“Given a choice between dancing pigs and security, users will pick dancing pigs every time.”
– Edward Felton
MUSC Security Client
- If you have not already done so, update your PC and Mac antivirus clients. The official MUSC security client application is available at http://www.musc.edu/infoservices/endpointsecurity/. During installation of the new client, other antivirus clients (Symantec, McAfee, etc.) are removed. Note that, for Windows machines, a minimum of XP Service Pack 3 is required.
- Microsoft Security Essentials is available for home and off-campus use at no charge.
Safe Computing Practices
- Keep the OS and applications updated.
- Keep a backup of all important data (Research Repository and/or external hard drive). Windows has backup software built-in, and there are other backup clients available (SyncBack works very well, and is easy to set up and use. http://www.2brightsparks.com/syncback/).
- On Windows PCs, Administrator access should be restricted. Wherever possible, all users should have their own account; that account should be protected with a strong password.
- Install and enable a firewall.
- Be cautious of links in email messages and webpages. Both are major sources of infections.
- Read the MUSC phishing announcements.
- Use caution when opening email attachments.
- If you are on a web page and are unexpectedly asked to install software, do not do so.
- Never share your password.
Autorun is the source of many virus/worm infections. OCIO provides a link, NoAutorun Registry Key , that will disable this function.
Beware of Phishing
What follows is a good example. At first glance, it looks fairly convincing, and many people will click on the links contained in the email. The hyperlinks have been removed, but each was a URL in Russia. This is becoming more and more common. MUSC accounts are compromised regularly; PCs are infected with malware, and information “leaks” out of MUSC daily. It is a serious problem.
Please review the following: http://www.musc.edu/infoservices/endpointsecurity/phishing.html
Always use strong passwords. Common guidelines concerning the choice of passwords are (from http://www.microsoft.com/security/online-privacy/passwords-create.aspx):
- Length. Make your passwords long with eight or more characters.
- Complexity. Include letters, punctuation, symbols, and numbers. Use the entire keyboard, not just the letters and characters you use or see most often. The greater the variety of characters in your password, the better. However, password hacking software automatically checks for common letter-to-symbol conversions, such as changing "and" to "&" or "to" to "2."
- Variation. To keep strong passwords effective, change them often. Set an automatic reminder for yourself to change your passwords on your email, banking, and credit card websites about every three months.
- Variety. Don't use the same password for everything. Cybercriminals steal passwords on websites that have very little security, and then they use that same password and user name in more secure environments, such as banking websites.
- Consider using a password manager to keep track of multiple passwords (LastPass, PasswordSafe, KeePass)
- Most are cross-platform (Windows, smart phone, etc.)
Common Password Pitfalls
- Avoid common password pitfalls. Cyber-criminals use sophisticated tools that can rapidly decipher passwords. SCDOR123, for example, is not a good password.
- Avoid creating passwords that use:
- Dictionary words in any language.
- Words spelled backwards, common misspellings, and abbreviations.
- Sequences or repeated characters. Examples: 12345678, 222222, abcdefg, or adjacent letters on your keyboard (qwerty).
- Personal information. Your name, birthday, driver's license, passport number, or similar information.
All OS’s are updated periodically with bug fixes and security patches. Microsoft, for example, typically releases patches every month. Most systems should be updated periodically. The exception may be critical systems (e.g. PET/CT, 7T) where the manufacturer does not recommend updating the OS.
Enable the screen saver with a password lock to protect systems when you’re not around.