Information Security is Everyone's Responsibility
TRecs is committed to protect University Operations information, computers, and network equipment by using numerous technical safeguards. Unfortunately, there is no technological protection against social engineering targeted to end-users like you.
Social engineering is a tactic used by cyber criminals to try to get an end-user to provide information or take some kind of action that will cause the access to protected business or personal information. Every day, University Operations employees are targeted by social engineering. TRecs has seen a concerning increase in the number of University Operations computers being infected by viruses, such as Trojans and spyware.
To prevent your system and your information from being affected by viruses and spyware, please use the following best practices.
Exercise caution when using USB or external hard drives
- Keep personal and business USB drives separate
- Do not use personal USB drives on your department?s computers
- Do not plug USB drives containing your department information into your personal computer, and non UT computers.
- Use and maintain security software, and keep all software up to date
- If you must use non university computers, make sure that computers use a firewall, anti-virus software, and anti-spyware software to make your computer less vulnerable to attacks, and make sure to keep the virus definitions current
- Also, keep the software on your computer up to date by applying any necessary operating system or program patches
- Do not plug an unknown USB drive into your computer
- If you find a USB drive, do not plug it into your computer to view the contents or to try to identify the owner
Exercise caution when processing e-mail
- Never open unsolicited e-mail, or e-mail from unknown senders
- Never provide password information
- Giving away your password is like giving away the key to the front door of your house, giving away the code to your ATM card, or giving away the combination to your safe. Keep your password private, and secure.
- If you receive an e-mail, a text message, an instant message, etc., asking you for your password, DO NOT comply. Ignore it and delete the message from your inbox, and deleted items folders.
- Do not reveal your e-mail address
- Don't open an e-mail you know to be spam. Programming code embedded in spam advertises that you opened the e-mail and confirms your address is valid, which in turn can generate more spam.
- Never open suspicious attachments
- If you receive an attachment that you are not expecting, confirm the file's validity before opening, even if it's from someone you know. First read the e-mail, and make sure the attachment is most likely legitimate. If you're still not sure, call or e-mail the sender to confirm, but do not reply to the original e-mail.
- Never click links in e-mail messages from financial institutions or package delivery companies
- Some fraudulent e-mail messages that appear to be from financial companies (Pay Pal, banks, credit card companies, etc.) direct the reader to click on a link to verify or confirm account details. Never click these links. Instead, call the company if you are concerned about your account.