Cybersecurity has become one of the biggest hot topics both inside and outside of technology circles over the last two years. From securing learning devices due to a rise in digital learning during the COVID-19 pandemic, to coping with the fallout of high-profile breaches of several California Community Colleges and K-12 Districts, there is a seemingly endless press dedicated to cybersecurity mishaps and concerns. And with this onslaught of negative news, it can be easy for everyday individuals to become overwhelmed and to feel powerless in the face of the “insurmountable” threats posed by cybersecurity. But in actuality nothing could be further from the truth.
With all of the jargon that is typically thrown around in relation to cybersecurity there is a longstanding misperception that cybersecurity is beyond everyday people and that it should be left to the professionals. Moreover, there is a prevailing sense among the public that breaches are simply a fact of life and that we should just learn to deal with them. But this just isn’t true. In fact, everyday people have a huge role to play in cybersecurity threat prevention, detection, and remediation. For example, according to IBM, 95% of breaches have human error as a main cause. Therefore, everyday day technology users are very much the first line of defense when it comes to thwarting cybercrime.
Phishing
Chaffey college staff and faculty receive phishing attempts on a daily basis. These attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defense. Below, are a few different types of phishing attacks to watch out for:
What You Can Do
To avoid these phishing schemes, please observe the following email best practices:
- Above all else: Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- If something looks Phishy, it probably is.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Do not try to open any shared document that you’re not expecting to receive.
- When in doubt, contact the ITS Help Desk.
- Be especially cautious when opening attachments or clicking links if you receive an email containing [EXT] in the subject or containing the warning banner indicating that it originated from an external source.
Ransomware
Ransomware is increasingly being used by hackers to extort money from educational institutions (You may have seen the LAUSD articles in the news last week). Ransomware is a type of malicious software that takes over your computer, encrypting your files until you pay a ransom.
Although we maintain controls to help protect our networks and computers from this type of attack, with the quickly changing attack scenarios we rely on you to be our first line of defense.
Here are some simple things you can do to help Chaffey avoid a ransomware/malware attack:
Think Before You Click
The most common way ransomware enters corporate networks is through email. Often, scammers will include malicious links or attachments in emails that look harmless. To avoid this trap, please observe the following email best practices:
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- If you can’t tell if an email is legitimate or not, please contact the ITS Help Desk.
- Be especially cautious when opening attachments or clicking links if you receive an email containing the [EXT] tag in the subject line and/or the warning banner in the body of the email, indicating that it originated from an external source.
Backup your files
Backing up your files to OneDrive, an external hard drive, and/or a USB thumb drive is one of the easiest ways to mitigate the risk of ransomware. In the case of a ransomware attack, ITS can wipe/re-image your computer and you can restore your files from your backup. A popular approach is to follow the 3-2-1 rule. Keep 3 separate copies of your files on 2 different storage types with 1 copy offline.
If Something Seems Wrong, Notify ITS
If your computer is infected with ransomware, you will typically be locked out of all programs and a “ransom screen” will appear. In the unfortunate event that you click a link or attachment that you suspect is malware or ransomware, please notify IT immediately.
Strong Passwords and Password Managers
The easiest way to protect yourself, and Chaffey, from cyber threats is by having a strong password. It’s simple – the longer and more complex your password, the more difficult it is to crack.
Software Updates
One way to keep your information secure is to keep your software and apps up to date. While Chaffey ITS manages your district owned devices for you, it is important for you to keep your home computers and mobile devices up to date.
Additional Resources
Cybersecurity 101 Tip Sheet (CISA)
Why is Cybersecurity Important? (CISA)
Software Updates Infographic (NCSA)
Software Updates (NCSA)
Understanding Patches and Software Updates (CISA)
Information Security Awareness Training
As you are aware, Chaffey College is more reliant than ever on technology and the network. The security of those resources has become an increasingly high priority. To help protect our confidential assets, and to comply with State and Federal requirements, it is necessary for all district employees to complete an Information Security Awareness. While our objective is to meet all compliance and legal requirements, our overarching goal is to educate and protect our staff and administration by changing their online behaviors and encouraging safe practice.
The Technology Committee has selected a self-paced training program that is available via the “My Learning Hub” link on the Chaffey Portal dashboard page (see directions below). This training will not only comply with regulations but will also help protect our confidential information and assets. Most importantly, it will promote safe practices for our community regarding potential risks and rapidly evolving threats that target online behavior.
The District expects that training will be required annually for all staff and faculty, full and part-time. Full-time faculty will complete this training as part of their professional responsibilities, as outlined under 18.2.3 in the Collective Bargaining Agreement, and all part-time faculty who complete it will be compensated one-hour at the training rate.
Staff and Faculty can access the self-paced training in My Learning Hub (directions below) through the College Portal. The training module should take approximately 30 minutes. This training is due at the beginning of each calendar year and must be completed no later than January 31st.
Directions for Accessing Training Module:
If the link doesn’t work, please follow these instructions:
Log into the Chaffey Portal and locate My Learning Hub
Once you're logged into My Learning Hub, the right-hand corner will show the Security Awareness training that is ready for you for begin.
About Cybersecurity Awareness Month
National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security.
For more information about ways to keep you and your family safe online visit https://staysafeonline.org/cybersecurity-awareness-month/ and/or cisa.gov/ncsam.
H6: Other Resources
Please contact the Help Desk at ext. 6789 or ISRepairs@Chaffey.edu if you have any questions or would like additional information.
