Security awareness

Password

If you find your password in the following table or look similar, it's time to change it. The table shows the top 10 passwords found in the recent Yahoo user password exposure incident:

Password	Used count	Percentage
123456	1667	0.38%
password	780	0.18%
welcome	437	0.1%
ninja	333	0.08%
abc123	250	0.06%
123456789	222	0.05%
12345768	208	0.05%
sunshine	205	0.05%
princess	202	0.05%
qwerty	172	0.04%

Source: SANS ISC Diary - 17 July 2012

These passwords are already in many word dictionaries for password hacking. So users still using these simple passwords will be hacked if not already been. It's just a matter of time and how serious the consequence will be.

Mount Royal has published the MRU Password Policy to set your passwords.

Weak passwords have the following characteristics:

Use word found in a dictionary (English or foreign).
Use word such as names of family, pets, friends, co-workers etc.
Contains personal information such as the user's name, birthday, addresses, employee number, SIN, and phone numbers.
Contains word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc.
Use modified common words by: spelling backwards, prefixing and suffixing with numeric characters (e.g., secret1, 1secret), alpha replaced by numeric characters such as e by 3, O by zero etc.

An easy-to-remember password can be created using a phrase, lyrics or alike. For example, you can create a strong password "Io+o20KMey" by using the first letter in the words of the phrase "I drive 20 KM everyday" with some creativity.

Please do not use the example passwords in this page.

Spam handling

In Lotus Notes, you can use mail rules to act automatically on new messages you receive that meet certain conditions. For example, you could create a rule that checks for messages from a certain sender or that contain a certain subject and automatically move the messages to a certain folder, send copies of the messages to someone, or delete unwanted messages before you ever see them in your Inbox. Please click this link for instructions. Notes spam filter.

If following the instructions above does not resolve the issue you may contact:
abuse@mtroyal.ca.

Home computing security

Your ISP connection

Use a hardware router/Access point with a built-in firewall to connect to your ISP.
Change its default administrator password before connecting it to the Internet.
Apply the latest firmware.
Be very careful when you need to set up DMZ or inbound application forwarding at home.
Use WPA2 security setting and set a strong passphrase.
Do not use an ssid name that could identify you or family.
Select a wireless channel not conflicting with your neighbor to gain the best speed performance.
Use external websites such as grc.com to run an external scan to make sure your Internet connection is secure.

Your home computer

Keep your system and applications up to date.
Enable the firewall.
Run up-to-date anti-virus software.

Internet use

Only download and run software from trusted sites.
If you want to add another layer of protection to your browser, consider enabling an add-on such as WOT(Web of Trust, it warns users of bad websites), or NoScript (it blocks javascript unless approved by user).
You may consider setting up an old computer to do just online finance management. It should be powered down when not in use.
Do not allow someone who claims to be a computer technician to remotely connect to your computer.
Do not use the same username and password for all sites/services you have subscribed to.

Data protection

Backup your critical information regularly and store a copy in a remote and secure location such as safety deposit box in a bank.
Do not save sensitive information such as your financial and tax information on a computer used for casual Internet surfing.
Backup data you cannot recreate and do not want to lose such as digital pictures and videos to external storage devices and keep them at a location you can trust other than your own home.