- Cyber Security Tip of the Day
- UKIT Security Policies, Standards & Guidelines
- US-CERT (The US Computer Emergency Readiness Team)
- MS-ISAC - improving state, local, territorial & tribal governments’ cyber security
- The FTC’s Identity Theft Website
- Tailor-able "Get SecureBlue" pamphlet (.pub) - UKIT "Get SecureBlue" pamphlet (.pdf)
UKIT Security Policies, Standards & Guidelines
- Patch Management and Virus Protection Policy
- Security of Smart Phones and Mobile Storage Devices
- Peer-to-Peer File Sharing (and music, movie, software downloading)
Security of Smart Phones and Mobile Storage Devices
Smart phones, USB thumb drives, and cloud computing storage are all very useful tools for accessing email and transferring data between computers; however, these tools can be a liability if they are not managed appropriately.
- Review UK Administrative Regulations and UKIT Standards & Guidelines to ensure you are compliant with University policy and best practices.
- Password Protect It – if you can. Almost all new smart phones support “login passwords”; however, some folks don’t like the hassle of having to type or “swype” in their password before using the phone. If you ever lose your phone, you will be grateful for having setup a password.
- Encrypt It – if you can. Many mobile devices support encryption. Many smart phones support the encryption of both the internal storage and removable storage chips. Such encryption rarely interferes with the device’s/phone’s operation and it will provide you with another layer of assurance if your device/phone is ever misplaced or stolen.
- Remote Wipe – Many mobile devices also support the ability to erase the contents remotely (i.e., delete the contents from somewhere else, like from a laptop computer with Internet access - if the device is ever lost or stolen.) This is another piece of security insurance. Most remote-wipe products require the owner to register well in advance of ever permitting someone to login and order a remote wiping of a smart phone’s memory.
- Anti-Malware – Many mobile devices also permit the installation of anti-virus or anti-malware software (or it may come with such software pre-installed.) Such software may scan applications that you try to install or scan email that you receive on your mobile device – looking for computer viruses, etc.. Read the fine print. Every piece of anti-malware software is different.
- Back It Up – Many mobile devices support the “backing up” or copying of certain data to another location or another device so that, if your device gets stolen or lost or simply quits working properly, you will be able to restore the data but - be careful. Some back-up applications only make a copy of your phone’s address book and others only make copies when you explicitly tell it to do so. Again, read the fine print. It is very prudent to make sure that the important data on your device is being backed up to a reputable location before you need to restore it.
- Buyer Beware – More and more malicious software (aka “malware”) is being embedded in mobile device applications. These applications, applets, or “apps” can often be downloaded from the Internet for free or shared by some other mobile device owner. Advice: After you research the application to learn what it does, what private data it wants/needs to run, how it supported, and how much it costs, research the website or application through which you are downloading the software. The application itself may be great but, if a cyber-crook creates another application that looks the same but contains dangerous or malicious software, you may regret buying or installing the app.
Peer-to-Peer File Sharing (and music, movie, software downloading)
What is file sharing and is it all illegal? File Sharing is the ability to send, receive, access, or share computer files or just about anything that is in a digital format. And, file sharing, per se, is not illegal. Composers, videographers, faculty, writers, and photographers, for example, can share their creations with anyone they want – provided these same composers, videographers, faculty, writers, and photographers own the copyright. Legal problems occur when files, music, movies, videos, software, etc. are shared and the person sharing them doesn’t own “the stuff” and doesn’t have permission from the copyright owner to share the stuff. The same is true for people who receive the stuff – downloading or receiving music, movies, videos, software, etc. without some type of permission, license, or right to do so (like purchasing the song via iTunes) is usually considered to be illegal. At UK, students and faculty can share their work with one another via peer-to-peer file sharing (or any other type of file sharing system) so long as no laws are violated (and academic critiquing is a fair use, see the US Copyright Office. There are many legitimate websites through which music, movies, and software can be downloaded for free although most do charge a nominal amount for the right to play or watch the song, movie, etc. Again, read the fine print to determine your rights. Legal music download sites may be found here.
But what’s all the fuss? Most composers, videographers, photographers, etc. make their living selling and licensing their creative works so illegal file sharing or downloading robs them of their royalties and income. Additionally, sharing and downloading music, movies, software, etc. without the copyright owner’s permission is a violation of US copyright law. As a result, many organizations that are contracted to collect these royalties on the behalf of the artists often file lawsuits to not only stop illegal behavior but to also collect unpaid royalties related to the improper use of the copyrighted material. Many of these lawsuits are successful and, as of 2012, when the lawsuits are settled, most defendants (i.e. students) end up paying an average of $2,000 per illegally downloaded/shared song. Legally downloading and licensing music, movies, software, etc. from legitimate sources are definitely less expensive propositions when court and lawsuit settlement costs are factored in.
What is UK’s position on Peer-to-Peer File Sharing?
In and of itself, peer-to-peer file sharing is not illegal; therefore, UK has taken the position that blocking peer-to-peer file sharing technologies, services, and/or ports would undeservedly punish faculty, researchers and students who are using these technologies for legitimate academic or research purposes.
However, if a copyright owner (or representative) presents credible evidence that UK information technology resources may be being using to infringe on the rights of a valid copyright owner and, if UK IT can, with certainty, identify the student, faculty or staff member who is being accused of copyright infringement, UK’s DMCA (Digital Millennium Copyright Act) mitigation process will be initiated.
The UK DMCA mitigation process:
The person’s access to the University data network is disabled until s/he
- Contact the APAT Service Desk (218HELP@uky.edu, (859) 218-4357),
- Reviews the Service Desk’s copyright infringement training materials, and
- In writing, acknowledges reading the training materials and commits to not infringe on another’s copyright in the future.
- For any subsequent copyright infringement complaint, the person’s access to the University data network is disabled and the UK Dean of Students or the UK Human Resources Department is notified and that department’s processes are then followed.