Frequently Asked Question
Having an insecure password, clicking on an unknown email attachment or not installing updates could make it possible for someone to:
- Read all your email or instant messages
- Read or change anything on your computer
- Read or change anything accessed from your computer
- Turn on your computer’s microphone and listen in on conversations
- Use your computer for cyber crime (for which you may be blamed)
City computers are scanned constantly from around the world by people looking for computers whose operators have made these mistakes.
The city network is scanned approximately 4,500 times a day by individuals outside of the city network. This averages to be about 5-6 scans on every computer on the network every day. This amount of scanning is comparable to a burglar checking your door 5-6 times a day trying to break-in. The security of your account and computer is largely dependent on how your co-workers use their computer and accounts.
Why is it important to have a secure password?
The city relies on highly secure computing systems for everyday work. This includes sending and receiving email, sharing documents and files with co-workers and many more critical activities. Having a secure password not only allows you to be safe when computing at the city but also keeps your account from being used for illegal activities without your knowledge.
What if the material on my account is not confidential?
You may not consider your email or work activities confidential. However, many security breaches can involve deletion or corruption of data, mass email containing potentially questionable material) sent from the account and the attempted use of the account for illegal break-ins on other systems or accounts. When a single account is compromised on a system, it increases the potential to have all accounts on the system compromised. Since you are responsible for your account and password you may be considered responsible for illegal break-in attempts to other accounts.
Why do my passwords expire?
To ensure the security of mission critical services at the university we have implemented password expiration. Before expiration, emails are sent out at least one week in advance as a warning. When a password expires, you are notified during login to obtain a new password. This was primarily done to make password “cracking,” or guessing, more difficult, but it was also done to comply with independent state auditors on their recommendation to expire passwords.
What if I have to write down my password?
It might seem like writing down a password, due to the complex security rules and password expiration, defeats the purpose of the security measures. This is a “post-it note” myth. It is better to have a secure password that may be a little more difficult to remember than an easy to guess password. Almost 100% of break-in attempts are executed through the computer network and not by physical access to a computer in a locked room.
What can I do to make my computer safer?
- Use secure passwords for all of your accounts.
- Install Antivirus software and keep it up to date. Visit our AntiVirus software page to learn more.
- Install personal firewall software. Personal firewall software stops attempts from outside computers to connect to services on your machine (that you may not know you are running). Windows has a built in firewall that we recommend you enable.
- Do not click on unknown email attachments
- Keep your operating system up-to-date. Visit your vendor’s update sites often to check for security patches or allow applications to check for updates.