Protection for you
The growth of the Internet has brought with it increased opportunities for exploitation. Each day, billions of e-mail messages “phishing” for personal and financial information traverse Cyberspace. Despite all the warnings published by financial institutions and e-commerce enterprises and news coverage of such schemes, some people are fooled. For example, people at the University have seen e-mail messages very cleverly designed to look as if they came from the Princeton Federal Credit Union. For tips on some of the dangers in Cyberspace, see the Information Security web page.
When you are not sure whether such a message is genuine, it is appropriate and in fact preferable to check with a supervisor or other person in authority before responding or releasing information. It also may be appropriate to ask that the request for information be made in writing by mail or facsimile.
The term "social engineering" refers to more than technology. A scammer with a convincing story might telephone an office worker or student and claim to work for a Help Desk at Princeton or at some financial institution, and ask the person for his or her account and password for some plausible-sounding security purpose. It is important to use critical thinking skills even for telephone or live approaches from people you do not know.
Another type of danger is self-exposure. The rise of Facebook, MySpace, and other “social networks” encourages people to let their metaphoric hair down and to express themselves in ways that, in retrospect, might be a little too open for comfort. While communications or postings in the online facebook of a Princeton residential college are generally protected from the immediate view of the general public, statements and images published, on the Internet can typically be seen anywhere, can last essentially forever, and can have serious unintended consequences. “Thoughts on Facebook,” a Cornell University document presenting the issues, discusses the risks facing students who participate in on-line social networking, but similar cautions apply equally to employees who publish profiles on MySpace or similar venues.
Also, when creating public postings, tweets, or blogs of any kind, keep in mind the power of the World Wide Web to broadcast and preserve your statements. Any ill-considered postings may survive your commitment to them, and, because of the distributed nature of Web indexing, may be very difficult to expunge in the future.
Where to turn
The University is committed to protecting members of the campus community from abusive actions by others both within and outside the institution. If you experience abusive incidents related to the technologies that you cannot pursue on your own, or if you are a supervisor who believes that an employee is abusing access to the information technology resources or Internet access, you should report the matter to the most appropriate contact. You also can report violations of privacy or property involving the technology, whether the perpetrator is a member of the campus community or not.
Among the many offices and officials that work together to pursue cases of this sort are the Deans, Directors of Student Life, and Directors of Studies at the residential colleges, Office of Dean of Undergraduate Students, Office of Vice President for Campus Life, the Graduate School Office, Office of Dean of the Faculty, Office of Human Resources, Ombudsman, University Health Services Counseling Center and SHARE Program, Office of Information Technology, Department of Public Safety, and Office of the General Counsel.
The University’s policy on reporting potentially illegal activity describes procedures for reporting, including the third-party-managed Hotline for those who feel the circumstances warrant anonymity.
If you do not feel your usual reporting path can work or are not sure of the appropriate division to handle the matter on your behalf, the OIT Help Desk will take your question and see that it is directed appropriately. OIT Help Desk staff can also help you identify sources of harassing or offensive communications from outside the University network. You also can report "spamming" and abusive or offensive communications to outside authorities, as most schools, corporations, and Internet service providers do not intend their electronic resources to be used for nefarious purposes.