Beware of any e-mail purporting to be from Information Technology Services asking for your W&L password. Any such e-mail is "phishing": an attempt to steal personal information. ITS staff will never ask you for your password, via email, phone, or any other means. Remember, your password is your secret.
Never respond to e-mails asking for your W&L password or other personal information, such as bank account or social security numbers. Instead, please forward such phishing attempts to email@example.com, and then delete the email.
Please protect yourself:
- Use the 30-second rule: before clicking a link or opening an attachment in an unsolicited email, take time to carefully evaluate the message.
- See analysis of a recent Phish.
- Use the hover technique to identify the destination of a link before you click
- Review this W&L tutorial and quiz on phishing
- If you disclosed your W&L password in response to a phishing email, change your password immediately.
- Never disclose your password to anyone.
- Do not use your W&L password for any service outside the University.
E-mail and viruses
W&L uses constantly updated filters that eliminate most viruses. But newly hatched viruses sometimes slip through our system, so it's important to follow some important rules:
- Be wary, as always, of any e-mails with attachments, especially those you aren't expecting. This includes e-mails from people you know, since many viruses can "spoof" the sender's e-mail address.
- Be particularly suspicious of e-mail attachments with file extensions such as ".exe" and ".scr"
- When you receive an e-mail attachment you are not expecting, delete it without opening the attachment.
- Report spam (unwanted e-mail) to Digitar, a service that screens W&L's incoming e-mail, by forwarding the message to firstname.lastname@example.org
Students should be sure they have installed anti-virus software, and that the most current virus definitions have been added. Anti-virus software is automatically installed and configured on University-owned computers in labs, offices and other settings. If you suspect that your computer is infected with a virus, contact the Information Desk (call x4357 or use Web Help Desk).
Spyware (also known as Adware) can also hinder the proper functioning of your computer. It can also be used to sell your personal information without your knowledge. Here are some rules of thumb to help avoid infection:
- Web browsing. Don't install software when prompted "Install and run this:..........."
- If a website demands that you install a plugin, click no. Most sites will work without installed plugins. If it does require the plugin, judge how reputable the source is before installing. For instance, Adobe Acrobat and Macromedia Flash are both acceptable programs to install.
- Close pop-ups and if prompted with choices, never click "Yes" or "Okay."
Select a hard-to-guess password, and don't share it with anyone, including those who purport to represent W&L (see Phishing section, above). W&L network passwords must meet the following requirements. These requirements are enforced when passwords are changed or created:
- May not contain the user's account name or parts of the user's full name that exceed two consecutive characters
- Be at least eight characters in length
- Contain characters from three of the following four categories:
- Upper case characters (A through Z)
- Lowercase characters (a through z)
- Numbers (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)
You can use mnemonics to create a password that meets those requirements, and is still easy to remember. Try song lyrics, rhymes or common expressions. For instance, the nursery rhyme "Mary had a little lamb, her fleece was white as snow..." with the addition of some additional characters, could yield the password:
If your password becomes known to anyone, change it immediately. Your W&L network password should be different from any other password you use.
If you follow the guidelines on this page, you'll help to avoid identity theft. This resource from the Federal Trade commission explains identity theft, and what to do if your identity is stolen:
Data security on smart phones
Certain types of advanced cell phones, such as Blackberries, iPhones and phones using the Windows Mobile operating system, can be configured to automatically retrieve e-mail and other data from W&L's Exchange (Outlook) server. When the devices are configured in this way, ITS enforces minimum security settings to protect potentially sensitive University data stored on the devices:
- A password must be used to secure access to the phone, at least four characters in length
- After seven failed attempts to enter a password, data on the device is erased
- After a period of inactivity on the device (can vary from 15 minutes to an hour, depending on the device), a password must be re-entered in order to access the device
These settings may function somewhat differently than described here, depending on the device. If you are a W&L faculty or staff member and would like to configure your smart phone to automatically retrieve e-mail and other data from your Exchange/Outlook account, please contact W&L's Telecommunications Manager at email@example.com.
Firewall policy, inbound network traffic
ITS operates a "default deny" inbound perimeter firewall as the first level of defense against security threats to the University's network and IT resources. Outbound traffic is "default allow." This means inbound computer traffic from off-campus is blocked - unless the communication originated from a computer on campus or unless there is an exception to allow the traffic.
Additionally, there are firewalls dividing the interior network into separate zones based on the role of the IT resources within each zone. For example, web servers have distinct and separate roles from database servers.
If you have an academic or work-related reason for un-blocking a specific computer port, please request an exception by completing a Web Help Desk request; go to https://helpdesk.wlu.edu and select request type "Network" then "Incoming Firewall Exception."
W&L security documents
- Information Security Plan
- Computing Resources, Network and Email Use
- See additional policies in Technology section of Code of Policies maintained by Office of General Counsel
Other resources on safe computing
- Snopes.com- Just search the issue you are unsure about. Snopes helps clarify scams from myths.
- Hoax-Slayer.com- Similar to Snopes, Hoax-Slayer discusses email scams, media hoaxes, and internet scams
- Apple Security Support- Most college students have Mac computers but forget to properly use security measures
- Microsoft Security Support- Microsoft users can find appropriate aid for their given systems here