For your safety, be sure to understand and follow NKU's policies and rules for information security.

If you need security assistance at any time, please contact the IT Help Desk.

Web

Sending and receiving email, file sharing and browsing websites may seem innocuous on the surface, but if you’re not careful these activities can open your computer to countless vulnerabilities. Email messages can easily be forged and they’re often used to launch malware. Malicious websites can install software on your computer or extract personal information. Use caution when visiting websites which are unfamiliar to you.

Issues when using public computers

  • Always remember to log off when you finish with secure websites such as CULink or CULearn. If you neglect in doing so, the next person who uses that computer may have access to your personal information.

  • Public computers may not always be securely configured, and thus pose a threat to your privacy by storing your password or web cookies. Think twice about going to a secure site if you can not verify the security of the computer. When you log out of a computer in an IT lab your privacy is protected.

US Cert Cyber Security tip - How Anonymous are you?

You may think that you are anonymous as you browse websites, but pieces of information about you are always left behind. You can reduce the amount of information revealed about you by visiting legitimate sites, checking privacy policies, and minimizing the amount of personal information you provide. For additional information - visit http://www.us-cert.gov/cas/tips/ST05-008.html

Email

Do not automatically trust attachments or links which are sent to you via email and other forms of solicitation.  Use caution when reading email or other communications with attachments or downloading files, as harmful malware and intrusive software often hides in unsuspecting websites, links, and attachments.

NEVER do the following:

  • Open attachments from unknown people or organizations you are not familiar with.

  • Download unlicensed software, music, video or other forms of copyrighted materials.

  • Don't give out confidential information in response to any email. Messages that try to persuade you to send your password or credit card number are counterfeit, even if they appear to be from the your bank or system administrator.

  • Be wary of any email attachment that you weren’t expecting (this also applies to web downloads). It’s very easy for a computer virus to be present in an email that appears to be from a friend. It is strongly suggested that anti-virus software be used to scan anything that you receive in your email.

  • If you receive email from an address at NKU which you feel violates the campus policy, it should be reported to the Help Desk at (859) 572-6911, so action can be taken. It is suggested you do not delete the message, as it can often be useful in tracking down the incident.

Phishing

Phishing is a form of identity theft, whereby internet fraudsters send spam or pop-up messages that are intended to lure personal and financial information from unsuspecting victims. To avoid getting hooked:

  • Don't reply to email or pop-up messages that ask for personal or financial information, and don't click on links in the message.

  • Don't cut and paste a link from such messages into your web browser — phishers can make links look like they go one place, but that actually send you to a different site.

  • Some scammers send an email that appears to be from a legitimate business and asks you to call a phone number to update your account or access a "refund."

  • Because they use Voice over Internet Protocol technology, the area code you call does not reflect where the scammers really are.

  • If you need to reach an organization you do business with, call the number on your financial statements or on the back of your credit card.

  • Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly.

  • Don't email personal or financial information.

  • Review credit card and bank account statements as soon as you receive them to check for unauthorized charges.

  • Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them.


NKU, as well as any reputable business or bank will NEVER request your password or account information via email, web or other electronic requests. 

Be aware of these attempts, never respond with your information. If you suspect a Phishing attempt is being made, report this to abuse@nku.edu or contact the IT Help Desk.

Voicemail

Just like any other piece of equipment or service where data is stored, your voicemail could possibly contain sensitive information not meant for public consumption.

Be sure to:

  • Know how to properly delete your voicemail messages.

  • Change your PIN regularly.

Instant Messaging

There are many ways of chatting on the internet, whether you use chat rooms, message boards, forums or instant messaging. The web is great for keeping in touch with friends or communicating with people interested in the same things as you.

However, there are a number of risks associated with chat and instant messaging in particular, so it's worth following a few basic guidelines.

  • Don't give personal info when you chat. People are not always who they seem, so providing your home address, phone number or email address puts you at risk from fraud or abuse.

  • Use a different email address if you chat online. You are more at risk from spam and other annoyances if your regular email address is used online.

  • Be very careful when accepting or opening files that are sent to you during chat sessions. The file may be something malicious and could damage your PC or access your data.

  • Make sure you follow general Internet safety advice such as making sure you are set up with anti-virus software, anti-spyware software and a firewall.

  • Know the rules governing your chat experience. Most chat rooms or forums have rules that govern what is acceptable and what is not. 

Twitter

Here are five tips to help you stay safe on Twitter.

  • Regularly change your password, particularly during any kind of phishing or XSS exploit. You don’t have to be paranoid, but use your common sense. If there’s any potential risk to your password at all, why not just change it?

  • Consider using a URL expander (or software where it comes built-in) before clicking on a shortened link. Most shortened URLs are perfectly safe, but a certain percentage are going to lead you to places you don’t want to go, and might be harmful to your computer. Again, common sense prevails. Do you know the user who shared the link? Do you trust them? Is this the kind of content they typically share?

  • Be mindful of the things you say, for anybody could be reading. Who’s the worst person in the world that you can think of that might be reading your tweets? Your boss? Your mother? Your fiancée? If you always write with them in mind, you’re unlikely to go too far off course.

  • If you post under an alias, considering reserving your real name for future use and to protect you from identity fraud. You never know when you might hit it big. Even if you think there’s no chance whatsoever, it costs you nothing and takes less than five minutes. Why not do it?

  • Take responsibility and make sure you’ve authorized all external connections to your account. If something is tweeting on your behalf, most of the time it’s because you ticked a box somewhere. Find that connection and remove it.

Social Networking

What are social networking sites?

Social networking sites, sometimes referred to as "friend-of-a-friend" sites, build upon the concept of traditional social networks where you are connected to new people through people you already know. The purpose of some networking sites may be purely social, allowing users to establish friendships or romantic relationships, while others may focus on creating business connections.

Although the features of social networking sites differ, they all allow you to provide information about yourself and offer some type of communication mechanism (forums, chat rooms, email, instant messenger) that enables you to connect with other users. On some sites, you can browse for people based on certain criteria, while other sites require that you be "introduced" to new people through a connection you share. Many of the sites have communities or subgroups that may be based on a particular interest.

How can you protect yourself?

  • Limit the amount of personal information you post

    • Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.

  • Remember that the internet is a public resource

    • Only post information you are comfortable with anyone seeing. This includes information and photos in your profile and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines (see Guidelines for Publishing Information Online for more information).

  • Be wary of strangers

    • The internet makes it easy for people to misrepresent their identities and motives (see Using Instant Messaging and Chat Rooms Safely for more information). Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.

  • Be skeptical

    • Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.

  • Evaluate your settings

    • Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile. You can customize your settings to restrict access to only certain people. However, there is a risk that even this private information could be exposed, so don't post anything that you wouldn't want the public to see. Also, be cautious when deciding which applications to enable, and check your settings to see what information the applications will be able to access.

  • Use strong passwords

    • Protect your account with passwords that cannot easily be guessed. If your password is compromised, someone else may be able to access your account and pretend to be you.

  • Check privacy policies

    • Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam (see Reducing Spam for more information). Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.

  • Use and maintain anti-virus software

    • Anti-virus software recognizes most known viruses and protects your computer against them, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.