UNH CIS Signals

UNH Cyber Security Year

Petr Brym

December, 2008

Safe ComputingIn October, UNH recognized National Cyber Security month by completing a series of informational programs about laws and policies that require us to protect information, and best practices, tools, and solutions we can use to protect this information.

October is over, but this does not mean that we can lower our guard against would-be hackers, malicious software, E-mail scams, and other threats. Protecting information against unauthorized access and modification is a year-long process. Threats to information on the Internet never sleep, and are active 365x24x7. Many automated threats come from different time zones and global locations. A significant portion of all compromised information is caused by events close to home or the office through error, loss or theft of physical devices, and also by those you may have previously met.

On October 24th, CIS posted an alert about a time-sensitive Microsoft Windows security patch that was released in advance of regularly scheduled updates. While the alert about this particular “out of band” patch was important, the continual discovery of other vulnerabilities is the most important message. As a proactive step, we need to constantly update our operating systems and virus protection.

We also need to look out for new revisions of Phishing attempts, or E-mail messages that are designed to lead you to disclose confidential information to unauthorized persons. It is just as important to remove restricted or sensitive information from portable devices and encrypt it. As recent announcements from regulatory agencies and other authorities indicate, we also must stay informed about evolving laws and changes in requirements to protect information and to detect fraud. The concerns about protecting our information and that of our customers does not stop there. The possibilities of how this information could fall into the wrong hands are nearly unlimited, and protecting it could be a full time job.

Fortunately, you can significantly lower the risks to information through due diligence, employing best practices, and staying informed. You should also follow a deliberate approach that is appropriate and proportional to the threats posed to the information you manage, the value of the information, and the problems that would result if such information was compromised. Please contact it.security@unh.edu if you were unable to participate in the October Cyber Security events and would like to learn more about these topics.