The information below will assist your in staying up to date with Cyber Security at SSCC. If you need additional assistance please email firstname.lastname@example.org, or contact an Information Security Team Member.
- 1.) You ARE a target to hackers
- Realize that you are an attractive target to hackers. Don't ever say "It won't happen to me". By following the tips below, you are doing your part to protect yourself and the college.
- 2.) Avoid phishing scams - beware of suspicious emails
- Phishing scams use social engineering to divulge your personal information such as your login ID and password, or banking information. These are most commonly carried out through email, but also can be by phone, text, or social networks.
- Be suspicious of any emails asking for personal or financial information.
- Be cautious when clicking on attachments or links in emails.
- If it's unexpected or suspicious do not click the link or attachment. Double check the URL the link leads to - phishing attacks will often take advantage of spelling mistakes to direct you to a harmful domain.
- 3.) Verify phone calls and visitor identities
- Social engineering and phishing scams can also be conducted in person or over the phone. Always verify the identity of any campus visitor or phone call. There is nothing wrong with turning a visitor away until their identity is verified.
- 4.) Protect sensitive data
- Always be aware of the sensitive data that you come in contact with and the associated restrictions to that data. When it is necessary to send or store this sensitive information make sure to use encryption, and never send from a mobile device.
- If the sensitive data is no longer needed, remove the data from your system or destroy/shred physical copies. Restrict physical access to workstations with sensitive information and never leave sensitive data laying on your desk or printer.
- 5.) Practice good password management
- Make sure your password contains at least eight alphanumeric characters, both upper and lower-case letters, at least one number, and at least one special character.
- Don't share your passwords with anyone. Don't use the same password for multiple sites. Don't write it down, and definitely don't write it on a post-it note attached to your monitor.
- 6.) Lock your device/screen when away
- To prevent unauthorized access, your computer workstations must be locked before you leave your work space by pressing Ctrl + Alt + Delete and then selecting "Lock this Computer". Also, always minimize any sensitive information and enable a password-protected screen saver with a 15-minute timeout period to ensure workstations left unattended are protected.
- 7.) Be careful of what you click
- Double checking links that you click and files that you download is not just limited to email. Make sure to avoid unknown websites or downloading software from untrusted sources. These sites often host malware that will automatically, and often silently, compromise your computer.
- 8.) Use portable technology safely
- Never store any sensitive information on a mobile device including laptops, tablets, and smartphones. Always use your desktop computer on the SSCC network to store and send sensitive information.
- When using a personal device to conduct sensitive browsing (banking or shopping) make sure to use your own device on a trusted network. Also, only install apps from a trusted source and always lock your device with a pin or password.
- 9.) It's okay to:
- Trust your instincts
- Be suspicious of interactions or requests from unfamiliar people
- Prove someone's identity in person (Verify ID)
- Verify who's calling
- Not act on suspicious requests
- Not provide unfamiliar people with information or allow in employee areas
Sensitive data - or personally identifiable information (PII) is Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Examples of PII include any information about an individual including (1) information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name, or biometric records; and (2) any other information that is linked or traceable to an individual, such as medical, educational, financial, and employment information.
Phishing Scams - The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Social Engineering - The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Encryption - The process of converting information or data into a code, especially to prevent unauthorized access.
Trusted network - A network of devices that are connected to each other, open only to authorized users, and allows for only secure data to be transmitted. (The internet connection on SSCC campuses)
Mobile Device / Portable Technology - Any laptop, tablet, or smartphone.
Malware - Software that is intended to damage or disable computers and computer systems.