1. City of Madison
  2. EmployeeNet
  3. Information Technology
  4. Training & Support
  5. Best Practices

Best Practices

Restart Workstations

Please restart your workstations at the end of each business day. Workstations should be left at the login screen each night. There's no need to power off the workstations because we have power saving software installed that will automatically put the monitor to sleep after 20 minutes of inactivity, and the hard drive asleep after 2 hours of inactivity. This allows us to install software and security updates during off hours.

Phishing

Phishing is a scam in which people steal private information. A phisher (i.e., the criminal behind the scam) will send an email message to thousands of people, pretending to be a trusted organization like a bank or Internet provider. The email usually claims that the victim's account needs to be updated, and a link is provided to a Web page where this can be done. Although the link and Web page look official, they actually both belong to the phisher. When the victim enters their information (credit card, social security number, etc.), the phisher uses that information illegally.

As a rule, you should be very careful about giving out personal financial information over the Internet. The Anti-Phishing Working Group has compiled a list of recommendations that will help you avoid becoming a victim of these scams.

  1. Never send sensitive information through email (a reputable company will have a secure Web site where you can provide information).
  2. Never click a link in an email asking for information. The link (and the Web page) may look official, but both can be faked. Instead, type the company's Web address into your Web browser yourself.
  3. If you feel unsure, call the company's customer service department. Reputable companies are aware of this crime, and will understand your hesitancy to give this information online.
  4. Do not be fooled by e-mails with upsetting or exciting (but false) statements that try to get you to react immediately.
  5. If you suspect the message might not be authentic, do not use the links within the e-mail to get to a webpage.
  6. Do not fill out forms in e-mail messages that ask for personal financial information.
  7. Communicate information such as credit card numbers only via a secure website or the telephone.
  8. To make sure you are on a secure Web server, check the beginning of the URL in your browser address bar. It should be "https" rather than "http." The "s" stands for secure.
  9. Consider installing a Web browser toolbar such as EarthLink's ScamBlocker to alert you before you visit known phishing fraud websites. (Do this on your home PC only. We may deploy this to the city network using our software installation tools.)
  10. If an e-mail message is not personalized, assume it is not a valid message.
  11. Log in to your online accounts regularly, and check bank, credit and debit card statements to ensure that all transactions are legitimate.
  12. Ensure that your browser is up-to-date and security patches are applied.
    We take care of this on your business PC, but be sure you do this on your home computer too!

Spam

Network security experts say the best way to have an immediate impact on the amount of spam being received is by establishing clear usage policies and educating users about how to minimize the influx of unwanted e-mail. Network security firm Sophos offers the following tips:

  • Never make a purchase from an unsolicited e-mail.
  • If you do not know the sender of an unsolicited e-mail message, delete it. While most spam is usually just annoying text, a spam e-mail message could actually contain a virus and/or other exploits that could damage the computers of all who open it.
  • Never respond to any spam message or click on any links in the message. Replying to any spam message, even to unsubscribe or be removed from the e-mail list only confirms to the spammer that you are a valid recipient and a perfect target for future spamming.
  • When sending e-mail messages to a large number of recipients, use the blind copy (BC) filed to conceal their e-mail addresses. Sending e-mail in which all recipient addresses are exposed in the To field makes it vulnerable to harvesting by a spammer's traps. (Note: When sending to recipients exclusively on the city's GroupWise email system this technique is not required. However, if just one recipient is outside of the city mail system, you may want to use this technique.)
  • Never give your primary e-mail address to anyone or any site you do not trust. Share it only with your close friends and business colleagues.
  • Have and use one or two secondary e-mail addresses. If you need to fill out Web registration forms, or surveys at sites from which you do not want to receive further information, consider using secondary addresses to protect primary e-mail accounts from spam abuse. Also, always look for a box that solicits future information/offers and be sure to select or deselect as appropriate.

Conscientious end-users who follow these suggestions will ultimately play a significant role in reducing the amount of spam that enters their organization's communications system, especially since an automated spam-filtering system is in place on the City of Madison e-mail network.