Email
Hoaxes
A well-intentioned
colleague sends you a message informing you that you have a virus
on your system that is undetectable by Norton Antivirus software.
They tell you to delete a specific file immediately! What actions
should you take and more to the point—what should you not do if you
receive one of these types of emails?
What
you should do: Forward the email to help@gsu.edu to initiate
an investigation to determine if the information you received pertains
to a hoax, a joke, or a real virus threat. If it is a real threat,
information will then be distributed to campus users to assist them.
What you should not do: Do not forward the
email to any mail users on campus. Besides setting off a wide-scale
panic you might unintentionally cause users to delete necessary Windows
files on their computer. It is never a good idea to forward information
that has not been verified as being accurate or “good” information
by a reliable source.
Protecting
Sensitive Data on Your University Computer
A recent Chronicle
of Higher Education article entitled Hacker Steals Personal
Data on Foreign Students at U. of Kansas (http://chronicle.com/free/2003/01/2003012403n.htm)
received worldwide attention. The university had collected data for
the Sevis (Student and Exchange Visitor Information System) database
the INS uses to track and monitor foreign students. A hacker was able
to extract this data for his own nefarious purposes because the university
(Windows) computer it was stored on was not patched against a vulnerability
that allowed unauthorized access to the system and all of its directories
and file contents.
I think this situation
points to two important things—if you are storing and processing sensitive
data on your university system you have taken on the responsibility
to protect it from harm or inadvertent disclosure to unauthorized
persons and you must initiate steps now to ensure that the system
is adequately protected.
How
do you do that? A first step is to initiate a security
review (audit) of your system by contacting security@gsu.edu.
You will then be contacted to arrange a time to review the security
measures currently in place on your system. You will be provided with
recommendations and advice on how to protect the sensitive data you
store and process. As the above article indicates, something as simple
as failing to pay attention to a Windows service pack, hot fix, or
critical update that needs to be run on your system can have major
ramifications.