Title
Accordion Content

​December 2018: Set your Personal Greeting on your Office Phone
As you prepare to leave for the winter break, be sure to update your voicemail greeting on your ShoreTel office phone. Follow these steps to update your greeting, change your availability state, change your password, and record your name.

Press – Voicemail key (to the right of the number keys)
You will be asked to enter your password followed by #
For first time access only:

  • Your temporary password is 1234. Press 1234#.
  • You will be asked to record your greeting and then press #.
  • You will be given the options:
    • Press # to Accept
    • Press 1 to Review
    • Press 2 to Re-record
    • Press * to Cancel recording
You have now set up your voicemail password.

(Main Menu) Press 7 – This option takes you to the mailbox options

To record a personal greeting – Press 1

  • You will be asked to record your greeting and then press #.
  • You will be given the options:
    1. Press # to Accept
    2. Press 1 to Review
    3. Press 2 to Re-record
    4. Press * to Cancel recording

    To set up/change your availability state – Press 2

    1. You can change your availability through the following options:
      1. Available : Press 1
      2. In a meeting : Press 2
      3. Out of the office : Press 3
      4. Vacation : Press 4
      5. Custom : Press 5
      6. Do not disturb : Press 6
      7. Cancel : Press *

    To change your password – Press 4

    1. Enter your new password followed by #
    2. Re-enter new password followed by #
    3. Press * to Cancel

    Record your name – Press 6

    1. You will be asked to record your name followed by #
    2. You will be given the options:
      1. Press # to Accept
      2. Press 1 to Review
      3. Press 2 to Re-record
      4. Press * to Cancel recording

    Need help? Contact the IT Help Desk at x 4357 (dial 'HELP') from any campus phone.

    ​​October 2018: Cybersecurity

    October is National Cybersecurity Awareness Month (NCSAM). This is a collaborative effort to ensure everyone has the resources they need to stay safe online. NCSAM is spearheaded by the U.S. Department of Homeland Security and the National Cyber Security Alliance.

    It's everyone's job to ensure online safety at work. The lines between our work and daily lives are becoming increasingly blurred, and it is more important than ever to be certain that smart cybersecurity practices carry over between the two. When you are on the job, Citrus College's online security is a shared responsibility.

    Here are some simple steps that can make you safer and more secure at work and home:

    Keep security software current: Having the latest security software, web browser and operating system is the best defense against viruses, malware and other online threats.

    Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that's an available option.

    Protect all devices that connect to the Internet: Along with computers, smartphones, gaming systems and other web-enabled devices also need protection from viruses and malware.

    Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.

    Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!

    Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.

    Write it down and keep it safe: Everyone can forget a password. Keep a list that’s stored in a safe, secure place away from your computer. You can alternatively use a service like a password manager to keep track of your passwords.

    When in doubt, throw it out: Links in emails, social media posts and online advertising are often how cybercriminals try to steal your personal information. Even if you know the source, if something looks suspicious, delete it.

    Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.

    Protect your $$: When banking and shopping, check to be sure the site is security enabled. Look for web addresses with "https://" or "shttp://", which means the site takes extra measures to help secure your information. "Http://" is not secure.

    See more online safety tips at STOP. THINK. CONNECT.

    ​​​August 2018: Phishing Attacks
    Social engineering is at the heart of all phishing attacks, especially those conducted via e-mail. Technology makes phishing easy. Setting up and operating a phishing attack is fast, inexpensive, and low risk: any cybercriminal with an e-mail address can launch one.

    According to Verizon's 2017 Data Breach Investigations Report, the education sector saw a rise in social engineering–based attacks. Students, staff, and faculty all suffered losses when personal data and research were disclosed to unauthorized parties. Phishing played a part in more than 40% of these breaches. Knowing what you're up against can help you be more secure. Here are a few things you can do to guard against phishing attacks:

    • Limit what you share online. The less you share about yourself, the smaller the target you are for a phishing attack. Cybercriminals use information you post online to learn how to gain your trust.

    • Protect your credentials. No legitimate company or organization will ask for your username and password or other personal information via e-mail. Your school definitely won't. Still not sure if the e-mail is a phish? Contact your IT help desk. At Citrus College, you can report these e-mails by forwarding them to badmail@citruscollege.edu.

    • Beware of attachments. E-mail attachments are the most common vector for malicious software. When you get a message with an attachment, delete it—unless you are expecting it and are absolutely certain it is legitimate.

    • Confirm identities. Phishing messages can look official. Cybercriminals steal organization and company identities, including logos and URLs that are close to the links they're trying to imitate. There's nothing to stop them from impersonating schools, financial institutions, retailers, and a wide range of other service providers.

    • Trust your instincts. If you get a suspicious message that claims to be from an agency or service provider, use your browser to manually locate the organization online and contact them via their website, e-mail, or telephone number.

    • Check the sender. Check the sender's e-mail address. Any correspondence from an organization should come from an organizational e-mail address. A notice from your college or university is unlikely to come from YourIThelpdesk@yahoo.com.

    • Take your time. If a message states that you must act immediately or lose access, do not comply. Phishing attempts frequently threaten a loss of service unless you do something. Cybercriminals want you to react without thinking; an urgent call to action makes you more likely to cooperate.

    • Don't click links in suspicious messages. If you don't trust the e-mail (or text message), don't trust the links in it either. Beware of links that are hidden by URL shorteners or text like "Click Here." They may link to a phishing site or a form designed to steal your username and password.

    ​Monthly Content for Security Matters is courtesy of the Educause Cybersecurity Resources.​​

    ​​​​​​​​​​July 2018: Ransomware
    What is Ransomware?

    Ransomware is a type of malicious software that encrypts your files. Often, the only way to decrypt and gain access to the files is by paying a "ransom" or fee to the attackers. Ransomware may spread to any shared networks or drives to which your devices are connected.

    How Can I Get Infected with Ransomware?
    Common vectors for ransomware attacks include e-mails with malicious attachments or links to malicious websites. It's also possible to get an infection through instant messaging or texts with malicious links. Antivirus may or may not detect a malicious attachment, so it's important for you to be vigilant.

    How Can I Protect Myself Against Ransomware?
    There are two steps to protection against ransomware:

    • Preparation. Back up your information regularly. Once a ransomware infection occurs, it's often too late to recover the encrypted information. Your research project or other important information may be lost permanently.
    • Identification. Ransomware typically appears as phishing e-mails, either with links to malicious websites or infected files attached. You might also see a ransomware attack perpetrated through a pop-up telling you that your computer is infected and asking you to click for a free scan. Another possible vector is malver​tising, malicious advertising on an otherwise legitimate website.

    Probably the Most Important Steps You Can Take to Prepare

    • Ensure that your information is backed up regularly and properly. Because ransomware can encrypt the files on your computer and any connected drives (potentially including connected cloud drives such as Dropbox), it's important to back up your files regularly to a location that you're not continuously connected to.
    • Ensure that you're able to restore files from your backups. Again, work with your IT support personnel to discuss how to test restore capabilities.
    • Ensure that you're keeping your system (and mobile devices) up to date with patches. If you're prompted by your computer or mobile device to accept updates, accept them at your earliest convenience.
    • Don't do day-to-day work using an administrator account. A successful ransomware attack will have the same permissions that you have when working. (If you're not using an account with administrator privileges, the initial attack may be foiled.) What Do I Do If I Think I'm Infected?
    • Report the ransomware attack to your service desk immediately.
    • Isolate or shut down the infected computer. (If you're on Wi-Fi, turn off the Wi-Fi. If you're plugged into the network, unplug the computer. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or shared drives.)

    ​Monthly Content for Security Matters is courtesy of the Educause Cybersecurity Resources.

    ​​​​​​​​June 2018: Be Diligent
    With the threat of hacking, malware, phishing, and other digital threats constantly looming, it can be easy to overlook the importance of physical security. Here are some ways to improve the security of our technology resources and confidential data by securing our environment.

    • Prevent tailgating. In the physical security world, tailgating is when an unauthorized person follows someone into a restricted space. Be aware of anyone attempting to slip in behind you when entering an area with restricted access.
    • Don't offer piggyback rides. Like tailgating, piggybacking refers to an unauthorized person attempting to gain access to a restricted area by using social engineering techniques to convince the person with access to let them in. Confront unfamiliar faces! If you're uncomfortable confronting them, contact campus safety.
    • Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing away. Organizing campus-wide or smaller-scale shred days can be a fun way to motivate your community to properly dispose of paper waste.
    • Be smart about recycling or disposing of old computers and mobile devices. Make sure to properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
    • Lock your devices. Protecting your mobile devices and computers with a strong password or PIN provides an additional layer of protection to your data in the event of theft. Set your devices to lock after a short period of inactivity; lock your computer whenever you walk away. If possible, take your mobile devices and/or laptop with you. Don't leave them unattended, even for a minute!
    • Lock those doors and drawers. Stepping out of the room? Make sure you lock any drawers containing sensitive information and/or devices and lock the door behind you.
    • Encrypt sensitive information. Add an additional layer of protection to your files by using the built-in encryption tools included on your computer's operating system (e.g., BitLocker or FileVault).
    • Back up, back up, back up! Keeping only one copy of important files, especially on a location such as your computer's hard drive, is a disaster waiting to happen. Make sure your files will still be accessible in case they're stolen or lost by backing them up on a regular basis to multiple secure storage solutions.
    • Don't leave sensitive data in plain sight. Keeping sensitive documents or removable storage media on your desk, passwords taped to your monitor, or other sensitive information in visible locations puts the data at risk to be stolen by those who would do you or your institution harm. Keep it securely locked in your drawer when not in use.
    • Put the laptop in your trunk. Need to leave your laptop or other device in your car? Lock it in your trunk (before arriving at your destination). Don't invite criminals to break your car windows by leaving it on the seat.
    • Install a remote location tracking app on your mobile device and laptop. If your smartphone, tablet, or laptop is lost or stolen, applications such as Find My iPhone/iPad/Mac or Find My Device (Android) can help you to locate your devices or remotely lock and wipe them.

    ​Monthly Content for Security Matters is courtesy of the Educause Cybersecurity Resources.

    ​​​​​​May 2018: Your Passwords and You
    Did you know that May 3 was World Password Day? 

    Your passwords are the key to a host of information about you, and potentially those close to you. If someone can access your personal information, it can have serious long-term effects - and not just online! Follow these recommendations from the World Password Day website to protect your identity while making the Internet more secure for everyone:

    • Use a passphrase instead of a password. Passphrases are usually 16 characters or more and include a combination of words or short sentence that is easy to remember (e.g., MaryHadALittleLamb!)
    • Use a fingerprint or biometric requirement to sign in when available. This provides an extra layer of protection for devices and apps.
    • Request single-use authentication codes that can be sent to your phone or delivered by an app.
    • Take advantage of whatever multifactor authentication (MFA) methods are available for the applications you use. Learn more about multifactor authentication for popular services such as Facebook and Google at https://staysafeonline.org/stay-safe-online/securing-key-accounts-devices/
    • Use a password manager or password vault software to help keep track of all your passwords and avoid password reuse.

    ​Monthly Content for Security Matters is courtesy of the Educause Cybersecurity Resources.

    ​​​April 2018: Tech Security and Traveling
    You may be planning a trip during spring break or the summer months. Unfortunately, traveling with devices can mean increased risks for keeping your personal data private as well as the potential for device theft.

    Protect your tech and data when traveling
    Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.

    You may decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, focus on protecting the information that you take with you. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.

    Get your device travel ready

    • Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
    • Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
    • Delete apps you no longer use.
    • Update any software, including antivirus protection, to make sure you are running the most secure version available.
    • Turn off Wi-Fi and Bluetooth to avoid automatic connections.
    • Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
    • Charge your devices before you go.
    • Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
    • Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
    • Don't overlook low-tech solutions:
      • Tape over the camera of your laptop or mobile device for privacy.
      • Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
      • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
      • Label all devices in case they get left behind!

    These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cyber theft. Monthly Content for Security Matters is courtesy of the Educause Cybersecurity Resources. ​

    ​​February 2018: Cybersecurity

    "The Internet is a powerful and useful tool, but in the same way that you shouldn't drive without buckling your seat belt or ride a bike without a helmet, you shouldn't venture online without taking some basic precautions."

    This is an important reminder from the National Cyber Security Alliance that cybersecurity is everyone's responsibility as an individual and a member of our ever-growing online community. Here are some tips to keep in mind as we work together to create a better, safer digital world for ourselves and others.
    • Own your online presence. To keep yourself safe, set privacy and security settings on web services, apps, and devices to your comfort level. You do not have to share everything with everyone. It is your choice to limit what (and with whom) you share personal information.
    • Be a good digital citizen. The things that you would not do in your physical life, do not do in your digital life. If you see crime online, report it the same way that you would in real life. Keep yourself safe and assist in keeping others safe on the Internet.
    • Respect yourself and others. Practice good netiquette, know the law, and do not do things that would cause others harm. The Golden Rule applies online, as well.
    • Practice good communication. Never send an e-mail typed in anger. Put it in your draft folder and wait. Keep in mind that digital communications do not give the reader the same visual or audio cues that speaking in person (or by video or phone) does.
    • Protect yourself and your information. Use complex passwords or passphrases, and don't reuse the same password or variations of a simple phrase phrase. Better yet, enable two-factor authentication or two-step verification whenever possible.

    Monthly content for Security Matters is courtesy of the Educause Cybersecurity Resources.

    ​January 2018: Data Privacy Day
    January 28, 2018 is Data Privacy Day. This event is held each year and is led by the National Cyber Security Alliance (NCSA) in commemoration of the signing of the first legally binding international treaty dealing with privacy and data protection. To learn more about Data Privacy Day, see https://staysafeonline.org/data-privacy-day 

    Everyone in our community is responsible for the protection of the privacy and personal information of our students and employees. Recommended best practices to ensure adequate protection of District restricted or sensitive information is described in Citrus College Administrative Procedure (AP) 3724. These recommendations are listed as follows:

    Adopt "clean desk practices." Don't leave unattended paper documents containing restricted or sensitive information; protect them from the view of passers-by or office visitors. It is recommended that confidential documents contain a cover sheet. Close office doors when away from your office.
    Add a "Confidential" watermark to a Word document.
    Store paper documents containing restricted or sensitive information in locked files with a controlled key system (a list of individuals who have access should be documented) or an appropriately secured area.
    Lock file cabinets containing restricted or sensitive information before leaving the office each day.
    Do not leave the keys to file drawers containing restricted or sensitive information in unlocked desk drawers or other areas accessible to unauthorized staff.
    Store paper documents that contain restricted or sensitive information in secure file cabinets. Keep copies in an alternate location.
    Shred paper documents containing restricted and sensitive information when they are no longer needed, making sure that such documents are secured until shredding occurs. If a shredding service is employed, the service provider should have clearly defined procedures in the contractual agreement that protect discarded information, and ensure that the provider is legally accountable for those procedures, with penalties in place for breach of contract.
    Immediately retrieve or secure documents containing sensitive information as they are printed on copy machines, fax machines or printers. Double-check fax messages containing confidential information. Recheck the recipient's number before you hit 'Start.' Verify the security arrangements for a fax's receipt prior to sending. Verify that you are the intended recipient of faxes received on your machine. If you are not, contact the intended recipient and make arrangements for the proper dispatch of the fax.
    Do not discuss sensitive information outside of the workplace or with anyone who does not have a specific "need to know." Be aware of the potential for others to overhear communications containing restricted or sensitive information in offices, on telephones, and in public places like elevators, restaurants, and sidewalks.
    Ensure electronic equipment containing sensitive information is securely transferred or disposed of in a secure manner, per the District's Electronic Equipment Disposition Policy.
    Immediately report theft of District electronic computing equipment to a supervisor or manager. Loss or suspected compromise of data containing sensitive information should be immediately reported to the TeCS Department.

  • Display Order
    Attachments
    Content Type: Accordion
    Back To Top
    SecurityMatters