Northwestern Michigan College Home Page
| Site Map | Staff Intranet (login required; staff only)
SLM > Desktop Computing Revised 3/16/06

Desktop Computing Security

While we offer a list of resources and suggestions, this is just a starting point, and it is by no means an all-inclusive, comprehensive list. The best way to protect yourself is to learn what the threats are, and take appropriate measures to protect yourself.

Passwords

Passwords are a necessity for protecting not only your computer, but the entire computing system at NMC. There are some basic precautions you should apply:

  • Password complexity — The best approach to coming up with a secure password is to take the first letter from each word of a phrase or sentence, e.g., "I love to windsurf on warm, breezy days" would translate to "il2wowbd." Ideally, your password will be at least six characters in length, and combine both letters and numbers.
    Do not use:
    • Dictionary words
    • Proper names, especially family names related to you
    • Numbers related to you, e.g., birthdates, SSN, banking security codes, etc.
  • Change your password regularly, e.g., monthly

Viruses

All computers on NMC's campuses have an antivirus program installed that monitors file changes on your computer's local hard drive ("C:\").

Viruses are passed to your computer most commonly through e-mail attachements. NMC's Groupwise e-mail is protected by a virus softare package that checks attachements for known viruses, preventing them from getting past the Groupwise server to your e-mail account.

The MBX e-mail system, used mostly by students, is not protected by this system; however, simply viewing a message that has an attached virus will not enable the virus; you must actually open the attachment for the virus to be activated.

Do's:

    • ASCII/text files with .txt extension, or image files with .bmp, .gif, .jpg, .jpe, .jpeg, .png, .tif, .tiff are OK to open;
    • Report any suspicious e-mail attachmens to SLM staff ;
    • Ensure that virus protection for your comptuer is turned on. You should see these icon at the lower, right-hand corner of your screen:Antivirus Icon
    • Ensure that your Microsoft Windows operating system is up-to-date. Do this one of two ways:
      1. Select "start" > "settings" > "control panel" > "automatic updates" and ensure that it is set up to automatically update your system;
      2. Point the Microsoft Internet Explorer (MSIE) web browser to http://windowsupdate.microsoft.com and follow the directions.

Don'ts:

    • Never open any attachments with a file suffix of .bas, .bat, .class, .com, .exe, .lnk, .ocx, .pif, .scr, .vbs; these are all programs designed to run on your computer!
    • Microsoft documents, e.g., MS Word (.doc, .dot) or MS Excel (.xls, .xlt) should be treated as being potential carriers of viruses; handle with care.
    • Do not open any e-mail attachment w/o first ensuring that they have been virus checked. If you have any doubts, save the attachment to your "C:" drive, locate the file using the Windows file explorer, right-click on it, and select "scan for viruses" from the popup window. If it is infected with a virus, contact SLM staff immediately.

Virus Information Links

Spyware

"Spyware" is an insidious method of installing programs on your computer without your knowledge by visiting web sites that promote the use of spyware. Microsoft's Internet Explorer is most susceptible to this because of Microsoft-specific features that have been targeted by the spyware industry. The spyware generally serves one or two purposes: monitor sites that you visit and send that information to data collection center w/o your knowledge, and use your computer's resources to do the work for the people who have pirated your computer.

Symptoms of Spyware Infection

    • Popup ads when visiting web sites that you would not expect to use popup ads, e.g., NMC's web sites (we have never incorporated popup ads into NMC's site!);
    • Slow computer; this may be an indication that other programs are using your computer's resources;
    • Unfamiliar icons on your desktop, system tray, or in the programs listings of your computer;

    Software to Remove Spyware

    Note that neither of these programs is comprehensive in removing all spyware. They try to keep up, but there's always new spyware showing up...

    • Ad-Aware — They have both free and commercial versions.
    • Spybot — Free, but they'd appreciate donations for the work they do protecting us.

    Spyware Informational Sites

Internet Fraud

Like all good things, people abuse them, and so it goes for the Internet. The most common form is e-mail messages, of which many contain links to associated web sites. They often promise easy money or free products/services. Hey, if it's too good to be true, it probably is! Another common hoax calling "phishing" asks people to login to fake banking or credit card web sites to update their registration information—Paypal and E-Bay have been hit hard by such sites.

Phishing

We are witnessing an increase in online scams where people are being asked to provide sensitive personal financial information. These messages come in the form of a legitimate looking email message from a financial institution that you most likely deal with like CitiBank.

The geek term for this is phishing. Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites. The FBI called phishing the "hottest, and most troubling, new scam on the Internet."

Tips on how to avoid the Internet scam known as "phishing":

    • If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.
    • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.
    • If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.
    • If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.
    • Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov

NMC's Human Resources wants to remind you that Prepaid Legal Service has identify theft coverage available should you ever have the unfortunate need to use it.

Identity Theft

Invest in a paper shredder! Don't just toss receipts/statements into the trash.
Be careful in public places. Digital cameras have become incredibly small, and are now included in a wide variety of devices, including cell phones. Thieves have become quite adept at using these to obtain personal information.

A Few Credit Card Use Suggestions:

  • Instead of signing your credit cards, write "Please Check ID" on the back.
  • Go over your credit card statements as soon as you get them and immediately investigate any charges - even tiny ones - that you don't recognize. Often thieves will "ping" a card with a small charge and then use it later if it's valid.
  • Always keep your checkbook balanced, reviewing all transactions and investigating suspicious ones immediately.
  • Refuse to do business with a company where you cannot see what they're doing with your credit card at all times.
  • Refuse to do business with a company that prints your full credit card number and name on the receipt - some gas stations still do this.