UMass Lowell IT has several defensive measures in place to keep your computer from being compromised. But technology alone cannot stop a virus from infecting your device or someone gaining access to your files.
Here are some safety tips to keep in mind for the next time you work on a computer or use a mobile device.
Always remember to log out of SiS, Exchange or any other UMass Lowell password protected application. You wouldn't want someone else to gain access to your account when you walk away from a computer.
Do you work with sensitive data? Credit cards or SSNs? You may need your device encrypted to comply with state and federal laws. Encryption adds an additional layer of security beyond password protection.
Mobile devices are more powerful than ever and can store large amounts of data. Take steps to keep secure your Apple- or Android-based device and always use a pin or lock pattern.
Avoid logging into your computer as a user with administrative privileges. Although convenient and necessary (especially when installing software) this level of access also makes it easy for a virus to install itself – often silently without you knowing it. Logging in without these escalated privileges will give you more control over what software is installed on your computer.&
Protect Your Password
Need to change your password and complex rules make it difficult to think of one? (How ironic!) Try using a passphrase. Simply put, a passphrase password is constructed by using the first letter of a sentence that is easy to remember.
I went on vacation to Disney World in 2005.
Resulting password: IwovtDWi2005.
The official site for password changes is mypassword.uml.edu.
Green = GO!
UMass Lowell now employs EV or Extended Validation certificates for web-based services such as mypassword and Exchange. What does this do? The next time you visit one of these sites, pay attention to the address bar in your browser. Depending on which browser you are using, the address bar will turn all green or partially green.
A site has to undergo a rigorous validation process to prove their identity in order to obtain an EV cert. Many banking and financial institutions use EV certs to provide assurance to their customers, letting them know they are on a trusted site. So the next time you visit mypassword or Exchange, double check your address bar.
Phishing, Don't "Phall" for It
Have you ever received an email asking for your password or user name? No legitimate company would ask for those details. If you do receive such an e-mail, it's probably from someone posing as an agent of UMass Lowell. Don't answer.
Bad folks go Phishing for private information that could seriously hurt your privacy and finances and imperil the entire University email system. How?
- It could help the frauds gain access to HRDirect and your personal information. And that could open a whole other can of worms – identity theft.
- Responding to such a trolling expedition can also hurt the entire UMass Lowell system, causing larger problems and security breaches. Once compromised, the system could be" blackballed" as dangerous by the likes of Yahoo, Gmail and other email providers. It could take days to correct, leaving the University system (and you) without access to messages or the ability to send them.
Fraudulent emails can also appear to come from other companies and financial institutions such as Facebook, LinkedIn, PayPal, eBay, Craigslist, FedEx, Bank of America, etc…Don't let the hackers reel you in, verify the email is legitimate before responding.
Phishing solicitations often sound some obvious alarms.
They often contain misspelled words, punctuation errors and poor grammar. They are also often urgent or alarming in tone. "You MUST do this now, or…."
If someone asks for your private access information, don't bite. Find out how-to spot phishing (pdf).
If you're not sure who is contacting you, call UMass Lowell's IT Service Desk at 978-934-4357.