Carnegie Mellon University
March 22, 2011

Mid-Semester Security Tips for Faculty and Staff

Dear Faculty and Staff,

The Information Security Office (ISO) would like to remind everyone to follow the security practices below to minimize the risk and impact of computer and account compromises.

  1. Never send your Andrew ID or password or other confidential information in response to an email.  A request to do so is most likely 'phishing', a malicious attempt to lure you into releasing personal information.  Take ten minutes and play Anti-Phishing Phyllis to learn how to recognize phishing traps in fraudulent emails.  See https://www.cmu.edu/iso/aware/phyllis/index.html.

  2. Think twice before clicking on attachments or URLs in email, instant messages, and untrusted web sites.  Attachments in unexpected messages or from unknown senders often harbor malware that could infect your computer.  Fraudulent websites can lure you into providing your login credentials or personal information.  Play Anti-Phishing Phil to learn how to recognize phishy URLs.  See https://www.cmu.edu/iso/aware/phil/index.html.

  3. Run Identity Finder to find and remove personally identifiable information from your University and home computers.  For more information about Identity Finder visit http://www.cmu.edu/computing/security/idfinder/index.html.

  4. Keep your computer software up to date.  Use automatic software updates whenever possible and periodically run the ISO patch check tool at https://www.cmu.edu/iso/patch-check for browser, Java and Adobe updates. Campus computers are regularly compromised via vulnerable versions of these software packages.  Note: If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

  5. Follow the procedure for responding to a compromised computer and promptly report concerns about a suspected computer compromise or data breach by contacting the ISO at iso@andrew.cmu.edu or x8-2044.  See https://www.cmu.edu/iso/governance/procedures/compromised-computer.html.

For additional information on safe computing practices, please refer to Faculty & Staff Safe Computing Tips athttps://www.cmu.edu/iso/aware/secure/secure-staff.html.

Mary Ann Blair
Director of Information Security

Information Security Office
Computing Services
Carnegie Mellon University
https://www.cmu.edu/iso
412-268-2044