Everyone is responsible for security. Take the time to read the following tips to help secure State assets, your PC and your personal information.
Your PC desktop should lock after ‘x’ minutes of inactivity to prevent third-party access when you step away from your desk. To activate this function, go to: START, Settings, Control Panel, Display and Screen Saver. Click on the ‘Password Protected’ square. Now click Apply. The next time your screen saver comes up, press any key on your keyboard and you will be prompted for your network password.
Never leave your PC unattended when you are logged into an application (R*STARS, ADPICS, TSO, TESS, CICS, etc.). If someone does gain access to your PC and you didn’t log out, any incorrect data entered or damage attempted will appear to have been done by you. And you will be held responsible!
Passwords should be an 8 character combination of special characters, upper and lower case letters and numbers. Some systems allow the use of special characters, which make your password even harder to guess. Your password should be shared with NO one. If you have difficulty remembering your password(s) and must write it down, put that information in a secure place, i.e. your wallet or a drawer that you lock each time you leave your area. Do not attach it to your PC, keyboard or any unsecured area in your office. Alert your Security Officer if you feel someone has attempted to use your logon. If you think others know your password, change it!
Everyone is aware of the growing possibility of identity theft. To help prevent unauthorized use of data maintained by the State all documentation containing confidential information about State employees (SSN, address, date of birth, etc.) or employee lists, user identification, file information, system documentation, etc. should be secured when not being used. Any documentation containing this information should be shredded before disposal to prevent successful dumpster diving.
One scam being perpetrated is Social Engineering, or the art of tricking you into divulging sensitive data or access information. This works because of our innate nature to be helpful and trusting; everyone is susceptible. In some cases, hackers will call impersonating a technical support team employee needing to test a new program or install new software on your PC from a remote site and therefore needs your logon or password. Or they pose as an employee, guest or service personnel, often roaming the halls unchallenged, searching for passwords stuck on terminals or important information lying on desks. Report any suspicious personnel or activity to your supervisor.
The newest scam is ‘Brand-Spoofing’, ‘phishing’ or the practice of sending an unsolicited e-mail, supposedly from a well known company, asking the reader to visit an accompanying website. Once on this site, personal or financial information is requested. After you’ve supplied the requested information and hit enter, your data is available for any purpose the schemer desires. Depending on the information, it could be used in Identity Theft, to establish untraceable (to them) accounts, empty your bank account, etc. Another variation is to request you supply this information in a return email. Always be suspicious of requests for personal or financial information.
While the State has anti-virus software in place, you must be cautious. Some emails can infect the network simply by being opened. Never open emails from people you don’t know. If you receive an unexpected email with an attachment from someone you do know, it’s possible their address is being used without their knowledge (spoofed). Call them to verify that they did indeed send the email attachment. This is especially true in cases where the subject line contains: test, hi, hello, Status or Error to name just a few. If the subject line contains: Mail Delivery System or Mail Transaction Failed and you did not send an email to that person, do not open the email or attachment, but delete it immediately.
Never download unauthorized software to your agency issued PC or laptop. Remember freeware may contain an embedded virus or program that will that will execute without your knowledge and beyond your control.
Employees using laptops, electronic notebooks or portable microcomputers should make sure these devices are protected by access-control software and passwords. Never use these devices to store logons, passwords or network modem telephone numbers. Secure your laptop, etc. when leaving your office and never leave it unattended in your car, a restaurant, an airport, etc.
When entering a website that requests a logon and password, many employees use the same logon and password they use to access various State applications. This should be avoided, as not all websites are what they claim to be.
If you store important documentation, files, project reports, etc. on your C-drive, back it up! This will save you hours should you need to recreate it.
Report unusual activity on your PC. Be suspicious of requests to take part in any test programs or of anything that sounds ‘too good to be true’. Be suspicious of anyone that asks for more information than you feel comfortable divulging or has to have ‘this information immediately’. Contact your supervisor before acting on any instructions in an unusual request.