Cyber Security Threats and Tips

This checklist denotes some tips and tricks on protecting a user from the various cyber threats:


What is it?

How does it spread?

Tips against threats


Phishing typically consists of false messages targeted to the victim that promises certain things in exchange of their personal or confidential information.

Usually through fake emails or web pages that masquerade as messages or web pages of banks, institutions, or a rich and famous royalty from another country. Sometimes crafty pop-ups can also lure users into becoming phishing victims

  • If it sounds too good to be true, then it probably is not true.
  • Legit banks and institutions never ask for personal information (passwords, SSNs) through email.
  • Watch for https in the browser URL. Pages requesting sensitive information must always have https instead of http
  • Check the browser URL, and verify it is a URL from the institution
  • Close all other browser windows when accessing a site with sensitive data (e.g. Bank site)
  • Never submit sensitive information to web sites.

Infected Websites

This is the most prominent of all threats in 2008 and 2009. Over 2.6 million websites are infected, the infected website can install malicious software onto a victims computer in attempt to steal their information or use their computer as a platform to infect other computers. Serious infections can lead to permanent loss of data

This type of threat is spread through infected websites, or infected advertisements displayed on the infected websites. Many legit sites are infected.

  • Try to stay away from less prominent and smaller websites.
  • Steer away from websites that have an excessive number of advertisements.
  • Keep all software on your computer up to date. At a minimum Windows, Sophos, Quicktime, Firefox, Office and Java should always be kept up to date.
  • Do not use administrative accounts on the computer when browsing the Internet.
  • Do not trust any internet pop-ups that indicate virus infection
  • Avoid opening email attachments from people you don't know
  • Ensure personal firewall is enabled on your computer

Social Engineering

This type of threat involves a person or a group of people who tricks a victim into providing personal or sensitive information

This type of attack typically involves face to face interaction, or over the phone conversation.

  • If a person is requesting sensitive information, always ask for identification.
  • Be careful of the over friendly strangers.
  • Never give out personal or sensitive information over the phone, unless if you initiated the call.


This type of threat involves the unauthorized physical access or seizure of information or equipment. This environment has seen a tremendous amount of theft within the last year.

This type of attack involves a person or a group of people as well as inadequate physical security

  • Always lock sensitive documents, equipment behind a locked cabinet or door.
  • Always lock your office door when you step out of the office
  • Always lock your workstation when you step away from your desk
  • Be aware of strangers in your work area, always ask for proper identification
  • Use encryption and tracking software, as well as cable locks on sensitive IT equipment.

Security Checklist

  • Strong passwords for all accounts
  • Always have up-to-date antivirus and antispyware
  • Never share your account information with others
  • Be sure all software are up-to-date
  • Avoid visiting less reputable websites
  • Lock the door when you step out
  • Open only trusted email attachments

Security Issues Contact Information

  • VCU Police – 828 – 1196
  • VCU TS Helpdesk – 828 - 2227
  • VCUHS Helpdesk – 828 - 6647
  • VCU SOM Security Officer – 827 – 9907
  • VCU Police crime report page:

Other resources:

Cyber Security Tips from U.S. Computer Emergency Readiness Team

VCU Computer Security Policies and Guidelines:

VCU Information Security Website

Dan's Security Blog