Some Best Practice Considerations
Who to Contact?
The security and integrity of Harding University's Information Systems & Technology resources (IST) is vital. There are a number of ways IST can be compromised and all who use the resources have a part to play in guarding the IST resources at Harding
Attacks that are aimed to compromise the security and integrity of IST resources can be focused on standalone computers. However those attacks are able to quickly infect other IST resources on the networks to which they are connected.
As a consequence, it is imperative that protections be implemented and that they are adhered to rigorously. This will reduce the likelihood of a security and integrity outbreaks and minimize the risks associated with any outbreak. Harding University has a responsibility to protect its resources. Accordingly, all possible points of entry (internet, e-mail, removal media, personal computers, gateways, servers, employee computers) need to be protected and appropriate actions must be implemented to counter the risks. The success of this program depends on the products available and the regular use of these products by students and employees.
There are three common ways our computers are attacked. They are:
A virus is a software program or piece of code that infects a computer and reproduces itself to spread throughout the computer or to other computers. Viruses are spread through executable code, which means it must be activated to affect a system and spread. Viruses can sit dormant in computer system until they are activated, either remotely or with a countdown in the code itself.
Malware is short for malicious software. There are different types of malware. A trojan is a type of malware that is surreptitiously downloaded with other software; trojans do not replicate as viruses do, but trojans are generally more malicious because they steal information and “phone home” that information to its master. The name “trojan” comes from the Greek mythology story about the Trojan Horse. Other malware might include spyware or adware, which track the computer’s user’s computing habits, history, or online shopping browsing and buying. Spyware is intended to keep a record of the activity, while adware is intended to blast the user with targeted ads based on web browsing and online habits. Both do so usually without the user’s knowledge.
Phishing is the name given for one of the worst computer crimes: identity theft. Phishing attempts usually come in the form of emails, instant messages, or hacked websites. They direct the user to what appears to be a legitimate website or application. The user, assuming the website/application is legitimate, enters his username and password, which is promptly stolen.
Although it is increasingly difficult as crooks become more sophisticated, you can prevent viruses and phishing attacks. Some of the tips given below may require you to radically change your computer use and Internet browsing. But if you have ever experienced a virus or trojan, and tried to fix your computer after getting one, you probably realize very quickly that the ounce of prevention really was worth the pound of cure.
Harding University will maintain a site license and/or make available virus and malware detection and prevention software for personal computers and servers maintained by the University. University clients who have access to networked personal computers will have direct access to the currently supported virus and malware detection and prevention software. Employees will ensure that the virus and malware software installed on their personal computers is in accordance with this policy, and is not tampered with or removed.
The Manager of Network Services will monitor virus developments and ensure that clients have access to appropriate tools or information to enable them to protect their personal computers against possible infection by a computer virus or malware.
The Manager of Network Services will thoroughly investigate any report of a virus and malware infection or possible virus and malware infection. If the report is of a serious nature or the effect is widespread, the Chief Information Officer will be informed so that whatever measures are necessary to deal with the matter can be implemented.
Employees or students will not be asked to supply their username or password to anyone. If maintenance is required on your computer, other procedures will be enacted to carry that out. The Information Systems and Technology Department will NOT as you for your username or password – over the phone, in an email, or other forms of communication.
Therefore, do NOT supply your username or password no matter how legitimate the request seems. Please see examples of emails that seem legitimate in which a username and password is requested. These are examples of phishing.
There are a lot of resources you can easily find that deal with this. One that is recommended is:
If you suspect you have you have been a victim of an IST security or integrity attack, please contact the following as soon as possible:
Phone: 501 279 4440
Phone: 501 279 4545