IE 11 is not supported. For an optimal experience visit our site on another browser.

5 Security Tips IT Personnel Wish Students Knew

Imagine a company where, once every year, thousands of new employees were brought in, all with new computer equipment that had to be brought online.
/ Source: SecurityNewsDaily

Imagine a company where, once every year, thousands of new employees were brought in, all with new computer equipment that had to be brought online.

In addition, thousands more temporary workers would be coming back, all with computer equipment that had to be added to the network. And then, don't forget the employees who would already be on the payroll full time and always on the network.

That's what a college IT department has to deal with every August and September — an influx of new and returning students with laptops, desktops, smartphones and tablets, all needing to connect to the campus network.

It's no wonder that campus IT security personnel would like students to come prepared by knowing a little bit about security risks and how to keep the college networks — and the students' own computers — safe.

"This generation is the 'click' generation," said Justin P. Webb, an information security officer at Marquette University in Milwaukee. "Essentially they are quick to react to something interesting on social media before thinking about the consequences."

"Oftentimes a single click on a malicious link is sufficient to infect a computer," Webb said, "and the most glaring problem is that student computers remain infected for long periods of time without intervention."

Marquette provides incoming students with an information packet regarding IT security and acceptable-use policies, a practice more schools are adopting.

But there are some basic security practices that Webb and other IT security personnel wish students knew before they powered up their computers in their dorm rooms for the first time.

Privacy is something to be cherished. Social media and social interaction tools provide myriad ways of interaction that are healthy for college students, but there is a dark side to use of such technologies, Webb said.

"Students often forget that it's not just their friends checking out where they are and who they are friends with," Webb said. "I always stress that students should not broadcast that information outside their own circle of trust."

Updating your computer is important. "If a student does nothing else other than update their computer when updates first come out, they are ahead of 80 percent of individuals on the Internet," Webb said. "The most secure students are the ones that follow the recommended updates, simply because malicious actors are banking on the fact that most people do not update their computers in a timely manner."

A healthy dose of skepticism is good medicine. Students are constantly presented with various emails, job offers, internship opportunities and ads. They should enter any of those situations with a questioning attitude and a "prove it to me" mantra.

According to Webb, a lot of infections and identity thefts occur not from computer infections per se, but from phishing and other social-engineering tactics — and such tactics can be used in a host of different ways.

Students should always be skeptical of "too good to be true" offers, and think twice before divulging information to a third party who has not been fully vetted.

Just because a bunch of other people downloaded it, that doesn't make it legal or infection-free. Copyright infringement occurs at most universities.

"There is a misconception among students that if a whole bunch of people have downloaded something, it can't be illegal or it can't be a hidden virus," Webb said. "That, of course, is not the case."

In such situations, every student should stop and consider three questions: (1) Is the conduct I am about to engage in illegal? (2) Am I confident in the source of the file/Web page that I am about to access? (3) Is an infection of my computer worth clicking on this?

If that thought process were to occur, the Internet would be a different place.

Your user ID belongs to you. Don't share it. Your buddies want to use your computer — and you let them sign on as you. So what happens when they send a "joke" to the White House using your name and threaten to kill the president?

"I'll tell you what happens: You get a visit from the Secret Service within a few hours," said M.E. Kabay, professor of information assurance and statistics at Norwich University in Northfield, Vt.