Skip to main content Skip to main content

Security Tips

We all play a role in cybersecurity, whether it’s protecting our families from identity theft, protecting our workplaces from cyber attacks, or protecting our communities from online predators. Here are some tips for staying safe when using technology:


Physical security of devices

Don't leave your computer in an unsecured area, or unattended and logged on, especially in public places - including coffee shops and the public library. The physical security of your machine is just as important as its technical security. If you lose an MSU Denver-owned device, please contact the ITS Helpdesk immediately at 303-352-7548 or support.msudenver.edu.

Secure disposal of devices

When recycling or disposing of an old workstation, mobile phone, or external drive, it is important to ensure that no critical data remains on the hard drive or phone. Thieves will look in storage and trash removal areas to find anything that might be worth selling. Remove data in a manner that makes it impossible for anyone to retrieve it after disposal. If you need any MSU Denver-owned equipment disposed of securely, please contact the ITS Helpdesk at 303-352-7548 or support.msudenver.edu.

Manage your passwords

Keep your passwords up-to-date, and change them often. Never use a short or weak password. Consider using a password manager if you have a lot of passwords, or if you have trouble remembering them. See our "Choosing a Strong Password" section on this webpage for more details.

Never share your login information

Never share your login details, for any system or application, with anyone. ITS will never ask for your password.

Know the dangers of using public charging stations

It is a good to keep all of your devices charged to make sure you can access your digital life anytime, and more places like MSU Denver are offering free public mobile device charging stations. However, just like free unsecured WiFi networks, there are dangers with public chargers, because modern hacking trends are getting more advanced and are employed in various places like ATMs and now public charging stations. Anyone can hide a small chip that will infect devices as it charges them. The best way to protect yourself is to always use your own USB charger or use USB cables that block data transfers. These 'charge only' USB cables look exactly like any other USB cable except they prevent your device from going into 'data transfer' mode when connected to a computer, thus preventing data theft / viruses when charging from an unknown USB socket.

Use the MSUDenver WiFi network whenever possible

Using the MSUDenver WiFi network is more secure than using free unsecured WiFi networks that do not require passwords. This is because your data is encrypted when it's transferred over the MSUDenver WiFi signal. Visit our MSU Denver WiFi page to learn how to connect to this network with various devices.

Why It's Important

Conmen have been tricking people out of their money for thousands of years, and impersonating someone else is nothing new. E-mail, websites, and chat programs just make it easier to trick people out of their money. Identity theft is the fastest growing crime in America.

Phishing Examples

DO NOT RESPOND to these messages!

These messages are fake. They are being sent by hackers trying to trick you into giving them your password so they can take over your e-mail or steal your identity and drain your bank account!

This technique is called "phishing." They are phishing (fishing) for victims. See the example below.


 Dear Outlook Account User,

This message is from Outlook user care messaging center to all employee and student, to all Outlook account owners. We are currently upgrading our data base servers and e-mail account center. We are deleting all compromised account during the last academic break.

You will have to Authenticate your Outlook Account to prevent a permanent closure of this email address/web-mail account.

To Authentication CLICK HERE<http://microsoftportalwebaccess.weebly.com/>

Successfully authenticated addresses will be automatically notified via inbox.

Warning!!! Account owners who do not authenticate their account after receiving this update will have his or her account terminated. We are committed to protecting your privacy. Your sensitive details will not be shared with any third party.

MICROSOFT CARE CENTER HELP DESK
© 2014 Microsoft Corporation. All rights reserved.


If you receive one of these messages, or any message that asks you to provide private or confidential information (password, SSN, DOB, etc.), you should simply delete the message.

  • Do NOT reply to the message.
  • Do NOT click on any links in the message.
  • Do NOT open any file attachments in the message.
  • Do NOT call any phone numbers in the message.
  • DO delete the message.

IMPORTANT: If you have already provided your password in response to one of these messages, please contact the ITS Helpdesk immediately at 303-352-7548 or support.msudenver.edu.

What You Can Do About It

There are thousands of different scam techniques. You should always be on your guard and you MUST always be very protective of your confidential information.

Online conmen use e-mail, websites, and chat programs to trick people into providing them with private and confidential information (such as credit card information, date of birth, etc.). They can use this information to make unauthorized charges to your credit cards, or use your identity to take out loans in your name. Such "phishing" scams often come as an official looking e-mail that appears to have come from your bank, credit card company, online storefronts like Amazon or eBay, online payment systems like PayPal, etc. The e-mail usually says there is something wrong with your account or that they need to verify your information. These messages have been forged and are fraudulent. These organizations will never contact you by e-mail to verify your information, or to inform you of a problem with your account. You should just delete these messages; never reply to them and never follow their instructions. If you need to contact your bank or credit card company, call the phone number that is printed on your monthly statement. If you need to contact an online storefront or other online service, don't use any phone numbers or links provided from the malicious e-mail; visit their website, either with the direct address or via a web search, and use the contact information provided there.

See Also
Why It's Important

When a computer connects to a network, it will listen for any connection using ports. A port is a special integer that acts like a door to your device. A connection needs two things, the computer IP address and the port number. When a connection is received by a computer, the connection will be made to a program that is listening on a specific port number like 1234. If the computer has a program that is listening on port 1234, the computer will accept that connection without questioning it. So when a computer has no firewall enabled, anyone can connect to your computer and access data if there's programs serving such data. The program may have a login, but it may have a security hole that allows any connection to be made.

A firewall is software or special hardware. A firewall protects your computer by disabling ports that are not in used. A firewall can also be set so that only programs on your computer, that you have authorized, are able to talk to the internet. This is the basic function of firewalls. They can do more to help secure computers, but this is just a quick overview of firewalls.

What You Can Do About It
Most suppliers of anti-virus programs also supply personal firewall programs. MSU Denver uses Kaspersky end-point security as an antivirus and a firewall. We also use hardware based firewalls for our network.
 
See Also
 CERT Coordination Center Home Network Security
Why It's Important

Every computer should have a good quality anti-virus program installed and running on it. Windows computers are not the only computers that get infected by computer worms and viruses. Even Mac and UNIX computers can be infected by viruses, worms and trojan horse programs.

One of the most important things you can do to help keep you and your computer safe while online is to run a good quality anti-virus program. Computer worms and viruses continue to cause a great deal of damage to computer systems; many of them are created to steal confidential information off of infected computers.

What You Can Do About It

You can buy a good quality anti-virus program at any well stocked computer store. Look for one that also has a personal firewall built into it. Be sure to keep your anti-virus program up to date. Most suppliers of anti-virus software provide an automatic update service to help keep your anti-virus software updated.

All computers provided by the Division of Information Technology have Kaspersky Security 10 software installed and running on them. It is configured to automatically check for updates daily. All e-mail that passes through the University's e-mail service is also scanned for viruses by the Email server.

Additionally, Kaspersky Anti-Virus product licenses are available to MSU Denver faculty and staff for personal computers (PC or Mac). Use the following link to download the software:

See Also
Dealing With Junk Email

Everyone who uses email eventually has to deal with unwanted email or junk email (oftentimes called spam). Email isn't the only target of spam. Spam is sent to fax machines, text pagers, via instant messaging, and posted on websites. But spam email is the most common form of spamming.

Spammers send junk email because it is effective at tricking people to do things and run malware on their systems. Spam is used by various people that commit financial fraud, identity theft, and to spread malicious programs.

What You Can Do About It

Use a second email address from a free email service when signing up on websites, answering online surveys, or posting to news groups or blogs. You can abandon the second account when it becomes deluged with spam. Many Internet providers give you the option to create an "email alias" for such a purpose.

Currently, it's not possible to eliminate all junk email. Spam email is going to stay with us for some time to come. There are a few simple precautions you can take to help protect your email address and your computer from spam.

  • Be cautious when giving out your email address. Know who you are giving your email address to, why they need it and what it will be used for.
  • Ask companies about their privacy policy and opt-out policy.
  • Ask your Internet provider if they offer a spam filtering service.
  • Many newer email programs such as MS Outlook and Thunderbird have simple spam filtering capabilities built into them which can be enabled. Some web-based email services also have basic spam filtering features that can be enabled.
  • Set your email program to not display images (pictures) when they are embedded inside email messages.
  • Disable JavaScript and ActiveX in email messages.
  • Enable "view email as plain text only" mode, re-enable when needed.
  • Always be very cautious of e-mail attachments. Generally you should not open an email attachment unless all of the following are true:
    • You know the sender and have received legitimate email from them in the past.
    • The subject line makes sense to you.
    • The text of the message makes sense to you.
    • You were expecting the sender to send you a file attachment.
    • You know what the file attachment contains and why it was sent to you.
    • You have a good quality, up to date anti-virus scanner installed and running on your computer.
  • Never reply to junk email. Never click on any links in junk email. And never call any phone numbers found in junk email.
  • Train yourself to recognize junk email in your Inbox and delete it without opening it. Spam email should just be deleted.
  • See our security awareness program SANS Securing The Human.
  • Forward any suspicious emails to spam@msudenver.edu.
Why It's Important

There have been several high-profile computer security incidents that did not involve hackers or viruses - they were caused by burglars stealing the computer. In one case, the burglars didn't steal the computer, they stole the hard drive out of the computer! In all of the cases, the computers had extremely confidential data saved on the hard drive.

What You Can Do About It

Be careful about what private or confidential data you save on your computer hard drive (or USB drive). Before saving confidential information on your computer, ask yourself what the consequences would be if your computer was stolen or the data was copied off of your computer by a Trojan horse program? Is your computer the safest place for the data? Should the data be encrypted?

Routinely backup important data and store it in a secure place away from the computer. Periodically review the files you have saved on your computer and use a secure erase utility to remove old files, particularly if they contain sensitive information. University policy prohibits saving SSN or credit card data on any portable computing device or portable storage media.

Because many laptop computers are used when traveling and get connected to many different networks, it is very important for laptop computers to be kept up-to-date with the latest security patches, run a good up to date anti-virus scanning program, and have a personal firewall. Laptops that are owned by the University can be brought to the IT help desk in AD475 for maintenance.

Take all of the necessary precautions to keep your computer from being stolen. Never leave a laptop computer or PDA unattended - not even for one minute. When not in use, be sure that your laptops, PDA's, USB drives and CD's are secured and out of sight. Portable computing devices should be configured to require some kind of "boot up" password before the device can be booted up. It should also require a "logon" Username/password (or biometric authentication) before the desktop and data can be accessed. Sensitive or confidential data should be encrypted. Windows laptop computers deployed to individuals by Information Technology Services has been encrypted with whole drive encryption. Other security devices may prove useful; however the quality of these devices varies greatly, so shop and compare.

See Also
Why It's Important

Passwords are one of our first lines of defense for us when we use the Internet. Unfortunately, oftentimes the passwords we choose are also our weakest defense. To make it easier for us, we often choose a password that is too easy to remember. These easy to remember passwords are usually easy for others to guess or break.

What You Can Do About It

A strong password should:

  • Be ten or more characters in length.
  • Not be a name or a word from the dictionary.
  • Have one or more upper-case letters.
  • Have one or more lower-case letters.
  • Have one or more digits (numbers).
  • Have one or more other printable characters or symbols (~!@#$%^&*).

Never give your password to anyone else and, never let anyone else use your computer account. Consider changing your password at least once a semester.

There are tricks you can use to come up with a strong password that is still easy to remember. For example, think of a favorite line from a movie or poem then, pick the first letter from each word, and capitalize every other letter. You could also combine two short words together and capitalize one word but not the other. Be sure to include some digits (numbers) and other special characters in your password.

Consider using a password manager to help manage all of your passwords and create secure passwords for you. You only have to remember one master password to unlock all of your passwords. However, please note that not all managers are created equal. The best passwords managers are the ones that work locally.

Password Managers

  • LastPass - A good online password manager. You can access your passwords anywhere.
  • KeePass - KeePass is a free, open-source password manager, which helps you to manage your passwords in a secure way. You can put all of your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.

Further Assistance


If you have additional questions, concerns, or need immediate assistance - Please contact the MSU Denver Helpdesk.


 


Edit this page