Beware of any e-mail purporting to be from Information Technology Services asking for your MHU password. Any such e-mail is “phishing”: an attempt to steal personal information. In the event ITS staff needs your password we will clearly identify ourselves. Remember, your password is your secret. If anyone else has your username and password they are “YOU” as far as the network is concerned.
Never respond to e-mails asking for your MHU password or other personal information, such as bank account or social security numbers. Instead, please forward such phishing attempts to helpdesk.edu, and then delete the email.
Please protect yourself:
- Before clicking a link or opening an attachment in an unsolicited email, take time to carefully evaluate the message.
- If you disclosed your MHU password in response to a phishing email, change your password immediately.
- Never disclose your password to anyone.
- Do not use your MHU password for any service outside the University.
E-mail and viruses
MHU uses constantly updated filters that eliminate most viruses. But newly hatched viruses sometimes slip through our system, so it’s important to follow some important rules:
- Be wary, as always, of any e-mails with attachments, especially those you aren’t expecting. This includes e-mails from people you know, since many viruses can “spoof” the sender’s e-mail address.
- Be particularly suspicious of e-mail attachments with file extensions such as “.exe” and “.scr”
- When you receive an e-mail attachment you are not expecting, delete it without opening the attachment.
- Report spam (unwanted e-mail) to the ITS Department.
Students should be sure they have installed anti-virus software, and that the most current virus definitions have been added. Anti-virus software is automatically installed and configured on University-owned computers in labs, offices and other settings. If you suspect that your computer is infected with a virus, contact the ITS Helpdesk (call x1444 or email email@example.com).
Spyware (also known as Adware) can also hinder the proper functioning of your computer. It can also be used to sell your personal information without your knowledge. Here are some rules of thumb to help avoid infection:
- Web browsing. Don’t install software when prompted “Install and run this:………..”
- If a website demands that you install a plugin, click no. Most sites will work without installed plugins. If it does require the plugin, judge how reputable the source is before installing. For instance, Adobe Acrobat and Macromedia Flash are both acceptable programs to install.
- Close pop-ups and if prompted with choices, never click “Yes” or “Okay.”
Select a hard-to-guess password, and don’t share it with anyone, including those who purport to represent MHU (see Phishing section, above). MHU network passwords must meet the following requirements. These requirements are enforced when passwords are changed or created:
- May not contain the user’s account name or parts of the user’s full name that exceed two consecutive characters
- Be at least eight characters in length
- Contain characters from three of the following four categories:
- Upper case characters (A through Z)
- Lowercase characters (a through z)
- Numbers (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
You can use mnemonics to create a password that meets those requirements, and is still easy to remember. Try song lyrics, rhymes or common expressions and substituting special characters for letters.
If your password becomes known to anyone, change it immediately. Your MHU network password should be different from any other password you use.
If you follow the guidelines on this page, you’ll help to avoid identity theft. This resource from the Federal Trade commission explains identity theft, and what to do if your identity is stolen:
Firewall policy, inbound network traffic
ITS operates a “default deny” inbound perimeter firewall as the first level of defense against security threats to the University’s network and IT resources. Outbound traffic is “default allow.” This means inbound computer traffic from off-campus is blocked – unless the communication originated from a computer on campus or unless there is an exception to allow the traffic.
If you have an academic or work-related reason for un-blocking a specific computer port, please request an exception by contacting the ITS Helpdesk (call x1444 or email firstname.lastname@example.org).
Other resources on safe computing
- Snopes.com– Just search the issue you are unsure about. Snopes helps clarify scams from myths.
- Hoax-Slayer.com– Similar to Snopes, Hoax-Slayer discusses email scams, media hoaxes, and internet scams
- Apple Security Support– Most college students have Mac computers but forget to properly use security measures
- Microsoft Security Support– Microsoft users can find appropriate aid for their given systems here