|Louisiana.gov > Division of Administration > Office of Information Technology > Information Security||Text Size|
Information is a valuable resource in today's high-tech world. As employees of the State of Louisiana, you have a responsibility to safeguard that information to the best of your ability.
Listed below are a few tips that will hopefully help you with this responsibility.
USER ID's and PASSWORDS
Your user ID is your personal identification when using the state's computer systems. It links you to your actions on the computer system. It's your responsibility to protect your ID and password.
To prevent misuse of your user ID and password, follow these tips.
- Make your password difficult to guess.
- Mix numbers with letters.
- Try using acronyms. Example.mgniJS (my girlfriend's name is Jane Smith)
- Passwords should not be blank; the same as the userid; the user's name or initials; a common name; common word in a dictionary; common phrase.
- Do not use automatic logons with stored PF keys.
- If the system asks you if you want it to remember your password...decline.
- Do not use more than three consecutive repeated characters in your password.
- Do not use old passwords..they exhibit predictability.
- Do not share your password with anyone.
- Do not write your password down.
BEWARE OF SOCIAL ENGINEERING!
How difficult is it for someone to obtain your user ID and password by simply hanging out in or near your work area? Someone could be standing in the aisle behind your workstation and casually look over your shoulder while you login to the network. Beware of people identifying themselves as from support and asking for your password, either in-person or over the phone. Know whom you are dealing with!
If you are going to leave your work area (break, lunch, restroom, see your boss, etc.), lock your workstation. This is real simple with Windows 2000 & XP...just hit the CTRL+ALT+DEL keys, followed by hitting ENTER. This action will lock your workstation and require you to type in your password when you return. You can also configure your workstation screensaver to function in a similar manner.
A computer virus is a self-replicating program that is designed to disrupt or destroy other programs and data on computers. Although the majority of viruses are transmitted via e-mail attachments, you can also get them from diskettes and file downloads from the internet. Never install software on your workstation without the approval of your IT department. Some freeware and shareware programs have been found with embedded viruses.
If your workstation or PC is acting abnormal, call your help desk. It could be a virus. Your IT department will make sure your antivirus software on your PC is current and functioning properly.
It has happened to most of us at least once. You receive an e-mail indicating you will receive a prize or money if you forward it to some of your friends. Ignore this type of message and contact your e-mail administrator or help desk. This type of message will clutter your in-box and also consume storage space on the e-mail server.
Never open questionable e-mail or attachments. They could be infected with a virus or contain fradulent links. Clicking on weblinks could leave you vulnerable to identity theft as well as virus infection. Beware of SPAM. This is unsolicited e-mail from a person or machine you dont know. There are several ways someone can get your e-mail address...
you might have included it when responding to a survey, it might be on a marketing list derived from an online shopping database, or you might have responded to an unsolicited e-mail, asking that you be taken off their list. Be careful when someone asks you for your e-mail address.
Phishing is a form of identity theft that utilizes false emails claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information. The emails will contain false header information. Typically these false emails will also have links directing the user to a phony website requiring the user to logon with their private information. Estimates are that phishing scams results in yearly losses totaling hundreds of millions of dollars.
For example, 2003 saw the proliferation of a phishing scam in which users received e-mails supposedly from eBay claiming that the users account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had.
Also another form of attack is Spear Phishing. In this attack an entire organization may be targeted with false emails requesting information. For example, an email claiming to be from a senior supervisor could be sent to all employees requesting they login to a false website, thus divulging their logon IDs and passwords.
Except for program vulnerabilities and worms, most of these security risks require user intervention to propagate. As users we can prevent the majority of security breaches from happening.