Ohio State nav bar

IT Security Alert

May 2, 2013

IT Security Alert

Example of a hardware keylogger (sits between CPU and keyboard)

Dear Colleagues,

Recently a hardware keylogger was found on a faculty member’s computer.  Keyloggers have one purpose:  to capture all text entered on the keyboard and make that text available to someone without their knowledge.  Keyloggers are mostly used to capture a person’s login and password information.  Keyloggers can be either hardware devices or software installed on one’s computer.  Hardware keyloggers are small devices (about the size of a small USB drive) that are plugged in between the keyboard and the CPU.  More on Keyloggers can be found here:  http://en.wikipedia.org/wiki/Keystroke_logging.

This incident is a good reminder to all of us to secure and protect our personal and professional data from loss or exposure.  Data loss means you no longer have access to your data – they are simply gone.  Data exposure means your data that were once private have been accessed in a way that could make them visible to the world.  Both data loss and data exposure can result in significant financial, productivity and reputational consequences for you and your unit.  As a college, it is up to all of us to prevent both.  Below is a list of tips and reminders that may help you and your unit compute more securely and protect all of us against the myriad of risks in the modern, online environment.  Please feel free to reach out to your local IT staff if you have specific questions or need assistance.

Thanks,

Diane Dagefoerde
CIO Arts and Sciences

Data Loss/Exposure Causes

Across Arts and Sciences, the most common causes of data loss/exposure we see include: 

  • theft of a laptop, tablet, phone or external drive
  • fire, water, or natural disaster that damages a computer or external drive
  • a hardware malfunction of a computer or external drive that makes its data inaccessible
  • a virus that corrupts the data
  • while browsing the internet your browser encounters “malware” -- malicious code that gets installed on your computer which opens up a “back door” that is used for remote access to your computer and its data (a “hack”)

Other causes of data loss/exposure:

  • a cloud service (e.g. Gmail, Dropbox, BuckeyeBox) or a network drive at OSU on which your data are stored gets hacked
  • accidental deletion of the data without a backup or the ability to undelete
  • someone learns your login/password and accesses your account without your knowledge
  • someone comes into your office, accesses your computer without your knowledge, and either gets at your data, installs a keylogger, or installs a “back door” that will enable them to get into your system remotely

Precautions and Safety Tips

Below are some things you can do to protect your personal and professional data against the top risks.  Additional tips and advice can be found on the Buckeye Secure site, http://ocio.osu.edu/itsecurity/buckeyesecure/.

Theft

  1. Take steps to prevent theft of your computer, laptop, tablet, phone, external drive (most thefts are from cars!)
  2. Password protect and/or encrypt your devices (especially portable devices) to minimize data loss/exposure if your device is stolen
  3. Know how to delete all of your information from your phone or tablet remotely if it is stolen so a stranger won’t get your photos, access to your accounts, etc.

Fire, water, natural disaster, hardware malfunction

  1. Have a backup of your data stored securely either online or on a physical drive in a different building

Virus, malware

  1. Keep your browser version, Java, Adobe Flash and Adobe Acrobat updated
  2. Keep your computer’s operating system updated
  3. Turn on your computer’s anti-malware and firewall

Someone gets your login/password

  1. Don’t share your login/password
  2. Take steps to prevent someone from taking your login/password (via keyloggers, phishing emails, computers in internet cafés, etc.)
  3. Change the compromised passwords as soon as possible.

Someone gets into your office

  1. Make sure your computer requires a password to use it (and that your password isn’t written down near the computer)
  2. Make sure your screensaver requires the password to return to the computer
  3. Log off or “lock” your computer when you walk away to go to class, meetings, etc.
  4. Keep your office door closed and locked when you leave your office – even if you are only away for a few minutes