Mines Cybersecurity Tips

ITS’s Office of Information Security wants reach as many people in our community as possible with information, resources, and advice they can use immediately to improve computer security. Each October we feature contests and events designed to promote cybersecurity on campus. But, really, every month is a month to be concerned with computer security. Mines security experts have provided the following tips to combat the most dangerous and common cybersecurity issues on campus:

1. Use Anti-Virus and Anti-Malware Software on Your Computer

A computer virus is a type of malicious software (also known as “malware”) designed to infiltrate a computer with hostile intent. Viruses, worms, Trojan horses, spyware, adware, and other malware can do a great deal of damage to your computer. While these terms might be used interchangeably, there are distinct differences in how each works. Regardless, all can cause damage, can be very difficult to neutralize (without erasing your hard drive and starting over), and can result in total destruction and loss of programs and data. A rampant, quickly propagating, and destructive piece of malware may easily require hundreds of hours of specialized technician time to eradicate from the campus.

Mines recommends using Microsoft’s Defender ATP product, a next-generation anti-malware product originally created for Windows [version 8+]. However, through various partnerships, this product looks to continue building its cross-platform capabilities across OSX, Linux, iOS, and Android devices.

For the macOS and Linux populations where, perhaps, installing Microsoft’s Defender ATP is not a viable option right now, there are other options. Please reference these third-party links for other anti-malware packages:

Additional programs may be needed to eradicate other forms of malware such as “adware” (software designed to deliver unwanted advertising to your computer) or “spyware” (software that tracks your computing activities in various ways). Free, third-party anti-malware programs like Ad-Aware, Malwarebytes, and Spybot Search & Destroy are available to individuals for their personal use (these companies are not associated with, or licensed by, the Colorado School of Mines).

2. Use a firewall

A firewall is software designed to block unauthorized access to your computer while permitting authorized communications. A firewall, in effect, regulates which computers and applications may “converse” with your computer. Most operating systems come with built-in firewalls that provide good protection against intrusions without restricting typical network access needs.

Mines also maintains a firewall between the campus network and the wider Internet. However, malicious traffic can and does sometimes get through. In addition, there may be malicioius traffic that originates on the Mines network itself. Make sure your operating system’s firewall is on and active for an extra measure of protection.

3. Keep your software up-to-date

Software undergoes continual change to provide new features and to correct known problems, including security problems. These changes many times also introduce new problems or expose existing problems which can be exploited by unscrupulous computer experts. As these problems are detected and patched, vendors issue software updates which correct them. This situation occurs with every piece of software running on your computer so, when a vendor issues an update, apply it!

Windows, Mac OS X, and Linux all have built-in ways to update the operating system and programs that come with the operating system. Use them. But third-party programs must also be updated. Don’t forget to check for newer versions of such popular programs as Adobe Flash, Adobe Reader, Firefox, Google Chrome, Safari, iTunes, and Java, among others. And remember that you may also have to manually update your antivirus and anti-malware programs, too.

4. Never send personal information in response to an unsolicited email

Ever get an apparently authentic email from your bank, credit-card issuer, or even Mines asking for personal information, account numbers, PINs, or passwords? If you did, you were the target of a “phishing” attack. Phishing refers to the online imitation of a legitimate company’s logos and look in spoofed, illegitimate email messages and web sites — all designed to take money from you fraudulently.

Phishing emails and websites are created with the intent of fooling unsuspecting users into divulging personal information. A typical “phish” email will appear to come from a legitimate business or financial institution, informing the recipient that some type of problem has affected their account and directing them to follow a provided web link to clear up the problem. The link does not lead to a legitimate site, however, but to a server (usually in another country) on which an imitation web site has been set up. The unsuspecting customer is then prompted to enter confidential personal information at this imitation site. The scammers collect this information for use in identify theft. Then, the unsuspecting customer is usually redirected to the legitimate web site to obscure the fact that they just gave away important personal data to crooks.

Phishing sites can also include malicious elements that are intended to take advantage of web browser vulnerabilities. Even if you don’t enter personal information on the spoofed web site page, you could be putting your computer’s security in danger simply by clicking on the link in the fraudulent message that leads to that page.

The best way to protect yourself from phishing scams is to not click on a link in an unsolicited or suspicious message you receive.

Are there other things we could or should do to improve our cybersecurity?

Of course. This is a far more complicated subject that we have even hinted at above. For more on topics like viruses, spam, and security, see the ITS FAQfinder and Knowledge Base entries on those subjects.

Here are some further tips:

  • Remove software that you no longer use. That eliminates a potential security hole immediately.
  • If you run Windows, upgrade to the latest version of the Edge browser or use an alternative like Firefox or Chrome.
  • Create a simple, non-administrator account for routine use. Don’t log in as administrator on a regular basis.
  • Be extra cautious about clicking on links in emails and instant messages. A link that says one thing could actually take you somewhere very different.
  • Back up your critical data. If all else fails, this is your last resort. Don’t assume that someone else has backed up your information for you.
  • Don’t share or publish personal information including your employers, job roles, or contact details. These details allow criminals to make the most successful phishing attacks.
  • Use complex passwords to protect important accounts. Use upper and lower-case letters, numbers, and punctuation and at least eight characters total.
  • And, of course, follow the four main suggestions above at all times.