cgxchange.org users

     

Need Support?

     

Announcements

Subscribe to posts

Tips on creating a complex but easy to remember password and more!

posted Oct 6, 2009 7:40 AM by Tania Jordan ‎(CGIAR)‎

courtesy of ILRI/World Agroforestry center.

Facts
CGIAR Centers understand and promote the importance of information and knowledge sharing in today’s environment. 

However, for sensitive information and research information not yet released to the public, the security of information and the restriction of this information from unauthorized users is important. 

Network user identification and authentication via unique identifier (ID) and sound password choice offer the front line of protection for user accounts. 

In this light therefore the ICT unit has implemented the appropriate security policies to better manage these passwords in an effort to uphold the above.

Tips on Creating  A complex but easy to remember password

You could use
  • A phrase rather than a word that you can then modify each quarter to create a new password. 
  • A sequence of keys on the keyboard that they can alter the sequence slightly each quarter.
  • You could be taking the first or last3 or 4 letters (not the full name) of things they can remember well (places lived, friends name and add a sequence of numbers of special characters to make it more complex) e.g. Nair#'@bi

Passwords Management Best Practices
  • You should maintain the secrecy of any personal CGIAR access passwords.
  • Passwords and user IDs should not be shared with other users unless required for critical business, legal or emergency purposes. In such cases, responsibility for any misuse should remain with the owner of the user ID.
  • First, always lock the computer when leaving your desk unattended. To activate this function press (Ctrl-Alt-Delete) and click on the "Lock Computer" button. You will then have to enter your password to unlock the computer when you return.
  • Do not let anyone else know or use your password; this is a violation of the policy. 
  • For optimum security, don't write your password down. If you must write it down, keep it somewhere private such as in a locked drawer or in your wallet. Don’t post it on your computer or anywhere around your desk. Don’t include the name of the system or the associated User ID with the password.
  • If you suspect that someone else may know your current password, change your password immediately.
  • Don't type your password while anyone is watching.

Getting Familiar with MS Office 2007 files

posted Jul 29, 2009 1:43 AM by Tania Jordan ‎(CGIAR)‎

Courtesy of Bioversity International:

"Some of you already ran into files that are suddenly unreadable with MS Office 2003 (or earlier versions):
a dialog box alerts that the download of a Compatibility Pack is required because those files have been generated with the latest version of MS Office.
Be informed that the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats can be downloaded from:

By installing the Compatibility Pack on Microsoft Office 2000, Office XP, or Office 2003, you will be able to open, edit, and save files using the file formats new to Word, Excel, and PowerPoint 2007"

Is our bandwidth sufficient to do networked science?

posted May 19, 2009 4:09 AM by Tania Jordan ‎(CGIAR)‎

ICT Tip - All about Phishing, Identity Theft or E-Mail Scams

posted Apr 22, 2009 5:25 AM by Tania Jordan ‎(CGIAR)‎   [ updated Aug 10, 2009 6:57 AM ]

Courtesy of ILRI/ICRAF's ICT Helpdesk

What is it?

Phishing (fish´ing) (n.)  is the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information.

What does a phishing scam look like?

Here are a few phrases to look for if you think that an e-mail message is a phishing scam.

"Verify your account."
Businesses should not ask you to send passwords, login names, Social Security numbers, or other personal information through e-mail.

e.g If you receive an e-mail from Microsoft asking you to update your credit card information, do not respond: this phishing scam.

- "If you don't respond within 48 hours, your account will be closed."
These messages convey a sense of urgency so that you'll respond immediately without thinking. Phishing e-mail might even claim that your response is required because your account might have been compromised.

- "Dear Valued Customer.

"Phishing e-mail messages are usually sent out in bulk and often do not contain your first or last name.

- "Click the link below to gain access to your account."

HTML-formatted messages can contain links or forms that you can fill out just as you'd fill out a form on a Web site.
The links that you are urged to click may contain all or part of a real company's name and are usually "masked," meaning that the link you see does not take you to that address but somewhere different, usually a phony Web site.

- The "From Field" appears to be from the legitimate company mentioned in the e-mail.

 It is important to note, however, that it is very simple to change the "from" information in any e-mail client. While we're not going to tell you how, rest assured it can be done in a matter of seconds!

- The e-mail will usually contain logos or

images that have been taken from the Web site of the company mentioned in the scam e-mail.

- Additionally, you may spot some of these elements such as:

Logos that are not an exact match to the company's logo, spelling errors, percentage signs followed by numbers or @ signs within the hyperlink, random names or e-mail addresses in the body of the text, or even e-mail headers which have nothing to do with the company mentioned in the e-mail.

Who Is Behind the Phishes & Why?

- The people behind phishing e-mails are scam artists.

- They literally send out millions of these scam e-mails in the hopes that even a few recipients will act on them and provide their personal and financial information. Anyone with an e-mail address is at risk of being phished. Any e-mail address that has been made public on the Internet (posting in forums, newsgroups or on a Web site) is more susceptible to phishing as the e-mail address can be saved by spiders that search the Internet and grab as many e-mail addresses as they can. This is why phishing is profitable for scammers; they can cheaply and easily access millions of valid e-mail addresses to send these scams to.

 How can you avoid being phished?

 

- The golden rule to avoid being phished is to never ever click the links within the text of the e-mail.

- Always delete the e-mail immediately. Once you have deleted the e-mail then empty the trash box in your e-mail client as well. This will prevent "accidental" clicks from happening as well.

- For those truly worried that an account may be in jeopardy if you do not verify your information, you need to open your Web browser program of choice and type the URL to the Web site in the address field of your browser and log on to the Web site as you normally would (without going through the e-mail link as a quick route). This will provide you with accurate information about your account and allow you to completely avoid the possibility of landing on a spoof Web site and giving your information to someone you shouldn't.

What should you do about phishing e-mails should you be a recipient of them?

 

- You can visit the Web site of the company from whom the e-mail appears to be from and take the time to notify them of the suspicious e-mail. Many companies do want to know if their company name is being used to try and scam people, and you'll find scam and spoof reporting links within some of these Web sites.

- You can also report phishing to the Federal Trade Commission (FTC), and depending on where you live, some local authorities may also accept Internet phishing scam reports.

- You can also send details of a phishing scam to the Anti-Phishing Working Group who is building a repository/database of common scams to help inform people of the risks.

The New Phish - Spear Phishing

 

- As with all malicious code, once a small percentage of the population starts to catch on, the perpetrators find ways to make the attack a little different, and this case, make the phish harder to net.

- The newest type of phishing scam is one that focuses on a single user or a department within an organization. The Phish appears to be legitimately addressed from someone within that company, in a position of trust, and request information such as login IDs and passwords.

- Spear phishing scams will often appear to be from a company's own human resources or technical support divisions and may ask employees to update their username and passwords. Once hackers get this data they can gain entry into secured networks. Another type of spear phishing attack will ask users to click on a link, which deploys spyware that can steal data.

1-4 of 4

Sign in|Report Abuse|Print Page|Remove Access|Powered By Google Sites