INFOSEC: information security news from the University System of Georgia, Dec. 2009 (Vol. 1, No. 4)

Information Security News from the University System of Georgia
V0l. 01 No. 04 December 2009

INFOSEC WWW.USG.EDU/INFOSEC
NEW USG CISO LECTURE SERIES

ATLANTA, GEORGIA - Cyber Monday on December 1st has come and gone and $900 million was spent in online shopping. It's important that all of us understand the potential security risks and threats and know how to protect and defend our information. The following tips are provided to help make your online shopping experience safe and secure:

Secure your computer: Make sure your computer has the latest security software updates installed. Check that your anti-virus/anti-spyware software is running and receiving automatic updates. If you haven't already done so, install a firewall before you begin your online shopping.
Upgrade your browser: Upgrade your Internet browser to the most recent version available. Review the browser's security settings. Apply the highest level of security available that provides you the functionality you need.
Ignore pop-up messages: Set your browser to block pop-up messages. If you do receive one, click on the "X" at the top right corner of the title bar to close the pop-up message.
Secure your transactions: Look for the "lock" icon on the browser's status bar and be sure "https" appears in the website's address bar before making an online purchase. The "s" stands for "secure" and indicates that the webpage is encrypted. Some browsers can be set to warn the user if they are submitting information that is not encrypted.

ATLANTA, GEORGIA - The University System of Georgia Office of Information Security (INFOSEC) launches the USG CISO Lecture Series focusing on information security and electronic privacy topics and issues starting in February 2010. Featuring industry information security and privacy experts and professionals, the following topics will be covered throughout the series :
Hacking 101 Encryption Electronic Privacy Compliance
Visit http://www.usg.edu/infosec for more information.

Use strong passwords: Create strong passwords for online accounts. Use at least eight characters, including numbers, special characters, and upper and lower case letters. Don't use the same passwords for online shopping websites that you use for logging onto your home or work computer. Never share your login and/or password.

LATEST INFOSEC PODCAST
To hear the latest USG Infosec podcast, "Online Shopping," visit http://itunes.usg.edu/

cont., pg. 2

ONLINE HOLIDAY SHOPPING TIPS, continued
Do not e-mail sensitive data: Never e-mail credit card or other financial/sensitive information. E-mail is like sending a postcard and other people have the potential to read it.
Do not use public computers or public wireless to conduct transactions: Don't use public computers or public wireless for your online shopping. Public computers may contain malicious software that steals your credit card information when you place your order. Criminals may be monitoring public wireless for credit card numbers and other confidential information.
Make payments securely: Pay by credit card rather than debit card. Credit/charge card transactions are protected by the Fair Credit Billing Act. Cardholders are typically only liable for the first $50 in unauthorized charges. If online criminals obtain your debit card information they have the potential to empty your bank account.
Select merchants carefully: Limit your online shopping to merchants you know and trust. Confirm the online seller's physical address and phone number in case you have questions or problems. If you have questions about a merchant check with the Better Business Bureau or the Federal Trade Commission.
Keep records: Keep a record of your online transactions, including the product description and price, the online receipt, and copies of every e-mail you send or receive from the seller. Review your credit card and bank statements for unauthorized charges.
Encountering problems with an online merchant? Contact the seller or site operator directly. If your attempts are not successful, you may decide to contact of one of the following entities:
State Attorney General's office County/state consumer protection agency Better Business Bureau at www.bbb.org Federal Trade Commission at www.ftc.gov
For additional information about safe online shopping, please visit the following sites:
University System of Georgia Office of Information Security: http://www.usg.edu/infosec US-CERT: www.us-cert.gov/cas/tips/ST07-001.html National Cyber Security Alliance: www.staysafeonline.org/content/online-shopping OnGuard Online: www.onguardonline.gov/topics/online-shopping.aspx StaySafeOnline: www.staysafeonline.org Online Cyber Safety: www.bsacybersafety.com/video/ Federal Trade Commission: www.ftc.gov/opa/2008/11/smartshopping.shtm and www.ftc.gov/bcp/
menus/consumer/tech/online.shtm National Consumer League's Internet Fraud Watch: www.fraud.org/tips/internet/ WatchGuard: www.watchguard.com/infocenter/editorial/18714.asp

2009 NCASM GIVEAWAY WINNERS
Congratulations to all of our 2009 National Cyber Security Awareness Month giveaway winners and thanks to all of those who participated.
NetBook:
Rodriquez Meadows
Encrytped USB IronKeys:
Richard Eckert
SANS t-shirts:
Janis Carthon Tony T. Lester
SANS umbrella:
Wanda Neal
McAfee Encrytpted thumb drives:
Damon Armour
Mini computer vac:
Corry Johnson

NOW YOU CAN FOLLOW US ON TWITTER: http://twitter.com/usginfosec/

MORE INFORMATION...
USG Office of Information Security
www.usg.edu/infosec

Stanton S. Gatewood Chief of Information Security 706-583-2001 or 888-875-3697

CISO TIP: "When you're shopping online, know who you are dealing with. Confirm the seller's physical address and phone.