IT Security Tech Tips

The CTC IT Division has security tips and longer guides on the following topics.


Cybersecurity Best Practices


How to Create a Secure Password

If you need help creating a secure password, follow these simple tips:

•    A good password is complex and consists of upper and lower case characters, numbers, and special characters. Remember to use numbers and special characters in the password itself and not just at the end of your password.

•    Use phrases instead of single-word passwords. (Spaces count as special characters when used in a password.) Rhymes, song versus, and quotes are typically easier to remember as well.

•    Do not write down or store your password around your work area. If you’re tired of juggling multiple passwords, look into acquiring a password manager. (KeePass is one of many password managers that will store your passwords in an encrypted file on your computer or flash drive.)

•    Do not share your password with anyone. If you think someone knows your password, change it immediately. IT personnel will never ask you for your password.

•    Do not use personal information to create a password.

•    Do not use the same password for everything.

Return to Top

How to Disable Windows AutoPlay

AutoPlay is a Windows function that plays media as soon as it is found on an inserted device (nowadays a flash drive). While this function was originally intended for user convenience, it has also created a new way for malware to be subtly dropped into unsuspecting computer systems. Malware such as keyloggers and Trojan horses can obtain your passwords or open a backdoor to hackers. It is for these reasons that turning off Window’s AutoPlay and scanning unknown flash drives for malware before opening them is so very important.

To turn off AutoPlay:

1.    After clicking on the “Start” button, select “Control Panel.”

2.    In the “Control Panel” window, click on “Hardware and Sound.” Select “AutoPlay.”

3.    The easiest way to disable all media types is to uncheck the small box near the top of the window marked “Use AutoPlay for all media and devices.”

4.    Optional: You can set which action you want to occur when a certain device is inserted by selecting the drop down list next to the specific media’s name. In the case of this tech tip, choosing “Take no action” would be the safest action.

Return to Top

How to Scan a Flashdrive

Flash drives are small, inexpensive, and can hold gigabytes worth of data. Students often use them to store everything from homework to their favorite media files. Malware can be stored on a flash drive as well, either intentionally or unknowingly. For this reason alone, the IT Division suggests turning off Window’s Autoplay and scanning unknown flash drives for malware before opening them.

To scan a flash drive:

1.    Select the “Computer” icon, usually found on the “Desktop,” after inserting the flash drive.

2.    Right click your flash drive’s icon.

3.    On the drop down list that appears, select “Scan for Viruses…” The scan should automatically start.

4.    Once the scan has finished, click “Remove Risks Now” if any malware has been detected. Otherwise, select “Close.”

Return to Top

Logging Off vs. Locking Your Computer

Logging Off:
Before leaving at the end of the day, be sure to log off your computer. Logging off ends your computer’s session on the CTC network, which in turn enables the network to scan your computer for viruses and apply any updates your computer may need.

An easy way to log off is to press and hold the ‘Ctrl,’ ‘Alt,’ and ‘Delete’ keys at the same time on your keyboard. This will bring up a list of options, and from here you can select to log off.

You can also log off from the ‘Start’ menu. Click the ‘Start’ icon (the round, Windows symbol) at the bottom-left of your screen, and then click the small, white triangle next to the ‘Shut Down’ button. You can select to log off your computer from the list that appears.

Locking:
If you need to step away from your workstation for a few minutes, lock your computer instead of logging off. Your work will remain open and unchanged upon your return. You can lock your computer by using the same methods as described above for logging off.

Return to Top

Social Media Security Tips

Social media sites help us keep in touch with family, friends, and coworkers in real time. While collaboration has never been easier, some information should never be posted online. Avoid posting the following on your social network or instant messenger of choice:

•    Vacation/work schedule

•    Birthplace and/or full date of birth

•    Home address and/or telephone number

•    Passwords or private information

•    Confessionals or exploits

•    Financial information

•    The latest or newest electronics or high-value items you’ve bought

Make use of any and all privacy controls. If you can, opt out of search engines pulling your information. It’s also a good idea to set your photo galleries to private (or to be viewed only by family or close friends). Never feel obligated to accept an invitation to anything from anyone, and never share information about your friends or family unless the issue has been discussed beforehand or the information is already publicly known.

Return to Top

Mobile Device/Laptop Security Tips

Mobile devices and laptops are easy to break and easy to lose. To help prevent loss of data and/or personal information, make use of the security tips listed below.

•    Encrypt your hard drive. If your device is lost or stolen, your information will be more difficult to access.

•    Invest in a recovery software program or a means of backing up your information. There are many programs available that can restore deleted or formatted data. Optionally, you can purchase flash drives or external hard drives to store backups on. (It is a good idea to then encrypt these devices.)

•    Where possible, always use a strong password. This, along with encrypting your hard drive, creates a series of barriers that will slow down or halt the process of someone attempting to break into your mobile device, laptop, or flash drive.

•    Lock your mobile device or laptop when it’s not in use, even if you’re stepping away from your device for just a few minutes. A few minutes is all it takes for someone to delete your files, download a virus, or cause other forms of mischief/damage.

•    Keep a record of your device’s serial number. This is located on the underside of most laptops or under the battery cover of most phones. You will need this number on hand to file police reports and/or insurance claims.

•    Notify the authorities if your device has been stolen. The sooner you do so, the better the chance of finding your device.

Return to Top

Internet Security Tips

The internet is an amazing tool and source for information, but users need to be aware of the risks (and more importantly, the preventative safety measures) that come with browsing the web. The following steps can be used to better safeguard yourself and your computer from viruses, hacking attempts, and data theft.

•    Before you open your browser, make sure your antivirus program and firewall are up and running. These programs, along with your operating system, should likewise be kept patched and up-to-date.

•    Always check unknown links before you click them. You can do this by hovering the mouse over the link in question. The linked URL should appear in the lower left-corner of your browser. Make sure the link has been correctly spelled out or isn’t pointing to some unknown destination.

•    When using an online financial institution, type the address directly into your browser. This circumvents the problem of accidently clicking a link from a spoofed email (an email disguised to look like it came from the true source). These spoofed emails often direct users to fake sites that steal your account information.

•    Make sure all transactions (e.g., banking, purchases, bill payments) occur over secure connections using SSL (Secure Sockets Layer), HTTPS (hypertext transfer protocol), or a VPN (virtual private network). Websites that use HTTPS and/or SSL will have a URL that starts with 'https; and a 'closed lock' icon in front of the URL, respectively. (You can click the lock icon to view that website's certificates.) VPN, HTTPS, and SSL connections encrypt both incoming and outgoing data sent between you and a website. This makes it harder for anyone to pull your personal information as it is being transmitted from one source to another.

•    Do not reply to unsolicited phone calls or emails seeking information about you or your family, friends, or coworkers. Tell unknown callers to not call back, and then hang up. Delete suspicious emails from unknown senders immediately.

•    Don't save passwords in your browser, and don't use the same password for everything. This can be made easier by using a password manager. Password managers store your login information in an encrypted file on your computer or flash drive. You need only to remember one password (the password to open your password manager) to access your password and/or login information to anything else.

•    Check your credit report and review new ways to stay safe online on a yearly basis.

Return to Top

Wireless Security Tips

Many of us rely on wireless networks to access websites, collaborate with coworkers, and complete projects while away from the office. While convenient and easy to use, public and unknown networks should be used with caution. The following tips will show how you can more securely use these networks.

•    Before accessing any network, make sure your operating system (e.g., Windows, Chrome, iOS, Android, etc.), virus protection software, and firewall are all patched and up-to-date. (Likewise, make sure your virus protection software and firewall are both activated.)

•    Disable public sharing. This includes disabling printer and file sharing, remote login, and network discovery. This keeps other network users from accessing your mobile device.

•    Never sign into an account, make a purchase, or pay bills on an unknown or public network. There is always a chance someone could pull your personal information from these transactions.

•    If you must do any of the above, only use websites that use HTTPS (secure hypertext transfer protocol) and/or SSL (Secure Sockets Layer). (Look for https at the beginning of any website's URL and/or look for a 'closed lock' icon next to the URL.) These secure connections encrypt both incoming and outgoing data sent between you and the website. (Some browsers offer HTTPS for many major websites through third party extensions.)

•    Using a virtual private network (VPN) is another option. Like HTTPS/SSL, a VPN will encrypt outgoing and incoming information between you and the site you've made a VPN connection with.

•    Disconnect your device when you are done. If your device isn't connected, it can't be tampered with.

For further reading, visit the FTC's page on public Wi-Fi safety.

Return to Top

How to Safely Wipe Your Mobile Device

If you’re about to make the jump to a new smartphone or tablet, do not forget about the personal information still stored on your old device. After you’ve sold, traded in, or even trashed your old device, information such as your home address, browsing history, photos, chat sessions, contacts, and/or passwords can still be accessed (and possibly wind up in the wrong hands). To ensure your privacy and protect your personal information, please follow the steps below.

One of the easiest ways to securely delete (wipe) your device is to use the factory reset function. This option is already installed on most devices, and it will completely restore your tablet or smartphone to its original factory condition (all personal information wiped).

To wipe an Apple iOS device: open Settings -> General -> Reset. Select to Erase All Content and Settings.

To wipe an Android device: open Settings -> Privacy. Select the Factory Data Reset option.

In addition to wiping your devices, don’t forget to remove the subscriber identity module (SIM) card and/or additional external storage card. These cards will still retain your data after a factory reset. These cards can either be inserted into your new mobile device or physically destroyed (usually by shredding the card) if no longer needed.

Return to Top

How to Change Your CTC Password

Passwords play a central role in maintaining security. Select a strong password that can be easily remembered but not easily guessed. The best passwords possess an element of randomness unique to the user (e.g., a favorite song verse, quote, or rhyme).

To reset your password, complete the following steps:
1.    Hold down the Ctrl + Alt + Del buttons at the same time.

2.    Select “Change Password…” from the list.

3.    Enter your current password.

4.    Enter a new password.

5.    Re-enter the new password to confirm that it is correctly spelled.

6.    Click “OK.” You will see a message stating that your password has been successfully changed.

Passwords must meet the following criteria:

•    They cannot contain the user's account name or parts of the user's full name.

•    They must be at least eight characters in length.

•    Passwords must contain characters from three of the following four categories: 1) An uppercase character (A through Z); 2) A lowercase character (a through z); 3) A number; 4) A symbol (e.g., !, $, #, %).

Complexity requirements are enforced when passwords are changed or created. The last six passwords are also remembered and disallowed.

Return to Top

Yearly Cleanup

Keeping a tidy digital space not only makes it easier to find things, but it can also help prevent security risks or loss of data. We suggest completing the following tasks at least once a year to help keep your computer or personal/mobile device in order:

  • Delete software/apps/plugins that you no longer use. This creates fewer openings for malware to infect your device (especially if you’re behind on updates).
     
  • Also consider deleting accounts that you no longer use. The fewer accounts you have to keep track of, the easier it is to keep track of what information is where.
     
  • Clear your browser’s cache to improve browser performance and speed. (Be sure to have your login information stored in a secure location beforehand, however, as you may need to log back into all your accounts afterwards.)
     
  • Delete all unneeded email messages. This should include email in your ‘Sent’ and ‘Trash/Deleted’ folders as well. It’s easier to locate specific emails for later when working with a smaller, tidier email account.
     
  • Delete any unneeded documents, pictures, or media files. This can potentially free up a lot of computer space, which will in turn improve your computer’s performance.
     
  • Finally, memory-wipe, destroy, and trash any device no longer in use. This includes external hard drives, flash drives, and/or SD or other memory cards for mobile devices. Memory-wiping and destroying the device ensures that no data is recoverable. If you plan on selling or giving away a personal device, be sure to memory-wipe your device a couple times to ensure no data can be recovered. Make sure to use a program to permanently wipe your device (simply deleting old files is not enough).
Return to Top

Where to Backup Your Files

The IT Division recommends saving your CTC files or documents in one of two ways, depending on the importance of the file in question.

Shared Folder
Important files should always be stored in a shared folder. These private folders are stored on an
IT server and backed up every night. A departmental or group-only shared folder can be acquired by having your director or dean send a request to the IT Customer Service Department. Specific permissions can be applied to the shared folder itself or the files or folders stored within to ensure that only a select group or individual can access, read, or edit the content available.

Flash Drives/External Hard Drives
•    Flash Drives – Low priority files are the safest files to store on a flash drive. Never store sensitive or confidential information on a flash drive. While flash drives are both easy to acquire and use, they are also easy to lose and prone to data corruption. For these reasons alone, it’s best to keep only files that are easy to replace on your flash drive. Likewise, it’s a good idea to encrypt your flash drive.

•    External Hard Drives – An external hard drive can hold more data than a flash drive, but the device itself is fragile and easy to accidentally break. Again, never store sensitive or confidential information on an external hard drive. It’s a good practice to encrypt your external hard drive as well, especially if you travel anywhere with one.

Return to Top

Cybersecurity Best Practices

Cybersecurity is everyone’s responsibility. All Texans need to remain vigilant and practice good cyber hygiene. The following are strong cyber practices everyone should consider:

•    Do not open suspicious or unexpected links or attachments in emails.

•    Hover over hyperlinks in emails to verify they are going to the anticipated site.

•    Be aware of malicious actors attempting to impersonate legitimate staff, and check the email sender name against the sender's email address.

•    Use unique strong passwords or pass-phrases for all accounts.

•    Do not provide personal or organizational information unless you are certain of the requestor's authority, identity, and legitimacy.

•    Alert your IT staff or supervisor if you have any concerns about the legitimacy of any email, attachment, or link.

•    Take advantage of available cybersecurity awareness training.

Return to Top