Creighton University

If all of this computer security stuff seems scary and technical... that's because it is! Computer security should not be treated lightly unless you are willing to lose the contents of your computer, have your personal financial information stolen, and greatly inconvenience others.

In the days of standalone computers, reckless or unauthorized use of a computer generally impacted a single computer. With our computers interconnected and our resources shared, we have become dependent upon one another. One clicked attachment, downloaded file, or outdated browser can quickly result in a compromise of that computer. One compromised computer can quickly lead to several compromised computers across campus.

Your security is dependent upon your neighbors' security and their security upon yours.

The only person ultimately in control of each of the 8000 desktop computers on this campus is the person in front of the keyboard. That person has the freedom to run any programs they want and communicate with anyone around the world. As long as we want to continue to have relatively open computing and communications choices, each one of us must do his or her part to help ensure the integrity of our network by operating our computers safely. By following these simple steps you will greatly increase the security of your computer and therefore the security of Creighton overall.

1. Select hard to guess passwords and keep them private. -- Passwords are a critical information security component.  Passwords are used to authenticate, or validate, that the person using your logon-ID is really you.  However, passwords are also one of the most common targets of people trying to access information without authorization.  To ensure the security of your data, the data of others, and Creighton's reputation, you should use strong passwords.  For guidance or specific methods for creating hard to guess, easy to remember (strong) password please find the Secure IT brochure entitled "Creating Strong Passwords".
2. Run Anti-Virus software and have it update automatically. -- Creighton provides all faculty, staff and students Symantec Anti-Virus software free of charge.  As an added bonus, Creighton bought the right to allow faculty and staff to use Symantec Anti-Virus software on their home computer as well.  Anti-Virus software is only effective if the definition files are kept current, when you download Symantec Anti-Virus from Creighton and install on an 'on campus' computer, the software automatically checks for new updates every 20 minutes.  The software downloaded for home use will update once a day.  To check that your definition files are current double click the yellow shield icon in the task bar.  If you have questions about viruses or downloading and installing Creighton's Anti-Virus software you can call the Creighton Service Desk at 280-1111 or the Information Security Office at 280-2386 or infosec@creighton.edu.
3. Set your computer to install OS patches automatically. -- When software vulnerabilities are discovered it is only a short time before hackers begin creating exploits to take advantage of the vulnerabilities.  Exploits can take to shape of viruses or other malicious code to steal information or allow access to your computer.  Therefore it is very important to install security patches as soon as they are available.  Most vendors allow users to automatically install new patches as soon as they are available without user intervention.  To determine if your computer is configured to install security patches automatically call the Creighton Service Desk at 280-1111.
4. Be aware of how to report a known or suspected security incident. -- The Information Security Office does not always know what is happening on campus or with your computer.  It is important that all users report known or suspected security incidences as soon as they are realized.  Security Incidents may take the form of unauthorized access to systems or data, a virus, abnormal slowness or malfunction of computers, suspicion individuals, lost or stolen hardware, etc.  When the Information Security Office is aware of a security incident we may be able to stop the incident in progress, protect others from similar incidents, or recover or mitigate damages from lost or stolen hardware.  To report a suspected or known security incident you can contact the Creighton Service Desk at 280-1111 or the Information Security Office at 280-2386 or infosec@creighton.edu.
5. Exercise caution when opening email attachments. -- Email attachments are still a common means of spreading viruses.  Use extreme caution when opening email attachments, especially if sent from unknown parties.  Even attachments from co-workers, family, and friends may contain malicious software so if the attachment looks odd or does not seem appropriate you should not open it or call the sender and ask about the attachment.
6. Use a password protected screen saver. -- When you walk away from your computer you should lock it by simply pressing the windows key+L.  However, if you run out of your office and forget to lock your computer a password protected screen saver may be your only savior.  Password protected screen savers activate after a predetermined time of inactivity and function as if the computer were locked.  The predetermined time of inactivity should be determined based on the sensitivity of the records on the computer or the sensitivity of the data that is able to be access using your ID.  For computers with access to very sensative data (i.e. grades, addresses, salary information, SSNs, credit card numbers, patient data, etc.) the inactivity time may be as short as a few minutes.  Remember we are commonly entrusted to safeguard the personal information of others, we cannot take this responsibility lightly.
7. Never trust files downloaded from untrustworthy sites. -- Files downloaded from untrustworthy sites may very well contain malicious code that will infect your computer with a virus, install adware or spyware, or open your computer to an intruder.  Untrustworthy sites are those that you don't know the owner or trust the integrity of the owner.  You should only download files from known vendors or Creighton websites.
8. Be cautious about file sharing programs such as BitTorrent. -- File sharing software like BitTorrent, morpheus, eDonkey, Blubster, etc. are examples of untrustworthy sites.  The files you are downloading are coming from computers and users across the world, places you don't know or cannot verify.  Often the files you download may contain 'extra' malicious payload with the sole intent of infecting your computer, destroying files, or opening your computer to invaders.
9. Protect the confidentiality of your and others' personal data. -- The University uses a large amount of personal data when admitting students, administering alumni, treating patients, etc.  Individuals provide this information based on the trust and reputation of Creighton.  It is the responsibility of all Creighton constituents to protect the privacy of any confidential information you come into contact which while working, teaching, or attending classes at Creighton.  We each play a role in maintaining the trust and reputation of Creighton.
10. Backup important files. -- Availability is a key cornerstone of information security, making a file unavailable is just as damaging as unauthorized alterations.  To ensure important files are always available when needed make sure you have a current backup of your files.  Consult your PC support personnel if you are uncertain as to whether your files are being backed up.  When backing up files make sure you do not inadvertantly create new security vulnerabilities by leaving backup disks laying around.  Backups of confidential information should be protected as diligently as live data.
11. Protect your computer with a firewall. -- One of the single best proactive security steps you can take to protect your computer and the data on it is to run a firewall.  Most systems that are running Windows XP operating system should have the Windows firewall running by default.  To deterine if your Windows firewall is on you can call the DoIT service desk at 402-280-1111 or contact your local PC support contact.  The service desk or support contact can assist you with firewalls for other operating systems as well.
12. If you have a laptop, keep it from getting stolen.-- Stolen laptops are the number one way Universities and other business lose customer data.  Never leave your laptop in your car in plain sight.  Never leave your laptop unattended.  Never leave customer or other confidential information on your laptop unprotected.  If you must maintain confidential information on your laptop you should employ some form of strong encrytion.  Creighton is working on a University standard for laptop encryption so watch this site for more information.