According to Stay Safe Online,

National Cyber Security Awareness Month (NCSAM), conducted every October since 2001, is a national public awareness campaign to encourage everyone to protect their computers and our nation’s critical cyber infrastructure.

Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security (DHS), the National Cyber Security Alliance (NCSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the primary drivers of NCSAM, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.

In 2008, National Cyber Security Awareness Month reached more than 29 million Americans through media, middle school and high school lesson plans, and partnerships with dozens of companies and associations. In addition, the President of the United States declared support for National Cyber Security Awareness Month, the U.S. Senate passed a resolution in support of the month, and 41 state governors signed proclamations recognizing the month.

October is National Cyber Security Awareness month (NCSAM).  During the month of October, the Augusta State University (ASU) campus will see a focus on information security.  Topics will be relevant to both work and home, including what you can do to protect your identity, prevent phishing, and how to deal with malicious software.  Keep an eye out for campus-wide emails that contain useful information security details throughout the month.  Also visit the ASU ITS NCSAM website (http://www.aug.edu/its/ncsam.html) for more details.      

NCSAM in 2009 is being promoted across all of the University System of Georgia.  To kick off the start of the event, Erroll B. Davis, Jr. - Chancellor, University System of Georgia and Stanton S. Gatewood - USG Chief Information Security Officer will be presenting a proclamation on September 30th, 2009 at 10:00 – 11:30 AM at the Board of Regents Building in Athens, Georgia.  Throughout the month, online Wimba / webcast informational sessions will be available on a variety of information security topics.  More details can be found at: http://www.usg.edu/infosec/ncsa/ncsam_2009/

In 2009, the University System of Georgia will observe its first, month-long event and will provide various awareness resources to the University System and Georgia Public Libraries. This year, the System is moving forward and plans to organize events around a central theme of “building a culture of awareness and preparedness”.

The USG InfoSec website and twitter are being updated to support this year’s theme, and additional content will be provided throughout the month of October and after in observance of the NCSAM. Our goal is to keep you informed year round about cyber risks and threats as well as what you can do to mitigate them. We invite everyone to take note of the posters, calendars, fliers and handouts that will be available throughout the month of October in observance of the NCSAM. We also encourage frequent visits to the USG InfoSec website located at http://www.usg.edu/infosec now and in the future to learn more about information security, electronic privacy and related issues.

Protect Yourself from Fraudulent Emails

Information Technology Services (ITS) at Augusta State University is committed to protecting your on-line privacy, therefore it is important that you understand our security practices. We recognize your need for appropriate protection and management of your personal identifiable information. The following information is designed to help you protect yourself from fraudulent email and password capture scams.

ITS will not send you an email asking for your user name, password or other personal/account information, nor will we ask you to re-verify or to change personal information which is already on file without first displaying the existing information. We will not send emails with "active" content such as Java, JavaScript, and ActiveX based attachments, or pop-ups.

What to Watch Out For:

Fake or spoofed emails will often look legitimate. They may include references to the university, other trademarks, logos and links to realistic looking web pages. Never rely on the name in the "From" field as this is easily altered.

Spoofed emails often invite you to re-verify account or personal information and are often initiated by the spoofing party without any action on your part. Ask yourself the following questions:

• Does the email I just received seem out of place, or is it a response to a question I posed to a legitimate person I do business with?
• Does the email create a sense of urgency or have time limits which I did not expect?
• Does it contain spelling or grammar errors?
• Does it contain offers for prizes or awards not expected?
• Does it contain links to strange web sites, or web sites whose name and URL as displayed don't match or contain misspellings?
• Does it contain active content such as Java, JavaScript, ActiveX or any other type of plug in, or ask you to download a special plug in or viewer?

If the answer to one or more of these questions is "Yes", then the email may be suspicious. Think of a stranger approaching you on the street and asking for your username and password. Treat these potentially fraudulent emails with the same caution.

If you are ever suspicious of any email or communication you receive, contact the ITS Help Desk at 706-737-1482 to get assistance on verifying the legitimacy of the email. If the email is found to be a fraud, the Help Desk will advise you appropriately.

These attempts at compromising your personal identifiable information will not just be on your work-related emails. You may get these at home as well. Treat them with the same level of caution and if you are unsure of why some entity, for example PayPal or your bank, is asking for you to reply to an email with your information, contact the entity in your customary manner to seek verification. Do not use the reply feature of the suspicious email.

The Federal Trade Commission (FTC) is an invaluable resource for answers to questions related to email fraud (phishing) or identity theft.

For details on phishing: http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt127.shtm

For details on ID Theft: http://www.ftc.gov/bcp/edu/microsites/idtheft/

Great resource on information security: http://onguardonline.gov/index.htm

What is identity theft? According to the FTC, at http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/about-identity-theft.html,

[i]dentity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.

The FTC estimates that as many as 9 million Americans have their identities stolen each year. In fact, you or someone you know may have experienced some form of identity theft. The crime takes many forms. Identity thieves may rent an apartment, obtain a credit card, or establish a telephone account in your name. You may not find out about the theft until you review your credit report or a credit card statement and notice charges you didn’t make—or until you’re contacted by a debt collector.

Identity theft is serious. While some identity theft victims can resolve their problems quickly, others spend hundreds of dollars and many days repairing damage to their good name and credit record. Some consumers victimized by identity theft may lose out on job opportunities, or be denied loans for education, housing or cars because of negative information on their credit reports. In rare cases, they may even be arrested for crimes they did not commit.

Wikipedia defines malware as

software designed to infiltrate a computer without the owner's informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code. The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software.

Below are some commons types of malware and some tips on how to defend against them.

Wikipedia defines a virus as

a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability. A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

At work, ITS provides McAfee Antivirus protection for your computer (PC or Mac). Be sure to periodically verify that the definition file (DAT) is up-to-date. If you are unsure, contact the ITS Help Desk at 737-1482 for assistance. At home, if you have not purchased virus protection, we recommend Microsoft Security Essentials for Windows as a free alternative.

If you are unsure of the source or contents of a file, do not open it. Be careful of email attachments for they may contain malware. Finally, your antivirus is only as good as the definitions that keep it relevant.

Wikipedia defines a trojan as

a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user's computer system. Trojan horses are not self-replicating which distinguishes them from viruses and worms. Additionally, they require interaction with a hacker to fulfill their purpose. The hacker need not be the individual responsible for distributing the Trojan horse. It is possible for hackers to scan computers on a network using a port scanner in the hope of finding one with a Trojan horse installed.

Worms are defined by Wikipedia as

a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.

Most antivirus software also provides some defenses against both trojans and worms. By maintaining up-to-date definitions, you can better protect against recently released exploits. Methods to avoid trojans and worms is similar to viruses. The primary defense is avoid unknown files, emails or websites. One additional tool that I have found to be useful in removing a difficult malware is Anti-malware by Malwarebytes.org. There is a free version available along with a full version.

Spyware, as defined by Wikipedia, is

a type of malware that is installed on computers and that collects information about users without their knowledge. The presence of spyware is typically hidden from the user. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

Spyware on some occasions is defended against by your antivirus program, but not always. Spyware can significantly decreased the performance of your computer, especially Internet browsing. There are many tools that can assist with removing spyware from your computer. Spybot-SD is one available solution. As with other security tools, keeping the software up-to-date is key to its success. Similiar to the other forms of malware, by being cautious with unknown files, emails and websites, you can greatly enhance your arsenal against spyware infections.