Guide to Safe Computing

There are many different ways that bad actors try to gain access to steal information, but you can take proactive steps to protect yourself, your information, and your property.

1. Deceptive links and sites: A common tactic used by bad actors to steal information is to provide someone with a link that appears legitimate but contains subtle differences. Trying to get someone to go to “Framingham.com” instead of “Framingham.edu” is an example.  On quick glance it looks legitimate, but on further inspection, it is not. 
   1. http vs https: Most (but not all) websites now connect using the “https” secure URL prefix. While there are still some legitimate sites that use the old “http” in their URL, this prefix has become less common. Treat sites beginning with “http” with a moderate level of skepticism.
   2. Certificates: Legitimate sites will have what they call a “security certificate." These certificates are software components that verify the legitimacy of a website, typically through validation by a trusted third party. Modern browsers will typically issue warnings for invalid certificates, either by changing the URL to red or displaying an error message. Unknown sites with untrusted or expired certificates should be avoided.
   3. Disguised links: Links within emails are often hyperlinked to basic text in the message. Something similar to click here. Always hover over these links before you click on them, as they may lead to illegitimate sites — sites that aren’t what they are advertised to be.
2. Device Safety: When on campus or traveling, you should be mindful of what your devices are connecting to, the devices attempting to connect to them, and the software installed on them.
   1. Public Wi-Fi: While convenient, be cautious when connecting to public Wi-Fi networks. These networks are often open and expose information to others in the area. You should avoid public networks if possible, and if you need to connect to one, never log into university resources or other sensitive accounts without the use of security software, (such as the university’s VPN software.)
   2. Software installations and updates: Do not install any software that you are uncertain about its source. For any software or app installation, it’s important to be aware of its publishers and distributors. When installing an app on your phone, always verify the publisher, and ensure that the app has been validated by the store from which you are installing it. This is often shown by a blue checkmark or similar image. For example, there might be two applications, one called Zoom from the zoom.us publisher and is validated by Google Play, and another called Zoom! by an unknown publisher.  While it sounds similar, the “Zoom!” application could be malicious. Google, Microsoft and Apple do their best to moderate their app stores, but these types of applications fall through the cracks every now and again.
   3. Spyware and Antivirus: Ensure your system has some form of antivirus software, which could be as simple as having Windows Defender installed. Always keep these tools up-to-date. Currently, on university-issued equipment, updates are done automatically.