Cyber Safety
Protecting College data is a shared responsibility and you are the best defense against threats.
There are some easy things you can do to keep from being an easy target of cyber criminals and others who commit identity theft, fraud, and harassment. Every time we connect to the Internet—at home, at school, at work, or on our mobile devices—we make decisions that affect our cybersecurity.
By following these simple, very basic security measures, you better protect your technology and personal information.
- Keep your systems and software up-to-date
- Use current antivirus
- Watch out and avoid phishing scams. Recognize common red flags of phishing
- Use strong passwords, consider multi-factor authentication or a password manager
- Think before you click
- Lock your technology and computer when unattended
- Create a pin for your mobile device
- Protect your data and avoid sharing too much information, especially on social media
- Back up your data
- Shop Safe Online: https
- Stay Protected While Connected: Avoid free Wi-Fi
- Monitor your financial and social media accounts for suspicious activity
Protecting personal devices is crucial for establishing a safe computing environment. These best practices help keep your devices and information secure.
Antivirus software is designed to find known viruses and oftentimes other malware such as Ransomware, Trojan Horses, worms, spyware, adware, etc., that can have a detrimental impact to the user or device.
Follow these Antivirus best practices to help avoid virus and malware infections:
- Ensure antivirus software is active and current
- Set antivirus software to automatically update daily
- Perform full scans regularly. Daily scans are recommended
- Avoid visiting untrusted sites
Attackers can easily identify and access internet-connected systems that use shared default passwords. It is imperative to change default manufacturer passwords and restrict network access to critical and important systems.
What Are Default Passwords?
Factory default software configurations for embedded systems, devices, and appliances often include simple, publicly documented passwords. These systems usually do not provide a full operating system interface for user management, and the default passwords are typically identical (shared) among all systems from a vendor or within product lines. Default passwords are intended for initial testing, installation, and configuration operations, and many vendors recommend changing the default password before deploying the system in a production environment.
What Is the Risk?
Attackers can easily obtain default passwords and identify internet-connected target systems. Passwords can be found in product documentation and compiled lists available on the internet.Solution: Change Default Password
- Read device documentation to learn how to change passwords
- Set unique default passwords
- Store passwords in a secure area
Learn more about the importance of changing default passwords.
A firewall is a first defense when it comes to monitoring incoming and outgoing connections. It’s by no means foolproof but you should always have your firewall switched on (most operating systems have this function as standard) when browsing on a public network.
Enable personal Firewalls
Enable your Windows firewalls or MacOS X firewalls.
Note that Windows 10 and Windows 8 have a firewall already built in and automatically turned on
Learn more about Firewall and how they can secure your data
The Internet of Things (IoT) refers to any object or device that sends and receives data automatically through the Internet. This rapidly expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.
Improve the security of Internet-Enabled devices
- Evaluate security settings on your IoT device
- Ensure your device has up-to-date software
- Connect carefully, consider isolating the devices
- Change default passwords to a strong password
Learn more about IoT and how to improve security of Internet-Enabled devices
Mobile phones contain a great deal of personal information about you. Many apps on your phone provide access to your bank accounts or other accounts that contain sensitive information. When you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. Apps may gather this information for legitimate purposes, however, you should be aware that apps will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.
Protect your mobile device by:
- Use a strong pin or password to access your phone
- Consider using a your fingerprint to login to your device
- Disable location services when not needed
- Be caution when charging in public places
- Limit activities on public Wi-Fi networks
- Review app permissions before installing
- Keep apps and software up-to-date
- Remove any apps you do not need
Learn more about Mobile device apps and privacy.
Whenever you replace a device or when it nears its end of life, it's important to follow best practices for electronic device disposal. Computers, smartphones, and cameras allow you to keep a great deal of information at your fingertips, but when you dispose of, donate, or recycle a device you may inadvertently disclose sensitive information, which could be exploited by cyber criminals.
Device and Media Sanitization methods:
- Paper Records
- Destroy by shredding
- Magnetic media (i.e. floppy disks, zip disks, and hard drives, etc)
- Cleared by overwriting using an approved overwriting technology, purge by degaussing or destroy by shredding
- Optical media (i.e. CDs, DVDs, etc.)
- Destroy by shredding
- Flash memory media (i.e. USB, SD card, etc)
- Clear by overwriting using an approved overwriting technology
- Portable devices (i.e. cell phones, tablets, etc.)
- Portable devices use flash memory. A factory reset alone will not protect data. Data encryption makes recovery extremely difficult.
- Clear by enabling encryption on the device. Followed by performing a factory reset as specified by the device manufacturer
- Alternatively, clear by using vendor
- Computing, networking or Internet ready devices (i.e. printers, multi-functional devices, routers, etc)
- Clear by performing a factory reset as specified by the device manufacturer
Learn more about proper disposal of electronic devices.
Follow these best practices when setting up your home Wi-Fi.
- Change the router's default admin password
- Use a strong password for your Wi-Fi
- Use latest encryption, WPA-3 where possible
- Disable Wi-Fi Protected Setup (WPS)
- Enable multi-factor authentication where available
- Keep the router’s firmware updated
Learn more about Columbus State's Wi-Fi
Protect your personal information and identity. These best practices help keep your personal information and identity secure.
Identity theft happens when someone uses your Social Security number or other personal information to open new accounts, make purchases, or get a tax refund.
Thing to watch for:
- late or missing bills
- receiving credit cards you did not apply for
- calls or letters about purchases you did not make
- suspicious purchases or withdrawals on your credit or bank statements
- denials of credit or being offered less favorable terms for no apparent reason
- a letter from the IRS indicating more than one tax return was filed
Is someone using your information to open new accounts or make purchases? Report it with the Federal Trade Commission or place a fraud alert.
If you suspect you are a victim of identity theft, please consider the above-listed steps the Federal Trade Commission suggests. However, there are a few other things you can do for yourself in an effort to achieve a quicker recovery:
- Notify the lender or bank
- Place a "fraud alert" on your credit report
- Order and read your credit reports
- Report suspicious items on your credit report
- Consider a credit freeze
- File a local police report
Under current federal guidelines, SSN can be used by an employer or financial institution for wage and tax reporting purposes. An SSN can be used to do a credit check by a landlord or loan company, as well as when you sign-up for a credit card. However, there are many times that SSN is used for record keeping.
An even greater risk comes from identity thieves posing to be representatives of a bank, credit card company, or government agency.
Deter identity theft. If someone asks for your Social Security Number (SSN), ask:
- why do you need my SSN?
- how will it be used?
- how do you protect it from being stolen?
- what will happen if I don't give it to you?
Credit Card Numbers are one of the most commonly stolen data items. One trend is criminals placing “skimmers” on ATM and gas station pump card readers so they can read and collect credit card numbers. When used with a person’s address and the security code on the back of the card, a criminal can make fraudulent purchases.
Protect your credit card number by:
- Don’t Give Out Your Digits to Just Anyone.
- Shred credit card statements and receipts
- Click "NO" when asked to save passwords and credit card numbers
- Enable multi-factor authentication where available
- Watch out for skimmers on gas pumps and ATM's
Learn more about ways to protect your data and shop safely online.
What to pack? In terms of devices, the Information Security Office recommends bringing only the equipment needed to do your work. Below you’ll find device recommendations that range from best, most secure options to the minimum required actions that help keep devices secure and your data protected.
- Ensure your computer drive is encrypted. Visit the Bitlocker Knowledge Base page to verify encrption.
- Leave USB and external drives at home. These are easily lost and easily corrupted. If you must travel with a USB device, be sure that it’s encrypted.
- Be vigilant about your surroundings. Watch for those looking over your shoulder or potential thieves to prevent theft or unauthorized access.
- Disable unnecessary services like Wi-Fi access points, Bluetooth devices, and GPS when not in use to enhance security.
- Connect through Virtual Private Network (VPN). This will allow you to securely connect to CSCC’s network as if you were on campus.
- Securely Connect to CSCC by using the VMware Horizion Virtual Desktop.
- Do not plug your phone into charger kiosks. They may hide hostile computers on the other end of innocent-looking wire.
- Avoid using public workstations as they cannot be trusted. Assume that anything that you enter into a system may be captured and used.
- Do not leave your devices unattended.
- Don’t connect to unknown resources like Wi-Fi access points and Bluetooth devices.