized individuals
• If you receive email correspondence about a financial account, verify its authenticity by contacting your bank or financial institution
• If you have disclosed financial information to a fraudulent website, file reports with the following organizations:
• Your bank
• The local police
• The Federal Trade Commission
• The Internet Crime Complaint Center
• The three major credit bureaus — Equifax, Experian, and TransUnion

See more information here.