Fitchburg State University - Information Security

Fitchburg State University - Information Security The Fitchburg State University's Information Security Office provides guides, tip, and tricks to help students keep their personal information secure.


Don't download files from unknown sources.

Not all web sites are safe. Always ensure that the source you are downloading from is legitimate. Use extreme caution if you are referred to a site by an email message. If you're uncertain, don't download.


Think twice before posting pictures of yourself or your family and friends!!

Photographs often contain information that could be used to identify you or the places you visit frequently. Never post unflattering or embarrassing pictures (no matter how funny) that could come back to haunt you. Carefully examine photos for identifying information such as the name of your school, the name of a sports team or organization you belong to, the address of the place you work or your favorite social hangout. Do not give out the full name of a child in your captions. One mother was very concerned to see her son's wrestling picture online with his full name. Pictures can also be copied or altered and used on other websites in ways that might be detrimental to your reputation.


Don't Trust Links Sent in Email Messages

A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.


Due to the recent breach at the University of Maryland the Information Security Office would like to take this time to talk about how to reduce your chances of Identity Theft.

Only carry items you need when going out. Do not take your Social Security Card.

Beware of emails asking you to provide personal information.

Do not open emails from people you do not know.

Keep your passwords to yourself.

Check your credit report once a year.

To check your credit report for free once a year you can visit

For more information of keeping your identity safe you can visit

Keep it off the floor!No matter where you are in public - at a conference, a coffee shop, or a registration desk - avoid...
Laptop Security | OnGuard Online

Keep it off the floor!
No matter where you are in public - at a conference, a coffee shop, or a registration desk - avoid putting your laptop on the floor. If you must put it down, place it between your feet or at least up against your leg, so that you're aware of it.
Visit for more information.

Steps you can take to prevent a thief from snatching your laptop – and all the valuable information stored on it


Treat your laptop like you want to keep it!Here are some things you can do to keep track of your laptop:

Treat it like cash.
Get it out of the car...don't ever leave it behind.
Keep it locked...use a security cable.
Keep it off the floor...or at least between your feet.
Keep passwords separate...not near the laptop or case.
Don't leave it "for just a sec" matter where you are.


10 Scams to Screen from Your Email:

The "Nigerian" Email Scam
Work-at-Home Scams
Fake software updates
Foreign Lotteries
Sexual Enhancement products
Check Overpayment Scams
Pay-in-Advance Credit Offers
Debt Relief
IRS refunds


Don't let spyware control your computer use
Lower your risk by taking the following steps:

Update your operating system and Web browser software, and set your browser security high enough to detect unauthorized downloads.

Use anti-virus and anti-spyware software, as well as a two-way firewall, and update them all regularly.

Download free software only from sites you know and trust. Enticing free software downloads frequently contain other software, including spyware.

Don't click on links in pop-ups.

Don't click on links in spam or pop-ups that claim to offer anti-spyware software


If your personal information is stolen, four steps to take!

It's important to protect your personal information, and to take certain steps quickly to minimize the potential damage from identity theft if your information is accidentally disclosed or deliberately stolen:

Place a "Fraud Alert" on your credit reports, and review those reports carefully. Notifying one of the three nationwide consumer reporting companies is sufficient.

Contact your bank or other financial institution(s) and close any accounts that have been tampered with or established fraudulently.

File a police report with local law enforcement officials. This is an essential step for protecting your rights.

Report your theft to the Federal Trade Commission, online, by phone, or by mail


Don't fall for phishing schemes!

Could you tell if an email message requesting personal information was legitimate? In most cases you can trust your instincts (if an email message looks suspicious, it probably is). However there are some messages that look like the real thing but aren't. If an email message contains any of the following phrases, there's a good chance it could be a phishing scheme.

We need to verify your account information.

If you don't respond immediately, your account will be cancelled.

Click the link below to update your information.


Don't pass on chain messages or send warnings to everyone you know

Chain messages are a burden on mail systems and to the vast majority of the people who receive them. Just don't pass them on — it is as simple as that. You may get messages from friends, warning you about a new virus, health scare, charity appeal or con trick. These are very likely to be hoaxes or just plain wrong. Be very suspicious of messages that ask you to pass them to "everyone you know". That leads to an endless chain of forwarded messages that go on long past any real or imagined threat. If it is really convincing, pass it to your IT section or helpdesk for them to consider.


Don't buy anything from a spammer!

If an unexpected email brings you news that seems too good to be true, it is probably a spam and a scam. If you didn't request information about the product or service, it is probably a spam and a scam. If it promises to enhance parts of your body, it won't. If it promises you an easy mortgage, you can do better by visiting your bank. If it promises that you can make a fortune on a penny stock, you can't. If you are unsure, ask five friends. Chances are four of them also received the spam and you can know to steer clear.


Don't be duped by Internet Fraud!

We all get offers that seem too good to be true. Whether they come by email or appear on web sites, they are often clever schemes designed to dupe the gullible. Don't be tricked by Internet Fraud.


Wireless Hotspots...limit activity to web surfing only!!!

A hotspot is an open wireless network that is available (open) to everyone. An example would be the wireless network at your favorite coffee shop. These networks hook computers into the public Internet — handy but dangerous. Because wireless hotspots are for open use, they don't provide much protection for your data. When using a wireless hotspot try to limit activity to web surfing only. You should also disable peer-to-peer networking, file sharing, and remote access. Always use a good personal firewall and of course make sure all your software including your operating system (like Windows) is up to date and patched. You should never use hotspots for online banking, bill paying, or for making purchases that require you to give out confidential information such as a credit card number.


Keep your password secret:

Your password is like your bank account PIN - if you give your PIN to someone else, your bank is unlikely to pay you back if it is used to steal from your account. If you share your password, you may be held responsible for what other people do with it.


Place a fraud alert to protect against identity theft:

By the time I placed a fraud alert on my credit information, almost two weeks had passed since my wallet was stolen. By then, all the damage had been done.

If your wallet or credit card is stolen, call the three national credit reporting organizations immediately to place a fraud alert on your name and Social Security number. The alert means any company that checks your credit has to contact you to authorize new credit.

Here are numbers you always need to contact if your wallet, etc., has been stolen:
Equifax: 1-800-525-6285
Experian (formerly TRW): 1-888-397-3742
Trans Union: 1-800-680-7289
Social Security Administration (fraud line): 1-800-269-0271
You can get a free credit report once a year from each of the three credit reporting agencies. They have set up a web site for this:


Don't Trust Links Sent in Email Messages:

A common fraud, called "phishing", sends messages that appear to be from a bank, shop or auction, giving a link to a fake website and asking you to follow that link and confirm your account details. The fraudsters then use your account details to buy stuff or transfer money out of the account. These fake sites can be hard to spot, so no reputable organization will send a message requesting your confidential information.


Change your password on a schedule!!

Passwords are like bubble gum; they are better when fresh. The longer and more complex your password is, the harder it is to crack, and the less often you'll need to change it. If you use an 8-character password, you should change it about every six months. Remember: Never use a password with less than 8 characters. If you use a 9-character password and follow the rules about uppercase and lowercase letters, numbers, and symbols, it will stay fresh for a whole year. If you can't remember the last time you changed your password, it's time to change it.


Choose a password that's hard to crack!

When choosing a password, try to make it by writing a sentence that you can easily remember. For example: "Los Angeles Lakers will win the NBA tournament this year". Then pick up the first letters of each word and also add at the beginning or at the end (or at both parts) some special characters and numbers. For example, with the last sentence you could get the password: =3LALwwtNtty$. This method lets you come up with easy-to-remember passwords that are also hard to crack. And you avoid the need to write such a long password down in order to remember it.


Limit the amount of personal information you post about yourself, your friends, and your family!!

As a general rule, don't post anything you wouldn't want the world to see or know about. Think of social networking sites like Facebook as giant billboards. The good guys (teachers, law enforcement officials, future employers, family members) and the bad guys (predators, stalkers, and con artists) can all view the information you post. You should also control who can view your information by restricting access to your pages.


Review your credit reports routinely!!

The Fair Credit Reporting Act (FCRA) requires each of the nationwide consumer reporting companies — Equifax, Experian, and TransUnion — to provide you with a free copy of your credit report, at your request, once every 12 months. Take advantage of these free reports, and verify the information that they contain.

A good way to regularly check your credit score is to check one of the consumer reporting companies every four months.

For Example - January 1st: Equifax
May 1st: - Experian
September 1st: TransUnion


Use variations on a strong "core" password!!

It's tough to remember a series of strong passwords and use a different one for each online system or site you access. The temptation is to use the same password for several or all systems and sites. That's a bad idea -- if a Bad Guy gets a hold of your password, he'll have the key that fits all of your doors.

Instead, create a strong "core" password and then unique variations on it for each online system or site system you use. Here's a strong password: 5P0ky!3Z. It contains 8 characters, a mixture of uppercase and lowercase letters, at least one number and one non-alphanumeric character or symbol, and no personally identifiable information.

By adding a character or two at the beginning or the end, you can have many variations to use for each system or site -- effectively creating a new strong password for each one. Remember to change your "core" password and its variations on a regular basis.


Avoid opening email attachments:

If you MUST open an attachment received in an email, make sure the email was sent from a known source. Read the accompanying email text to make sure it really sounds like it came from the apparent sender — check for a signature and other recognized patterns.


Never respond to an email asking for personal information.

Companies you do business with should never ask for account information, credit card numbers or PIN information in an email message.

If you have any questions about an email you receive that supposedly comes from your financial institution, call the local branch office. Do NOT respond to the email.


See just how "Security Aware" you really are.

Do you believe you're a little more Security Aware? Can you identify the threats that exist in your environment and the steps you should take to avoid them? Take the following quizzes and find out.



Identity Theft

Social Networking


Four Tips to Help Keep Your Computer Secure

Anti-virus. A reliable, effective anti-virus program with the latest updates. Both licensed and free anti-virus software are available. Whichever you use, make sure it scans incoming and outgoing emails for malware.

Anti-spyware. Reliable effective anti-spyware is a must for securing your computer. Both licensed and free anti-virus software, such as Windows Defender, are available.

Two-way Personal Firewall. Two-way personal firewall software monitors network traffic to and from your computer and helps block malicious communications.

Anti-Keylogger software. Anti-Keylogger software products, like AntiLogger and Keyscrambler Personal, help prevent what you type on your computer, especially sensitive information such as the usernames, passwords, and financial information you use in making online transactions, from being hijacked by Bad Guys.


If you are a victim of identity theft, report it immediately.

Here are some things you should do.

1) Contact the three major credit bureaus and have them place a fraud alert on your credit report.

2) If a credit card was involved, contact the credit card company and close the account.

3) Contact your local law enforcement agency and file a report.

4) File a complaint with the Federal Trade Commission.

5) Document all conversations so you know whom you spoke to and when.


Recycle electronic equipment!

Before you get rid of electronics, be sure you have important files and then clear them of all data. Then look for places to donate or recycle. Most states have banned computers and components from landfills. To find recycling programs in your area, surf to your favorite search engine and type "computer recycling." You'll get a list of nonprofit groups, individuals, and academic institutions.

Can you hear me now? Do NOT trust your cell phone Bluetooth earpieceMany cell phone Bluetooth hands-free earpieces have ...
Eavesdropping on Bluetooth Headsets

Can you hear me now? Do NOT trust your cell phone Bluetooth earpiece

Many cell phone Bluetooth hands-free earpieces have a default pin of 0000. A hacker with a Bluetooth antenna can connect to your earpiece and eavesdrop on everything that you are saying. In fact, they can even transmit to it. Think that's unlikely? Check out the YouTube video at:

Few users realize that Bluetooth headsets can be exploited granting a remote attacker the ability to record and inject audio through the headset while the de...


Congratulations to the winners of the first Information Security Awareness Survey!!.


No free lunch!

A new round of bogus pop-ups offers to scan your computer for infections and vulnerabilities for free. Do not take the bait! By allowing this kind of scan, you may be giving Bad Guys access to your personal information.


Be careful with cybercafe computers:

Cybercafe's offer a convenient way to use a networked computer when you are away from home or office. But be careful. It's impossible for an ordinary user to tell what the state of their security might be. Since anyone can use them for anything, they have probably been exposed to viruses, worms, Trojans, keyloggers, and other nasty malware. Should you use them at all? They're okay for casual web browsing, but they're NOT okay for connecting to your email, which may contain personal information; to any secure system, like the network or server at your office, bank or credit union; or for shopping online.


Get it out of the car!:

Don't leave your laptop in the car - not on the seat, not in the trunk. Parked cars are a favorite target of laptop thieves; don't help them by leaving your laptop unattended. If you must leave your laptop behind, keep it out of sight.


160 Pearl St
Fitchburg, MA

Opening Hours

Monday 08:00 - 17:00
Tuesday 08:00 - 17:00
Wednesday 08:00 - 17:00
Thursday 08:00 - 17:00
Friday 08:00 - 17:00


(978) 665-4500


Be the first to know and let us send you an email when Fitchburg State University - Information Security posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The University

Send a message to Fitchburg State University - Information Security: