UNC Menu

Welcome to the Office of Information Security

Our Mission:  

  • To facilitate the education of students in a secure manner. 
  • To enable the faculty to deliver quality education and conduct research in a secure manner. 
  • To ensure staff can serve the University mission and their department functions in a secure manner. 
  • To defend the institutions data, systems, and networks from misuse, damage and loss.
National Cyber Security Awareness Month: Tip No. 3

October is National Cyber Security Awareness Month. How do I avoid malware? While malware attacks systems through a variety of mechanisms there are four actions you can take that will prevent the vast majority of malware infections. 

  1. Make an effort to understand your information tools.
  2. Patch your operating system and applications.
  3. Use some sort of anti-malware software.
  4. Take a reasonable level of caution in your computing activities.

Understand what applications you are using and why.  When should you see a pop up window and what program does it belong to? This will help you know when something unusual is happening. 
Make sure that you allow your operating system and applications to get updates.  If it is your work computer it should get those updates automatically if it is your personal computer it might mean you need to set automatic updates or manually update your system frequently. 
Make sure that you are running a reputable anti-malware software and that it is up to date.  No software will protect you from every attack but it will keep the known malware off your system.
Be cautious.  If you encounter an unexpected error or you receive a prompt that seems out of place make sure you report it.  We should avoid automatically clicking OK (or YES) when prompted.  Make sure you understand why you are getting a prompt and if you don’t make sure that you seek more information before you proceed. 


National Cyber Security Awareness Month: Tip No. 2

October is National Cyber Security Awareness Month.  Who owns this connection?  We can all appreciate a wireless hotspot because it helps us save money on our data plans and typically provides a faster connection.  Coverage is getting better every day as you find it in more and more businesses and public institutions.  But who owns that hotspot? 
In many cases they are implemented by IT professionals with the intent to give you connectivity and security, such as the WAPs on campus.  But all too often it is implemented elsewhere by someone who understands that WiFi is something their customer want but they don’t know too much about it.  These access points might not be configured to provide any protection of your data.  Worse still they might have old protocols that are easily broken only giving the illusion of protection.  They might even be hosted by persons whose intent is to steal all the data in the wireless traffic coming though that WAP. 

Only connect to sources you trust.  If you are going to connect to a hotspot think about the following items:

Is it a WAP you trust?

  • Is it your Small Office/Home Office (SOHO) Access Point (AP)?
  • Is it a recognized resource that you have used before and trust?
  • Is it a business you trust to understand that your data needs to be protected?

Is it behaving in a “typical” manner?

  • Did it ask you for a password (assuming it usually does)?
  • Does there seem to be an unusual delay in speed?
  • Do you see any “splash” or warning screens?

What are the risks?

  • Any plan text data in transmission can be read.
  • Someone pretending to be a WAP can perform what is known as man in the middle attacks.
  • Cookies and browser sessions can be stolen or interrupted.

What do I need the connection for?

  • A usual HTTP website.  Make sure you at least try a HTTPS version of the site.  All HTTP traffic is plain text.
  • Email.  Did you know that most email transmits over SMTP?  SMTP is not an encrypted protocol.
  • Sensitive sites such as banking or financial sites.  While most of these sites do run HTTPS many have not updated for a number of years.  This means they could be using known “broken” protocols or encryption schemes.


National Cyber Security Awareness Month: Tip No. 1


October is National Cyber Security Awareness Month. Malware infections can be spread by USB drives. In a recent survey, 8 percent of people said that their latest malware infection came from a friend's or coworker's USB drive.

Malware will often try to spread by compromising a legitimate file such as a presentation or report and copy itself to a new computer or device when opened. Regularly scan your USB drive and files with a trusted anti-malware program. Don't plug in any USB device that is unknown to you. Occasionally check to make sure that no unknown USB devices are connected to your computing systems.