While Allstream takes the security of your data seriously, individual users have a responsibility to use security mechanisms and procedures available to them on their network to protect their data.
False Email Notifications
Occasionally, Allstream finds that deceptive email is sent to customers with email and web hosting services provided by Allstream. This email, commonly called a “phishing scam” asks for customers to provide login and password information with the intent to steal your personal information.
It is a relatively simple matter to fake the sender’s address (called “spoofing”). You may receive email asking for your account information from what appears to be email@example.com or some similar address, but was in fact not sent by Allstream.
No legitimate online service provider asks for this type of information via email. Please just ignore the email if you’ve received it and treat it as you would any suspicious email. If you have already replied to the email, please contact ISP Support at 866-871-1114 immediately to reset the password.
Choosing a Password
For systems which rely upon password protection, users should select good passwords and periodically change them. Password guessing and dictionary attacks are common ways of forcing unauthorized entry to networks, and even the best passwords can eventually be defeated mathematically, given enough time. The use of strong passwords acts as a firm deterrent against password guessing attacks, and buys additional time against dictionary attacks.
- Never let anyone else login with your account and password.
- Use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters.
- Use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
- Use a password that can be typed quickly, without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard (also known as “shoulder surfing”).
- Do not use your first, middle or last name in any form. Do not use your initials or any nicknames you may have.
- Do not use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
In addition to securing your computer against attacks from the Internet, it is important to protect your computer against direct manipulation. The following guidelines will help maximize the security of your workstation:
- Never write a password on sticky notes, desk blotters, calendars, or store it online where it can be accessed by others.
- Consider that when you select “Save this Password” in your browser, anyone with access to your workstation could impersonate you.
- Your workstation should have a screen saver activated that is password protected. The interval for activation should be between 3-5 minutes. This will provide adequate insurance against the walk-by use of workstations that are “up” (operating). Anyone with system administrator authority (i.e., a high security clearance) is strongly urged to comply with the lower end of this interval range. Most general users are comfortable with a 5-minute screen saver interval.
- Always power off workstations when not in use (e.g., overnight) or at least log off when you leave for the day.
- Secure workstations by physically locking rooms or offices that are publicly accessible when they are not occupied. Similarly, some workstations can be key-locked to protect the power-on switch and drives. These keys should be used for after-hours workstation protection.
- Investigate your workstation/drives on a regular basis, to look for suspicious files. Use a naming convention for your files, and a directory structure naming convention. Be sure to look for hidden files and directories.
- Consider employing a file encryption program if the information stored on your workstation is highly confidential. Similarly, consider a mail program that supports encryption (S/MIME or PGP) if you will be sending highly confidential information in messages.