These educational resources are intended to educate the campus community on information security topics to heighten cyber security awareness and to reduce the risks of a security breach.  Please familiarize yourself with this content to protect your professional and personal digital life.

To learn more and view resources that can help keep you secure, select a topic from the menu to the left of the page.

Desktops, laptops, tablets and smartphones enable us to get information on the go. We no longer have to be tethered to our desks to check our email, surf the web, or access files and information. Advances in wireless communication have made communication mobile, but also made it easier for the unscrupulous to access our personal information. Unless you secure your devices against loss, theft and unauthorized access, you are vulnerable.

Please review our Tips for Good Computer and Mobile Security below:

1. Use a password to protect all your devices

  • Choose a strong a password, use different passwords for different devices.

2. Log off, lock or shut down, your devices  before leaving them unattended.

  • Press the Ctrl-Alt-Delete or Windows-L keys simultaneously on a PC; Apple menu or power button on a Mac to log off, shut down, restart or to put your computer to sleep.
  • Set your computer and portable devices to automatically lock when they're not being used.
  • Shut down your office computer at the end of each work day to ensure cyber security as well as to save energy and prevent failures from power disruptions.  Additionally, restarting helps to make sure software and security updates are properly installed.

3. Secure laptop computers and mobile devices at all times: Lock them up or carry them with you.

  • In your office or dorm room, at coffee shops, meetings, conferences, etc. - Remember: Phones and laptops get stolen from cars, houses, and offices all the time.
  • Make sure it is locked to or in something permanent.
  • Laptop lockdown cables are available at most computer or office supply stores.

4. Make sure your computer is protected with anti-virus and all necessary security "patches" and updates.

  • When prompted to run a software update, please don't postpone it.
  • Be sure to run your anti-virus scan if and when you suspect a problem.

5. Don't install or download unknown or unsolicited programs to your devices.

  • These can harbor behind-the-scenes computer viruses or open a "back door" giving others access to your computer without your knowledge.

6. Evaluate your security settings.

  • Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements.
  • Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked.
  • It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk.

7. Make backup copies of files or data you are not willing to lose -- and store the copies securely.

  • Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. Regularly backing up your data on a network share or a portable device reduces the stress and other negative consequences that result from losing important information.
  • If your mobile device is stolen, it's bad enough that someone else may be able to access your information. To avoid losing all of the information, make backups of important information and store the backups in a separate location.

8. Configure mobile devices securely.

  • Enable auto-lock.
  • Enable password protection and require complex passwords.
  • Avoid using auto-complete features that remember user names or passwords.
  • Ensure that browser security settings are configured appropriately.
  • Enable remote wipe.
  • Ensure that SSL protection is enabled, if available.

9. Always make sure to lock any device (computer, cell phone, tablet, etc.) if you will be away from it for any period of time.

  • If a device is left unattended, data and account information can easily be accessed and stolen.

Additional resources:

Please review our tips for user account security below to learn ways to help secure your digital life.

1. Create a strong user account password.

  • The best passwords are long and contain a mix of uppercase letters, lowercase letters, numbers, and special characters.
  • Passwords should not be based on words because of the risks of them being discovered by dictionary attack techniques.
  • Stonehill password requirements include a minimum of 8 characters, and this is a good minimum for other sites.

2. Create a password that is easy to remember, for you not others.

  • Family member’s names, birthdays and pet names are easy passwords for others to guess, so try to use a word or phrase that is memorable but tough for others to decipher.
  • Be sure to check out our Password Security and Security Questions page for tips on creating the most secure password and security questions.

3. Never share your user account password with anyone.

  • Never write down your password and leave it accessible for anyone to find – this includes sending it in an email

4. Do not use the same password for everything.

  • If your password is the same for Gmail, your Stonehill account, your bank account, and Twitter and one of your accounts is hacked, they all may easily be compromised.

5. Change your password frequently.

  • Your Stonehill password is required to be changed every 180 days, but you may change it at any time using the Password Change Service.
  • While some web-based services may not force a password change, it's a good practice to change them periodically.

6. Protect PINs which may be used with bank cards, credit cards, and voicemail accounts.

  • Make sure to keep your PINs confidential and protected, including covering a keypad if typing in a public area.
  • Change your PINs regularly.

7.Choose a good security question and an answer to prevent anyone from guessing the answers to change your password.

A good questionwill be:

  • Applicable – It should pertain to your life events
  • Definitive –It should have only one correct answer that does not change

Good answers to these questions should be:

  • Memorable – It should be easy to remember
  • Secure – It should be difficult to guess or find through research by others and it should be 

8. Use a passphrase instead of a word as a password and an answer for a security question.

  • A passphrase is simply a different way of creating a much longer password using a meaningful phrase.
  • A passphrase can be a favorite song lyric, a quote from a book, magazine, or movie, or something your kids said last week.
  • Dictionary words and names are combined with letters, numbers and symbols, without spaces.

Some example passphrases are:

  • IwillgraduateIn2014
  • ToB0ldlyGo
  • ILikeMilk&C00kies
  • Paris is my favorite city

Additional Resources:

Please review our tips for Communication & Social Network Awareness below to learn ways to help secure your digital life:

1. Remember that whatever you put on the internet, stays on the internet. 

  • This includes photos, videos, posts on social networking sites, comments, anything and everything.  Nothing is temporary, and rarely is anything truly anonymous.

 2. Be wary of attachments in emails, even from trusted senders. 

  • If you weren’t expecting an attachment, or if the email doesn’t call for one in a way that makes sense, don’t open it.
  • If you’re not sure about an attachment from a trusted sender, reply asking them.  Sometimes malware can send malicious emails from the accounts of people you know, without their knowledge, so it’s always a good idea to double-check with the senders themselves if you’re not sure.

3. Never offer personal information across emails, regardless of the sender. 

  • If an email is asking for a password or other personal information, never give it; instead check with the sender if they are trusted, or contact them by other means first for verification.  Just because someone says they are “from IT” does not mean it is true.
  • Even reputable businesses such as PayPal or Bank of America can be target for phishing scams, often with very convincing-looking emails complete with accurate logos and graphics.  Use common sense and do not give information that you wouldn’t normally share.
  • If you suspect a phishing attempt, or are unsure of whether a request for information is legitimate or appropriate, call the Service Desk.

4. Be wary of re-directions from search engines or other sources; if you are expecting to arrive at one website and end up at another, back up and make sure you are not being redirected.  

  • Watch your browser’s address bar (where you type the website you intend to go to) and see if it flashes a different address quickly, then another, before bringing you to the page.  This could be signs of unwanted redirection.  As always, when in doubt, close your browser.
  • There is a de facto standard among web browsers to display a lock icon somewhere in the window of the browser (NOT in the web page display area) that lets you know the web page is secure.
    • The lock icon is not just a picture. Click (or double-click) on it to see details of the site's security.  This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser.

 5. Be careful when posting to social networking sites. 

  • Be aware that whatever you post on Facebook, Twitter, etc. will stay there forever, and is potentially available for viewing by the public at large, including people you may not want to see it, such as family, future employers, etc.
  • Always verify your privacy settings on your social networking sites to make sure you are not leaving unnecessary openings to your account. Be sure to visit the privacy settings pages for all social networking sites you belong to and adjust your settings accordingly. For example:
    • Facebook Privacy Settings
    • Twitter Privacy Policy and About Public and Protected Tweets

6. Never use your Stonehill email address to sign up for external websites or accounts, such as social networking sites like Tumblr, Pinterest, LiveJournal, etc. 

  • Always try to keep your Stonehill email separate from your personal online life; use another personal email account like Yahoo or Gmail to sign up for external website accounts.  Doing otherwise can potentially open your Stonehill email up to compromise by phishing attempts and junk mail.

 7. Never use your Stonehill password for anything other than your Stonehill account. 

  • Never use the same password for multiple accounts, especially critical personal accounts like online banking, credit cards, and online merchants that handle your money like Amazon, Paypal, etc.

 

 

Avatar—a personalized graphic file or rendering that represents a computer user or user’s alter ego, often used on Web exchange boards and in online gaming; can be a real-life digital photo, but is more often a graphical representation.

App—a web application, accessed over the Internet, for a mobile device (e.g., smartphone, tablet) that works much like user-installed software on a computer allowing the device to perform specific tasks.

Bandwidth –also called “data transfer rate,” the amount of data that can be carried online from one point to another in a given time period, usually expressed in bits (of data) per second (bps) or bytes per second (Bps). Dial-up Internet accounts, which use a standard telephone line to connect to an Internet Service Provider (ISP), have a very narrow bandwidth (about 50 Kbps or 50,000 bits per second) and take a long time to download data. A broadband Internet account can move data at anywhere from 128 Kbps to 2,000 Kbps or more and can download large files, such as video files, much faster.

Blog—from “web log,” a regularly updated personal journal, conversation, commentary, or news forum on virtually any topic that is published on the Web and may include text, hypertext, images, and links; typically displayed in reverse chronological order, blog posts invite comments from readers creating online communities of individuals with shared interests over time; updating a blog is “blogging,” someone who keeps a blog is a “blogger,” and blog entries are called “posts.”

Botnet—a network of private computers, each of which is called a “bot,” infected with malicious software (malware) and controlled as a group without the owners' knowledge for nefarious and, often, criminal purposes; computers are typically infected when users open up an infected attachment or visit an infected website.

Browser—short for Web browser, a software application that locates, retrieves, and displays information resources on the World Wide Web. An information resource is identified by a URL (Uniform Resource Locator), and may be a web page, image, video, or other piece of content. Popular browsers include Microsoft Internet Explorer, Firefox, Google Chrome, and Apple Safari.

Byte—a unit of digital information commonly consisting of eight “bits” (a binary unit and the smallest increment of computer data) used as a measurement of computer memory size and storage capacity (usually in terms of MBs or “megabytes,” and GBs or “gigabytes”). Bits and bit rates (bits over time, as in bits per second [bps]) are also commonly used to describe connection speeds. (See bandwidth.)

Cloud computing—a technology that uses the Internet and remote servers to maintain data and applications, allowing users to access applications without installation and access to their personal files from any computer with Internet access; centralizes storage, memory, processing, and bandwidth; examples include Yahoo email or Gmail with the software managed by the cloud service providers Yahoo and Google.

Computer virus—a software program that is designed to replicate itself, spread from one computer to another, and interfere with computer operation; a computer virus may corrupt or delete data on a user’s computer, use an email program to spread itself to other computers, or even erase everything on a user’s hard disk. Computer viruses can be spread by attachments in email messages or instant messaging messages; disguised as attachments of images, greeting cards, or audio and video files, and hidden in illicit software or programs that are downloaded to a computer.

Cookie—also referred to as an “HTTP cookie,” is a small text file that contains a unique ID tag placed on the user’s computer by a Web site to track pages visited on the site and other information; “tracking cookies” and “third-party tracking cookies” are used to compile long-term records of individuals’ browsing histories.

CPU—the central processing unit, the “brain” of the computer, is the hardware within a computer system that carries out the instructions of a computer program by performing the basic arithmetic, logic, and other operations of the system; on personal computers, the CPU is housed in a single chip called a “microprocessor.”

Cyberbullying—bullying that takes place using electronic technology, including the Internet,  and related technologies to harm other people, in a deliberate, repeated, and hostile manner; may involve text messages or emails, rumors sent by email or posted on social networking sites, and embarrassing pictures, videos, Web sites, or fake profiles.

Cyberstalking—a criminal offense that involves using the Internet or other technology to stalk or harass an individual, a group of individuals, or an organization; it may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, or harassment.

Cyberspace—the global network of interdependent information technology infrastructures, telecommunications networks, and computer processing systems; a metaphor for describing the non-physical terrain created by computer systems, it has come to mean anything associated with the Internet and the diverse Internet culture.

Content management system—a software system that allows website publishing, editing, content storage and modification, database management, and site maintenance from a central Web page; allows multiple users with little knowledge of web programming or markup languages may collaborate to create and manage  website content with relative ease.

Computer actions:

  • Clicking—to tap on a mouse button, press it down, and immediate releasing it; to click on means to select a computer screen object by moving the mouse pointer to the object’s position and clicking a mouse button; some operations require a double click, clicking a mouse button twice in rapid succession.
  • Downloading—the transmission of a file from one computer system to another; to download a file is to request it from one computer (or from a Web page) and to receive it on another computer. Uploading is the transmission of a file in the other direction, from one computer to another.
  • Posting—to publish a message in an online forum, such as a blog, or newsgroup; a post is a message published in an online forum or newsgroup.
  • Logon—also called logging in or on, the process used to get access to an operating system or application; most logon procedures require a user to have a user ID and a password.

Denial of Service Attack—type of online computer attack designed to deprive user or groups of users normally accessible online services; generally involves effort by hackers to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

Digital—term commonly used in computing and electronics, describes any system in which data is converted to binary numeric form as in digital audio and digital photography; computers are digital machines because at their most basic level they can distinguish between just two values, 0 and 1, or off and on. All data that a computer processes must be encoded digitally as a series of zeroes and ones. The opposite of digital is analog; a typical analog device is a clock in which the hands move continuously around the face.

Digital Signature—an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document; can also be used to ensure that the original content of the message or document that has been sent is unchanged; often used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

Domain Name System (DNS)—a database system that translates Internet domain and host names to IP addresses; DNS automatically converts the name typed into a Web browser address bar to the IP addressesof Web servers hosting those sites.

E-book reader—a portable electronic device that is designed primarily for the purpose of reading digital books and periodicals.

Email—short for electronic mail, the transmission of digital messages over communications networks, including the Internet; consists of three components: the message envelope, the message header, and the message body.

Encryption—the conversion of digital information into a format unreadable to anyone except those possessing a “key” through which the encrypted information is converted back into its original form (decryption), making it readable again.

Firewall—software or hardware that, after checking information coming into a computer from the Internet or an external network, either blocks the transmission or allows it to pass through, depending on the pre-set firewall settings, preventing access by hackers and malicious software ; often offered through computer operating systems.

Geotagging—the process of adding geographical location, or label, to photographs, videos,  website, SMS messages, QR Codes, or RSS feeds; a geotag usually consists of latitude and longitude coordinates, altitude, distance, place names, and other details about the origin of the media being tagged helping users find a variety of online location-specific information.

Global Positioning System (GPS)—space-based satellite navigation system that provides positioning, navigation, and timing/distance information; maintained by the United States government and freely accessible to anyone with a GPS receiver.

Hardware—specifically, computer hardware, is the collection of physical elements that comprise a computer system, including a CPU, monitor, keyboard, hard disk, and printer. In contrast, software (specifically, computer software) is a collection of computer programs, procedures, algorithms, and its documentation that provides instructions for telling a computer what to do and how to do it. 

Hashtag—words or phrases prefixed with the symbol # (the pound sign); used to mark keywords or topics in a Tweet or social networking service.

Hyperlink—an element in an electronic document that links to another place in the same document or to an entirely different document; typically, you click on the hyperlink to follow the link. Hypertext is text with hyperlinks.

HTMLHyperText Markup Language is the main markup language for displaying web pages and other information that can be displayed in a web browser; HTML elements, which form the building blocks of all Web sites, consist of tags enclosed in angle brackets (e.g.,); browsers do not display the HTML tags, which provide instructions about the appearance and content of the page, but use the tags to interpret the content of the page.

HTTP—Hypertext Transfer Protocol, the foundation of data communication for the World Wide Web, defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands. For example, when an URL is entered into a browser, an HTTP command is sent to the Web server directing it to retrieve and transmit the requested Web page.

HTTPS—Hypertext Transfer Protocol Secure, provides secure communication over a network, such as the Internet; basically layers additional security measures over HTTP; used by financial and online commerce Web sites to ensure the security of private information.

IP Address—a unique identifier in the form of a numerical label assigned to each device, such as a personal computer or server, participating in a network, such as the Internet.

Intellectual property—usually governed by patent, trademark, and copyright law, a set of rights that are recognized for owners of various property (e.g., machines, musical, literary and artistic works, discoveries and inventions, and applications); applicability to digital realm is hotly contested area of the law.

Internet—a worldwide collection of computer networks that use the standard Internet Protocol Suite to serve billions of users interconnected by a broad array of electronic, wireless, and optical networking technologies; the Internet carries an extensive range of information resources and services, including inter-linked hypertext documents of the World Wide Web and the infrastructure to support email.

Internet Service Provider (ISP)—an organization, usually a private business, that provides personal and business computers access to the Internet; users usually pay a monthly fee to an ISP for this service.

Keylogger—also called keylogging and keystroke logging, is the action of tracking (or logging) the keys struck on a computer keyboard; usually runs hidden in the background and automatically records all keystrokes so that users are unaware of its presence and that their actions are being monitored.

Keyword—in computer programming, a word or identifier that has a particular meaning to the programming language; also a term that captures the essence of the topic of a document used by a search engine to retrieve online documents related to that term or terms.

JPEG—a standard method of compressing photographic images for storing and transmitting on the World Wide Web; JPEG is also the file format which employs this compression (with the following file extensions: .JPEG, .JFIF, .JPE, .JPG); the term is an acronym for Joint Photographic Experts Group, which created the standard.

Laptop –a personal computer for mobile use that integrates most of the typical components of a desktop computer (i.e., display, keyboard, touchpad); sometimes called notebook computers, notebooks, or netbooks.

Malware—short for malicious software, software that disrupts or damages a computer’s operation, gathers sensitive or private information, or gains access to private computer systems; may include botnets, viruses, worms, Trojans, keyloggers, spyware, adware, and rootkits.

  • Botnet - a network of private computers, each of which is called a “bot,” infected with malicious software (malware) and controlled as a group without the owners' knowledge for nefarious and, often, criminal purposes.
  • Virus - type of malware that has a reproductive capacity to transfer itself from one computer to another spreading infections between online devices.
  • Worm - type of malware that replicates itself over and over within a computer.
  • Trojan - type of malware that gives an unauthorized user access to a computer.
  • Spyware - type of malware that quietly sends information about a user’s browsing and computing habits back to a server that gathers and saves data.
  • Adware - type of malware that allows popup ads on a computer system, ultimately taking over a user’s Internet browsing.
  • Rootkit - a type of malware that opens a permanent “back door” into a computer system; once installed, a rootkit will allow more and more viruses to infect a computer as various hackers find the vulnerable computer exposed and attack.
  • Ransomware - a type of malware that encrypts or otherwise locks a user’s files and demands money from the user to get them back.  

Mobile device—also called a handheld, handheld device, or handheld computer, a pint-sized computer device, typically having a display screen with touch input or a miniature keyboard; most common types are smartphones, PDA, pagers, and personal navigation devices.

Modem—an electronic device that converts a computer’s digital signals into specific frequencies to travel over telephone or cable television lines; computers use modems to communicate with one another over a network; often used to link home computers to the Internet through an Internet Service Provider.

Network—also called a computer network, is a collection of computers interconnected by communication channels that allow sharing of resources (hardware, data, and software) and information; most common is the local area network or LAN, anywhere from a few computers in a small office to several thousand computer spread through dozens of buildings; a wide area network or WAN connects computers across multiple geographic locations, even on different continents.

Online gaming—any type of game played through the Internet, over a computer network, or on a video game console (e.g., Xbox 360 and Playstation 3); usually refers to video games played over the Internet, where multiple players are in different geographic locations.

Open source software—software often developed and distributed to users at no cost in a public, collaborative manner; permits users to study, change, improve, and at times also distribute the software.

Operating system—a set of software or software platform on top of which other programs, called application programs, can run.

PDF—developed by Adobe Systems, a portable document format file that is a self-contained cross-platform document so that files will look the same on the screen and in print, regardless of the computer or printer being used or software used to originally create the file.

Personal computer (PC)—any general-purpose computer whose size, capabilities, and cost make it useful for individuals; PC software applications include, but are not limited to, word processing, spreadsheets, databases, databases, Web browsers, email, and games; may be a desktop computer, laptop, table, or a handheld PC. The term PC has been traditionally used to describe an “IBM-compatible” personal computer, in contrast to an Apple Macintosh computer.

Phishing—sending emails that attempt to fraudulently acquire personal information, such as usernames, passwords, social security numbers, and credit card numbers, by masquerading as a trustworthy entity, such as a popular social website, financial site, or online payment processor; often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.

Plug-ins—sometimes called add-ons, are software modules that add functionality to an application; commonly used in web browsers to play video, scan for viruses, and display new file types; well-known plug-in examples include Adobe Flash Player, QuickTime, and Microsoft Silverlight.

Podcast—an audio digital file that is received from the Internet and then downloaded and synced to a portable media player or computer; files are received by subscribing to a podcast feed (sometimes called an RSS feed); the term combines “broadcast” and “pod” from the success of the iPod, although podcasts can be listened to on any portable media player.

Pop-ups—or pop-up ads, are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses; created by advertisers, pop-ups generally appear unexpectedly in a small web browser window when a user is linking to a new Web site.

Pop-up blockers—a web browser feature, software, or application that allows users to limit or block pop-up ads; users may often set the preferred level of blocking, from total blocking to minimal blocking.

RSSReally Simple Syndication is a family of web feed formats used to publish frequently updated works, such as blog entries, news headlines, audio, and video—in a standardized format; users subscribe to RSS feeds, which automatically send favorite content to users who have signed up for the feeds.

Search engine—program that searches documents for specified keywords and returns a list of the documents where the keywords were found; often used to describe systems, including Google, Bing, and Yahoo! Search that enable users to search for documents on the World Wide Web.

Security software—a generic term referring to any computer program that secures a computer system or computer network; the two main types of security software are virus protection software and software that removes adware and spyware (both require regular updating to remain effective).

Server—a computer program or physical computer that services other computers over a local network or the Internet; network servers typically are configured with additional processing, memory, and storage capacity; specific to the Web, a Web server is a computer program (housed in a computer) that serves requested HTML pages or files.

SMTPSimple Mail Transfer Protocol is a protocol for sending e-email messages between servers.

Smart phonehandheld device built on a mobile computing platform that features, typically, a digital camera, video camera, Global Positioning System (GPS), e-mail, and all the features of a standard cell phone; usually equipped with a high-definition, touch pad screen and miniature keyboard, smartphone allows downloading of apps for a wide range of uses.

Social networking—using Internet-based tools that allow people to listen, interact, engage, and collaborate with each other; popular social networking platforms include Facebook, MySpace, YouTube, LinkedIn, and Twitter.

Software—specifically, computer software, is a collection of computer programs, procedures, algorithms, and its documentation that provides instructions for telling a computer what to do and how to do it. In contrast, hardware (specifically, computer hardware) is the collection of physical elements that comprise a computer system, including a CPU, monitor, keyboard, hard disk, and printer. 

Spam—the use of electronic messaging systems to send unsolicited bulk messages (usually advertising or other irrelevant posts) to large lists of email addresses indiscriminately.

Spyware—a type of malware (malicious software) installed on computers that collects information about users without their knowledge; can collect Internet surfing habits, user logins and passwords, bank or credit account information, and other data entered into a computer; often difficult to remove, it can also change a computer’s configuration resulting in slow Internet connection speeds, a surge in pop-up advertisements, and un-authorized changes in browser settings or functionality of other software.

SQLstructured query language, a special-purpose programming language designed for managing data in relational database management systems.

TLStransport layer security (and its predecessor, secure sockets layer/SSL), are cryptographic protocols that provides communication security over the Internet.

Sexting—the act of sending sexually explicit messages or photographs primarily between mobile phones.

Syncing—the process of copying all electronic files and folders from one device to another (e.g., from a smartphone to a personal computer) through an Internet connection.

Tablet Computer—a kind of mobile computer, larger than a mobile phone or personal digital assistant, usually having a flat touchscreen or pen-enabled interface.

Twitter—an online social networking service that enables users to send and read text-based posts of up to 140 characters, known as “tweets.”

URL—the Uniform Resource Locator is the global address of documents and other resources on the World Wide Web; a URL contains the name of the protocol to be used to access the file resource, a domain name that identifies a specific computer or server on the Internet, and a pathname, a hierarchical description that specifies the location of a file on that computer or server.

USB Flash Drive—also called a jump drive or thumb drive, is a data storage device that is typically removable (plugged into a USB/Universal Serial Bus port on a personal computer) and rewritable, and physically much smaller than a floppy disk.

USB PortUniversal Serial Bus port, a single, standardized way to connect devices (modems, printers, scanners, digital cameras, etc.) to a personal computer.

Virtual reality—an artificial environment created with computer software that can simulate physical presence in places in the real world, as well as in imaginary worlds, primarily through sight and sound experiences; may range from a three-dimensional image that can be explored interactively at a personal computer to more sophisticated approaches involving wrap-around display screens, rooms with wearable computers, and devices that let you feel the display images.

Voice chat—a modern form of communication using the Internet through services such as Skype, Yahoo! Messenger, AOL Instant Messenger, or Windows Live Messenger.

VoIPVoice over Internet Protocol, a technology that allows voice calls using a broadband Internet connection instead of a regular (or analog) phone line.

Wi-Fi—a technology that allows an electronic device (personal computer, video game console, smartphone, tablet, digital audio player) to exchange data wirelessly (using radio waves) over a computer network.

Wi-Fi Hotspot—a wireless access point to the Internet or other computer network over a wireless local area network through the use of a router connected to a link to an Internet service provider; frequently found in coffee shops and other public establishments, a hotspot usually offers Internet access within a range of about 65 feet (20 meters) indoors and a greater range outdoors; many smartphones provide built-in ability to establish a Wi-Fi hotspot.

Webcam—a video camera that feeds images in real time to a computer or computer network; can be used to establish video links permitting computers to act as videophones or videoconference stations; also used for security surveillance, video broadcasting, and social videos (such as many viewed on YouTube).

WWW—the World Wide Web (commonly known as “the Web” or the “Information Superhighway”), a vast collection of linked files accessed over the Internet using a protocol called HTTP (Hypertext Transfer Protocol); the system supports documents specially formatted in a markup language called HTML (Hyper Text Markup Language) that supports links to other documents, as well as graphics, audio, and video files. With an Internet “web browser,” one can view “web pages” that may contain text, images, video, and other multimedia, and “navigate” between them via “hyperlinks.” World Wide Web is not synonymous with the Internet. The WWW is just one of many applications of the Internet and computer networks.

Web server—computer hardware and software that runs a  website and is always connected to the Internet; using HTTP (Hypertext Transfer Protocol), a Web server delivers Web pages to browsers and other data files to Web-based applications; every Web server has an IP address and often a domain name.

Website—a collection of specially formatted, related Web files (or pages) on a particular subject or organization that are stored on a computer known as a web server and accessible through a network such as the Internet; include a beginning file called a home page; a web page can contain any type of content, including text, color, graphics, animation, and sound.

 

ZIP—a file format used for data compression and archiving; a zip file contains one or more files that have been compressed to make file size considerably smaller than the original file; the zipped version of files have a .zip file extension; can significantly reduce e-mail transmission time and save on storage space.

The use of mobile devices and ubiquitous access to wireless networks are becoming the norm across the globe. Unfortunately, online predators know how to steal information when proper security is not in place. Using unsecured wireless networks and web sites can expose your information to criminals. Encrypting laptop disks, storage devices, and sensitive files can also protect your information

Please review our tips for Information Security and Secure Connections below:

1. Use encryption to protect your information.

  • Encryption is a way to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the appropriate encryption key to unscramble it.

  • You can choose to encrypt your entire hard disk or a storage device like a hard drive, USB storage devices may be purchased with built in encryption. The best way to ensure that files on your laptop are not accessible if it is lost or stolen is to use disk encryption. Some common free tools for encryption are VeraCrypt (Windows, Mac,Linux), FileVault (Mac), 7-Zip (Windows), and GNU Privacy Guard (Windows, Mac, Linux).  All Stonehill laptops have their system drives already encrypted; with either Bitlocker or Truecrypt for Windows, and with FileVault for Mac.

  • File encryption is recommended for securely transmitting information as an email attachment. MS Office documents can be encrypted with a password that is then shared with the receiver in a separate message or method.  Use this option with caution as email is inherently unsecure.

2. Ensure that a web site is secure and is what it claims to be before entering personal information.

  • Online shopping and banking is convenient for all of us, including criminals. Attackers can create malicious websites that appear to be legitimate often sending links in email messages that just as legitimate. Make sure the site is legitimate and your information is being encrypted before entering information like bank account, credit card number, or passwords.

  • Use reputable sites that are known to you. If you are unsure about a source, type the address into your browser instead of clicking on a link in an email or on a web site.

  • A legitimate site will use SSL, or secure sockets layer, to encrypt information. Indications that your information will be encrypted include a URL that begins with "https:" instead of "http:" and a padlock icon. If the padlock is closed, the information is encrypted. The location of the icon varies by browser; for example, it may be to the right of the address bar or at the bottom of the window.

  • Click the lock to get verification of the web site’s identity.  Information about the site owner and the certificate authority that issued the SSL certificates should be displayed.  If you are unsure, search for information on the authority.

  • If you are still unsure, don’t use the website.

3. Always practice wireless safety with public hot spots.

  • Only use legitimate hotspots (wireless access points).  Make sure you know who owns the connection you are trying to access.

  • Enable the personal firewall on your computer. Microsoft Windows users have a personal firewall installed.

  • Turn off your Android/iPhone's built-in Wi-Fi when you aren't using it or you may be auto-connecting to nearby wireless access points - plus it saves your battery!  You should also choose the wireless setting that requires manual selection of a network that is not known.

  • Secure your wireless network at home by configuring WPA security which enables encryption and a password for your network.WEP is a less secure option if WPA is not available. If you are in an area with many wifi hot spots or lots of residents near your wifi consider not broadcasting your SSID.

  • Public networks that are available at places such as Starbucks, McDonalds, and Panera are unsecure and susceptible to “sniffing” by criminals. This means that they may see sensitive information that you transmit like passwords and credit card numbers. Use of these networks is not recommended for doing anything that requires a login. Some of this risk is removed by using the Stonehill VPN (Virtual Private Network) which encrypts your connection, but only for services accessed at Stonehill.

4. Use hillspot secure wireless at Stonehill, not guest.

  • The hillspot secure wireless network is encrypted so information sent over the network cannot be intercepted by anyone else.

  • The Guest wireless network is unsecure and information sent over this network is in clear text. This means that software may be used by anyone to read all of your transmissions.

5. Exercise caution when using peer-to-peer file sharing.

  • BitTorrent is a commonly used peer- to-peer file sharing protocol that accounts for a large percentage of all internet traffic. There many legitimate uses for this protocol but it is unfortunately commonly used for copyright infringement.

  • Copyright infringement is a serious offense in the United States and carry’s severe penalties including jail time and fines up to $150,000 dollars for each work infringed and can easily ruin the rest of your life.

  • Cyber criminals commonly implement their malicious software into torrents as it is an easy way to distribute malware disguising it as some other piece of work such as a song, movie or software.

  • For more information on peer-to-peer file sharing and its risks, please visit our Peer-to-Peer File Sharing page.

Additional resources:

1. What is Malware?

  • Malware is malicious software that’s sole intent is to damage or disable computers and computer systems. It typically vandalizes PCs and corrupts files, all while appearing to be legitimate software. They may even be after private information that can be used to compromise your personal information, such as a keylogger that monitors your every keystroke in an effort to steal credit card information.

2. How does Malware Get on My PC?

  • It’s hard to hear, but malware often ends oup on your PC because you installed it. Malware works like most scams that trick its victims, and all you have to do is make one wrong click.
  • Malware can sometimes be packaged in with more legitimate software. A download and installation can also be triggered by clicking on a phony error message
  • Download “free” software from a disreputable source or a peer-to-peer network can also welcome malware onto your PC.

3. Secure Your PC

  • The software on your PC may contain exploits or security holes that make it easy to infect with Malware. Install any operating system updates as these often include security patches to protect yourself while online.
  • Always run an anti-virus software program and be sure to update the virus definition files regularly. Having up to date protection software on your PC is the first line of defense from Malware.

4. Be Skeptical

  • While many browsers have reduced the annoyance of pop-up windows, they still exist. Anytime you see one, you should be on your guard and avoid clicking on anything within the window.
  • Never click on any pop-ups that imitate a Windows or Mac error message when you try to navigate out of a particular webpage. Force quit the browser if necessary and if you are concerned that something began installing itself on your computer, immediately run a scan with your Internet security software.
  • Do not open any attachments unless you were expecting them from a reputable source.

5. Live SPAM free

  • If you receive SPAM in your inbox, be sure to mark it as SPAM so your email client knows how to handle those messages. Be careful of selecting the unsubscribe link to stop messages from that particular sender, as these links have been know on rare occasions to trigger a malware attack. It’s better to let your email client software handle to blocking and removal of these messages.

6. Install any new software with extreme caution

  • If you are downloading and installing software from a reputable source that you trust, such as iTunes or Spotify, then you should be safe so long as you are downloading directly from the software publishers page. If you are downloading from a source you do not trust 100%, then Google the name of the product and find a direct link from the software distributor.
  • If you are uncertain about downloading something, call or email the IT Service Desk.
  • Installing software on your computer is like welcoming a guest into your house. If you do not trust them implicitly, then proceed with extreme caution.

Peer-to-peer (P2P) file sharing involves using technology (i.e. software such as Bittorrent and Gnutella) that allows users to share files on their individual computers with other users around the world via an internet connection. While there are legitimate uses for P2P file sharing, it's mostly used for illegal downloading of copyrighted materials.

  • Copyright Law
  • Legal Alternatives
  • Dangers of Peer-to-Peer File Sharing

Copyright Law

Copyright refers to the legal rights that creators have over the use, distribution, and reproduction of their work which may include music, movies, books and software. Copyright infringement is the unlawful use of those materials. An example of copyright infringement is downloading all or part of a song without either purchasing the song or obtaining permission from the creator. You should assume that all materials are copyright protected unless you created them or you have received the creator's explicit permission to use them. More information about copyright can be found on the U.S. Copyright Office web site , especially their Frequently Asked Questions.

The Digital Millennium Copyright Act is a US law enacted in 1998 that heightened the penalties for copyright infringement on the Internet. The Recording Industry Association of America (RIAA) and, more recently, the Motion Picture Association of America have aggressively pursued protection of intellectual property rights of their respective artists. Additionally, students may face civil or criminal penalties for copyright infringement.

In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or "statutory" damages affixed at not less than $750 and not more than $30,000 per work infringed. For "willful" infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys' fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense.

The Higher Education Opportunity Act (HEOA) of 2008 includes several sections that impose requirements on all U.S. colleges and universities to deal with unauthorized file sharing on campus networks. Stonehill College has developed an HEOA Compliance Plan that details our plan to: educate students annually about copyright violation; use technology to deter the unauthorized distribution of copyrighted materials and offer alternatives to illegal downloading.

The College will take appropriate action against copyright infringement based on our DMCA policy, which may include removing or disabling access to the copyrighted material. Where it has been clearly established that a student is a repeat infringer, the College may terminate that person's account or take other action consistent with the College's Community Standards.

Legal Alternatives

Many online services allow you to download and pay for individual songs, albums, or movies which you can play or view on any device. Some companies use a subscription model where a monthly fee provides access to a vast library of songs or movies. Some TV networks now provide their shows online for free.

The following sites provide many links to legal alternatives to downloading as well as information about copyright:

We also recommend you utilize the Stonehill College Streaming Media resources below to find legal alternatives to access music and movies: 

Dangers of Peer-to-Peer File Sharing

P2P file sharing software has the potential to cause serious problems for your personal computer, as well as the Stonehill College network. File sharing can monopolize network bandwidth and interfere with the ability of others to connect to the Internet for academic and administrative purposes.

P2P software is often configured so that other users can access your hard drive and share all your files all of the time. Most also come bundled with "spyware" applications which degrade your computer's performance and allow third parties to monitor your computer usage. It is also very difficult to verify that the source of the files is trustworthy.

Many files on file sharing sites are infected with computer viruses and some of those are designed specifically to spread through P2P networks. Viruses and other malicious software may allow outside users to access your personal information, including financial or medical data, personal documents, or other sensitive information putting you at risk for identity theft.

If you have any questions, please contact the Service Desk at 508-565-1111or service-desk@stonehill.edu.

Please review our tips below to protect yourself against phishing attempts.

What is phishing?

Phishing is a common attack where a hacker attempts to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity.  Phishing attempts often look authentic, seeming to come from a legitimate business or individual. They frequently urge you to act quickly, warn you of a compromised account, or ask for additional information before fulfilling an online order.  

Phishing scams vary widely in terms of their complexity, the quality of the forgery, and the attacker's objective. Several distinct types of phishing have emerged.

Spear phishing

Phishing attacks directed at specific individuals, roles, or organizations are referred to as "spear phishing". Since these attacks are so pointed, attackers may go to great lengths to gather specific personal or institutional information in the hope of making the attack more believable and increasing the likelihood of its success.

The best defense against spear phishing is to carefully, securely discard information (i.e., using a cross-cut shredder) that could be used in such an attack. Further, be aware of data that may be relatively easily obtainable (e.g., your title at work, your favorite places, or where you bank), and think before acting on seemingly random requests via email or phone.

Whaling

The term "whaling" is used to describe phishing attacks (usually spear phishing) directed specifically at executive officers or other high-profile targets within a business, government, or other organization.

Be wary of emails asking for confidential information.

Legitimate organizations will never request sensitive information via email. Never submit confidential information via forms embedded within email messages.

Watch out for generic-looking requests for information.

Fraudulent emails are often not personalized, while authentic emails from your bank often reference an account you have with them.

Do not click on links within an email message that looks suspicious.

Phishing emails usually contain a link to a web page that looks similar to the login page for a service.  Once you try to log in with your username and password, the spammers have your credentials and start using them it to phish information from others.

Is that web site legitimate?

Don't be fooled by a site that looks real. It's easy for phishers to create web sites that look like the genuine sites, complete with the logos and other graphics of a trusted web site.

If you're at all unsure about a web site, do not log in. The safest thing to do is to close and then reopen your browser, and then type the URL into your browser's Address bar. Typing the correct URL is the best way to be sure you're not redirected to a spoofed site.

Learn to analyze a web address.

Just because the address looks OK, don't assume you're on a legitimate site. Look in your browser's Address bar for these signs that you may be on a phishing site.

Often the web address of a phishing site looks correct, but actually contains a common misspelling of the company name or a character or symbol before or after the company name.

Use myHill Quicklinks or your own browser bookmarks (favorites).

Use the myHill QuickLinks to gain safe access to online services that Stonehill College provides to its students, faculty and staff.  Some of the links will provide the legitimate login pages while other services use a single-sign on which will bring you directly to the service without asking for your username or password.

Don’t get pressured into providing sensitive information.

Phishers like to use scare tactics, and may threaten to disable an account or delay services until you update certain information. Be sure to contact the IT Service Desk or the merchant directly to confirm the authenticity of the request. Remember, Stonehill employees, including employees from the Information Technology department, will never ask you for your user ID and password. 

Legitimate messages will not be quarantined.

All legitimate messages from Stonehill College will be delivered to your inbox. Under no circumstances will a Stonehill message ever be caught by the SPAM filter.  If a message that claims to come from Stonehill.edu is caught in the SPAM filter and you see it listed in your Spam Notification email, DO NOT release it to your inbox. Simply delete the Spam Notification message and the phishing attempt will never reach your inbox.

When in doubt, change your password.

If you think your user name and password have been compromised, change your password immediately.  This is extremely important.  Change it even if there is a small chance that the site you just logged into with your Stonehill credentials might be trap!

As a reminder, the safest way to access the password service is to type the address for myHill (myHill.stonehill.edu) into a web browser, log in to myHill, and click on Password Service in the Quicklinks channel.

If you receive a questionable message, contact the IT Service Desk.

If you have any questions or concerns about an email message that looks fake or questionable, PLEASE contact the IT Service Desk at 508-565-4357 (HELP) or email service-desk@stonehill.edu for assistance.

The password change service is a convenient way to change your Stonehill password by answering two security questions.  However, your password can be changed by anyone that can answer these questions.  It is extremely important to pick good questions from a list of many that we provide.

To choose a good question, you will need to find a question that has these traits:

  • Applicable – It should pertain to your life events
  • Definitive –It should have only one correct answer that does not change

Your answer to each question should be:

  • Memorable – It should be easy for you to remember the answer
  • Secure – It should be difficult to guess or find on Facebook or through research by others, and it should be long enough to act as a pass-phrase

When choosing an answer, keep these in mind:

  • You can use letters, numbers, special characters and spaces
  • Your answer must be between  5-32 characters long
  • Your answer is NOT case sensitive

For your security, there is a limit on the number of unsuccessful attempts in case someone is trying to change your password.   After 5 unsuccessful tries, your account will be blocked from using the service for 6 hours. You must visit the IT Service Desk with your Hill Card or another valid form of identification to gain access to the service before the 6 hours is up.

 

Report compromises immediately: If you suspect your account or password has been compromised, report the incident to the IT Service Desk at 508-565-HELP and change your password immediately using the Password Change Service.

What is Spirion (formerly Identity Finder)? 

Spirion is software currently licensed at Stonehill College to facilitate the discovery and remediation of Personal Identifiable Information (also known as PII) across Faculty and Staff Stonehill-issued machines. The software searches for Stonehill Banner IDs, social security, credit card, bank account, and driver’s license numbers contained within areas of the system including files, folders, and email clients. Once the scan is completed, the user has the ability to securely delete the file, encrypt the file, or redact the particular fields. 

How often is my computer searched, and what happens if it skips a scheduled scan? 

By default, Spirion will scan silently every week on Friday afternoons. In the event that a computer is powered off before a scheduled scan completes, or a skips a scan, Spirion has been configured to start a system scan the next time it is turned on.  

How long will the scan take? 

The duration of the scan time is a direct result of the amount of data stored on the system as well as the speed of the computer itself. Systems with small amounts of data will complete faster than systems that store large data sets. The first scan you perform on a system with Spirion will always be the longest, however Spirion has been configured to use less of your computer’s system resources so that it doesn’t impact your work. While this may slightly increase scan times, chances are you won’t notice a difference.