Maintain a healthy skepticism about electronic identity. E-mail and newsgroup messages can be easily forged, and you cannot always trust a website’s identity. If it is important that you know with whom you are dealing, verify their identity independently.
Be careful what you say in e-mail. Don’t discuss confidential matters. Think of e-mail as a postcard that anyone can read. For information about technical solutions to the problems of e-mail security, contact the University Information Security Officer.
Limit the amount of personal information you share. There could be hundreds of thousands of people reading your postings to e-mail lists and newsgroups site. Some services archive newsgroup messages indefinitely, providing key-word search capabilities to find anything that anyone ever posted on a public news group site.
Also consider how much personal information you include in your e-mail signature file. Is your home phone number or address really necessary?
Be careful with commercial transactions over the Web. If you are buying goods or services, use common sense. Make sure you know with whom you are dealing. Verify their identity independently (e.g., check directory assistance to see if a business/individual exists).
Consider transacting business by phone, mail or in person if it’s just as easy. Be careful of paying for something sight unseen, and be careful about sending your credit card information over the Net. Never go to look at merchandise in a private location alone; rather, take a friend, or better yet, arrange with the seller to meet in a public place.
Be alert for scams that can jeopardize the security of your system or the network. Never give out confidential information in response to e-mail or a phone call (e.g., someone purporting to be your system administrator asks you for your password, or gives you a new value to change it to). Be wary of unsolicited technical advice – never follow a stranger’s instructions to type something into your computer unless you understand the impact of what you are typing.
Avoid pyramid schemes. A pyramid scheme is a chain letter in which recipients are asked to send cash or something of value through the mail to early senders of the letter. Pyramid schemes are illegal even if the solicitation is sent via e-mail or posted to a newsgroup.
Use good judgment. Do not expose yourself to legal liability by defaming a person or organization with false and damaging information. Be careful about disclosing information that might violate someone’s right to privacy.
Guard your password. Don’t share it with anyone. Once you have shared it, you no longer have any control over how your account is used. Don’t write your password down or include it in a logon script.
Protect your networked computer. Make sure you understand your computer’s security mechanisms so you don’t leave it and your data unprotected. Macintosh and Windows users should be sure they understand file-sharing options so they don’t mistakenly share private information with everyone on the Net.
Back up your data. Make regular backups and store backup media in a separate location. If you need any help related to information security, e-mail the University Information Security Office at firstname.lastname@example.org. Contact University Police at (215) 898-7297 to file a criminal report of e-mail harassment, scams or forgery of your name over the Internet. For more information about information security, check Penn’s Information Security and Privacy homepage at www.upenn.edu/computing/security-privacy.
For additional useful Cyber Security Tips please go to the US Computer Emergency Readiness Team’s website at www.us-cert.gov/cas/tips, and for updates about the latest email and web scams visit the Internet Crime Complaints Center at www.ic3.gov/media