<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; "><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">In this issue:</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">1. Mobile Workers Say "Security is Not My Job"</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">2. Schools in the News: 10 Data Leaks in Just 3 Weeks</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">3. Tip of the Week: Risky Search Engines</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">---------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">1. Mobile Workers Say "Security is Not My Job"</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">---------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">A study released last month by an independent marketing firm commissioned by Cisco Systems and the National Cyber Security Alliance (NCSA) shows that most mobile workers entrust their security solely to IT. The survey covered seven countries including the United States.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">According to the study, 73% of mobile workers are not aware of security threats and best practices. 28% admit "hardly ever" considering security risks and some even said they "never" consider them.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">In a world where mobile workers are increasing and where businesses are entrusting their workers with access to corporate information anywhere outside the office, IT has an important role to play. These situations require proactively protecting and educating mobile workers in order to prevent them from undermining the security of the business they work for.</SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">The past year has shown that roughly 73% of all sensitive data breaches occur because of unsafe human behavior, not because of software vulnerabilities or other "computer glitches." While it is difficult to mandate, and while busy workers prefer to get their work done rather than deal with taking extra steps for the sake of security, this isn't any different from how we have adopted other security habits in our lives, such as locking our houses and cars, putting valuables out of reach, and avoiding dark streets at night.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">If you are concerned with the security of the information you work with, or even if you aren't concerned but want to find out if you or others in your area are doing enough, MIT offers a free awareness seminar on Computer Security. The next offering occurs on October 17, noon - 1 p.m., in N42 demo center. For more information on the seminar or to have the seminar presented to your team or department, contact <<A href="mailto:security@mit.edu">security@mit.edu</A>>.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">--------------------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">2. Schools in the News: 10 Data Leaks in Just 3 Weeks</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">--------------------------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">You may have noticed the recent addition to Security FYI of the "Schools in the News" feature. According to incidents compiled by the Adam Dodge Report, just in the past three weeks there have been ten possible data breaches reported by U.S. universities. Seven of these have been inadvertent data disclosures while three were due to theft of property.</SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Read the Adam Dodge Report: <<A href="http://www.adamdodge.com/esi/">http://www.adamdodge.com/esi/</A>></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">While these types of incidents are not new, the high number of them should be a worry to all higher education institutions, because eventually they will have a breach of their own. I believe the numbers show a general lack of concern and awareness of the risks. What is unfortunate about this is that often the damage could have been prevented. It would be unfair to suggest that universities be 100% safely guarded against these types of occurrences.</SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">However, even one leak can be damaging to not only the privacy of individuals affected, but also to the reputation of the institution. </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">--------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">3. Tip of the Week: Risky Search Engines</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">--------------------------------------------------------</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Be careful what you search for, you may end up at a risky site loaded with adware or spyware. Over the summer, McAfee released a report showing that more than 276 million searches by U.S. consumers per month lead to risky sites. McAfee studied the five major United States search engines -- Google, Yahoo!, MSN, AOL, and Ask -- which account for 93 percent of all search engine use. To conduct the study, McAfee analyzed the first 50 search results returned by each search engine for 2,300 popular keywords.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">The most risky sites were found to offer adware, spyware, viruses, exploits, spammy e-mail, excessive pop-ups or strong affiliations with other risky sites. Good news is that search engines have somewhat reduced the problem of risky sponsored links through better vetting.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">What can web surfers be aware of or do to make sure they don't stumble upon these types of sites?</SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* Adult search terms are twice as likely to lead to unsafe results as non-adult search terms -- keep your searches "clean."</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* Reduce spam by avoiding e-mail signups.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* Even with search engine improvements, 1 in 12 sponsored links still leads to a risky site -- avoid clicking on these in search results.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* If it sounds too good to be true, it probably is -- queries containing the word "free" are particularly likely to lead users to sites with unsavory practices.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* Of the Google search terms analyzed, the most dangerous category is "tech toys," examples of which include "ipod nano," "mp3 music downloads," and "winmx" -- 23 percent of these led to risky sites.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* There are tools like McAfee SiteAdvisor and others to make searching safer.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"> </SPAN></FONT><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">* IE 7 and Firefox 2.0's improved security features help to keep personal data safe from fraudulent websites and online phishing scams by warning you when you visit a risky site.</SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; font: normal normal normal 12px/normal Helvetica; min-height: 14px; "><BR></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Read more about the report here: <<A href="http://www.mcafee.com/us/about/press/corporate/2007/20070604_181500_u.html">http://www.mcafee.com/us/about/press/corporate/2007/20070604_181500_u.html</A>></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;"><BR class="khtml-block-placeholder"></SPAN></FONT></DIV><DIV style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; "><FONT class="Apple-style-span" size="3"><SPAN class="Apple-style-span" style="font-size: 12px;">Thank you for staying aware of security issues,</SPAN></FONT></DIV><BR><DIV> <SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><SPAN class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px 0px; color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; text-align: auto; -khtml-text-decorations-in-effect: none; text-indent: 0px; -apple-text-size-adjust: auto; text-transform: none; orphans: 2; white-space: normal; widows: 2; word-spacing: 0px; "><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">=========================</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">Monique Yeaton</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">IT Security Awareness Consultant</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">MIT Information Services & Technology (IS&T)</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; ">(617) 253-2715</SPAN></SPAN></DIV><DIV style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><SPAN class="Apple-style-span" style="font-size: 12px; "><A href="http://web.mit.edu/ist/security">http://web.mit.edu/ist/security</A></SPAN></SPAN></DIV><DIV style="font-size: 12px; "><BR class="khtml-block-placeholder"></DIV><BR class="Apple-interchange-newline"></SPAN></SPAN></SPAN></SPAN> </DIV><BR></BODY></HTML>