When thinking about information security risks, assume you are the target. Try to get familiar with possible threats so you can develop more cautious habits in your daily work routine. Some common risks are described in this article.
Accidental disclosure
Have you forwarded an email thread to a group of people before reading it thoroughly, and then found out one of the threads had several employee ID numbers listed in it?
Have you written an email reply to an individual, and later found that you accidentally “replied to all” giving the entire campus the unlisted home phone numbers of your project team?
Accidental disclosure is not malicious in intent; however, it can still place confidential information (i.e., personally identifiable information) in inappropriate inboxes. Regrettably, this happens to most of us at some time in our career. It is an excellent learning moment for us to remember to carefully and fully read entire email threads and to be careful where you click when replying.
Alerts
Alerts are notifications that display on your desktop letting you know that something is happening. Incoming email and upcoming meetings are common alerts you may have set up to keep you on track throughout your workday. Also, there are other alerts generated from antivirus programs that warn you about possible threats to your computer that you should pay attention to especially when browsing the Internet.
A good rule of thumb – When in doubt, check it out by contacting the HelpDesk at (765) 658-4294 or HelpDesk@depauw.edu with any questions you may have about alerts or other suspicious activity.
Baiting
Have you ever picked up an abandoned USB drive that was laying on a table in order to find out who it belonged to so you could try to return it to them? Hopefully, you ran a virus scan on it first.
Baiting is when someone leaves a portable storage device, such as a thumb drive, laying around so that an unsuspecting good Samaritan “takes the bait”. Unless the good Samaritan runs a virus scan to minimize the possibility of threats, they might find their computer has caught a virus from this malware infected device.
Phishing
Phishing is a form of email fraud that attempts to learn personally identifiable information about you that is sent by someone who appears to be a trustworthy entity.
Learn how to recognize, avoid, and report Phishing.
Social engineering
Social engineering is a way of manipulating people into breaking security procedures by tricking them into disclosing confidential information. It can be in the form of an email, a text message, or a phone call.
An example of social engineering that we have seen at DePauw is the “Phoner Toner” office supply scam where a vendor calls saying there is going to be a price increase on the toner for your printer. Since all supplies for your printer/copiers should be ordered through the University Service Center, immediately end a call of this type.
Another example of social engineering is when a game or app on your smartphone asks you for your current location. Many apps do not need geo-location services enabled for you to interact with them. Make sure you decline or opt-out of the location service feature on your phone.
Spam
Spam is Internet slang that refers to junk email or unsolicited bulk email (UBE). Not only can it be bothersome, but also it can be dangerous to your computer.
Removing spam from your Google Apps Mail account
- Select the email(s) that are spam.
- Click Report spam.
Additional resources
The Federal Trade Commission website contains practical tips and information on reducing the amount of spam in your email.
Spyware
Spyware is commonly used for tracking where a person goes on the Internet to fine-tune the pop-up ads that are displayed on their screen. A more malicious form of spyware, known as keyloggers (i.e., keystroke harvesting or logging), records or logs the keys struck on the keyboard without the knowledge of the user.
Updated: 3/5/2021