INSIDE BINGHAMTON UNIVERSITY
Q&A: Digital security
How can you tell a spam message or phishing scheme from legitimate e-mail?
Basically, just don’t trust e-mail. The bad guys are becoming much more sophisticated. The rule of thumb is: If it’s unsolicited and it’s asking you to do something, it’s never real. Most legitimate businesses will not be contacting you via e-mail to conduct sensitive business. Clicking on anything you see in an e-mail is dangerous.
Just how big a problem is unwanted e-mail?
About 80 percent of the 100 million messages sent to campus accounts last year were identified as spam and blocked. And in that remaining 20 percent, many more messages will be quarantined or tagged as probable spam. There’s a tremendous engine out there working to waste our time.
Generally, though, the good guys are working hard to keep up with the bad guys. Our virus protection software is updated constantly and we have a firewall and other devices designed to fend off intrusion attempts.
The campus is an oasis of safety because of the excellent crew of technical people here. The problem, of course, is you don’t know what tomorrow will bring.
What’s a smart way to choose a password?
A “strong password” is a minimum of eight characters, with a mix of numbers, lower- and upper-case letters and special characters.
Don’t use an English word or a name. A capital letter, number of special character in the middle or at the end of a password will make it harder to crack. The name
s of pets or children aren’t a good idea, unless you combine them into words that aren’t in the dictionary. If you want to use a common word to help you remember your passwords, then try replacing common letters with special characters (like “a” with the symbol “@” or “s” with “$”).
How can users keep passwords safe?
Don’t write them down! Choosing just a few strong passwords and committing them to memory is a good idea because you’re more likely to remember them and not need to write them down.
A password really isn’t a great method of security. Fingerprints, irises and other biometrics will soon replace them. In fact, my current laptop computer has a fingerprint reader built into it.
Personally, I have one set of passwords for accounts that wouldn’t pose a threat if someone did get into them and another set for more sensitive information. That way I’m not giving out my “good” password for less important services that still require a password.
It’s probably a good idea to have a schedule for changing passwords, too.
What advice do you have for departments that handle sensitive information such as Social Security numbers?
Do not store that information on any PC connected to a network.
Eventually, the University will use a different number for identification. Because so many of the systems on campus are interrelated, it’s not a simple thing to change.
Unfortunately, switching to a different number won’t gain us any new features, but it’s much safer for our students, faculty and staff and it’s a good idea, like buying insurance.