OIT Technology News: October 2011

October

Page 2

Spam and Phishing:

The unsolicited and unwanted email, also known as SPAM, can be annoying.  SMU has a spam filter in place that works to reject, quarantine or identify email as SPAM and route to junk mail folders.   Spam filters cannot eliminate every single unsolicited or SPAM type message, so just to give you an idea of how our spam filter has worked for us, here are some statistics that show how many emails come to our doorstep (our mail server) and how many are filtered out:

Incoming Mail Summary
Statistics from August 2011.  The total attempted messages was close to 15 million emails. Apprimately 3.5 millions were delivered. The rest were blocked or redirected by the spam filter--78% of all emails receive were spam!

Even with the use of security measures on our electronic systems, including spam filters and firewalls that protect us from intruders, there are ways and means that malicious attackers can bypass this security.   One type of spam email that may not always get detected by spam filters is a “Phishing” email.  This sort of email arrives in your mailbox and tries to get you to provide personal information, account username, passwords, or other information such as social security numbers.     Many times the From: address is spoofed or disguised to appear as though it may have been sent from a trusted individual or representative of the university.   Please exercise caution if you receive a suspicious email that requests you “Validate your Credentials” or click on a link to provide personal information of any sort. SMU will not ask you to verify your credentials from within an email.

General Rules for Internet Browsing Safety

There are a number of safety tips depending on what types of activities you are engaging in on the internet. Whether it's online shopping, downloading, chatting or socializing, it is important to protect your personal information at all times. The following tips are just a few of the suggestions to increase your security online.

General

  • Turn on pop up blocker settings in your browser.
  • Install and maintain an anti virus and anti spyware applications.
  • Be wary of storing personal information on sites. You can make up a screen name and password for sites requiring a login but not performing any financial transactions.
  • Be careful of what you download! Know the source.

Shopping

shopping
  • Use secure online payment services such as PayPal wherever possible.
  • Always look for the security "lock" icon on the browser's status bar.
  • Use credit cards rather than debit cards.
  • Keep a record of what you pay for and always check your online purchases against your statements.
  • Always check the privacy policy of a web site that requests personal details. If the web site is requesting personal information and does not have a privacy policy, do not submit your information.

Social Networking Sites

  • Use privacy settings for each application to control what information is public
  • Double check which mobile applications  have access to your information. Many of these sites are integrated and often share information in various locations.   

University Policies

There are a number of policies designed to help protect personal information.  Some of these are mandated by the government (such as FERPA, Red Flags, PCI, and Gramm Leach Bliley Act).  Others are unique to SMU.  There are three University Policies to which all SMU Employees, students and guests must adhere. These are located on smu.edu/policy.

12. 3 Computing and Communications Policy

This policy outlines the acceptable use of computing and network resources.  It applies to any individual connecting equipment to the campus network.  It also outlines a minimum standard for equipment and software usage.

12.5 Information Security

This policy focuses on data protection. The responsibility for protecting University information is shared between IT and each user that has access to the information.  Individuals are responsible for the security of their computers!

12.6 Password Management

This policy outlines the requirements for password management and guidelines.