The Office of Technology Services (OTS) understands that protecting the Lone Star College network and the personal information of all Lone Star College faculty, staff, and students is vital. OTS is constantly monitoring for any potential threats to information security and works to educate LSC employees and students regarding safeguarding passwords and how to determine when a call or email may be fraudulent. We have to remain vigilant in order to keep our accounts, our network, and our data safe.
Do your part. Read through the information below and take steps now to secure your devices, your data, as well as those of Lone Star College. It takes a village, so let's all work together as One LSC to #BeCyberSmart.
Never give out your username or password to anyone. If you think your computer may be compromised, contact our 24/7 OTS Service Desk right away at 832.813.6600 (toll-free 866.614.5014). We’re happy to help.
Think you may have received a phishing or scam email? Report it to the OTS Service Desk. Use the Report a Phishing/Scam Email form to report a suspicious email received in your LSC email inbox. Faculty and staff, you can use the form or forward the suspicious message to our Email Security Team by clicking the "Report Phishing" button in Outlook or Webmail. It's that easy.
Cybersecurity is everyone's job.
No matter your career or position, it is everyone's job to practice good cyber security. Organizations and homes cannot be secure without each and every person doing their part. Online safety and security are a responsibility we all share.
If you connect it, protect it.
The line between our online and offline lives is indistinguishable. This network of connections creates both opportunities and challenges for individuals and organizations across the globe. Cybersecurity Awareness Month allow us to highlight the ways in which internet-connected devices have impacted our lives and will empower all users to own their role in security by taking steps to reduce their risks.
Keep a clean machine.
Keep all software on internet connected devices - including personal computers, smartphones and tablets - current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
Own your online presence.
Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
Share with care.
Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect youor others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
Keep tabs on your apps.
Most connected appliances, toys and devices are supported by a mobile application. Your mobile device could be filled with suspicious apps running in the background, or using default permissions you never realized you approved-gathering your personal information without your knowledge, while also putting your identity and privacy at risk. Check your app permissions and delete what you don't need or no longer use.
Lock down your login.
Create long and unique passphrases for all accounts and use multifactor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device. Use password managers to generate and remember different, complex passwords for each of your accounts.
Think before you click.
If you receive an enticing offer via email or text, don't be so quick to click on the link. Instead, go directly to the company's website to verify it is legitimate. If you're unsure who an email is from-even if the details appear accurate-or if the email looks "phishy," do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware.
Phishing is a psychological attack used by cyber-criminals to trick you into giving up information or taking an action. Phishing originally described email attacks that would steal your online username and password. However, the term has evolved and now refers to almost any message-based attack. These attacks begin with a cyber-criminal sending a message pretending to be from someone or something you know, such as a friend, your bank or a well-known store or website.
These message entice you into taking an action, such as clicking on a malicious link, opening an infected attachment, or responding to a scam. Cyber-criminals craft these convincing-looking emails and send them to millions of people around the world. The criminals do not know who will fall victim, they simply know that the more emails they send out, the more people they will have the opportunity to hack. In addition, cyber-criminals are not limited to just email but will use other methods, such as instant messaging or social media posts.
The concept is the same as phishing, except that instead of sending random emails to millions of potential victims, cyber-attackers send targeted messages to a very few select individuals. With spear phishing, the cyber-attackers research their intended targets, such as by reading the Intended victim's LinkedIn or Facebook accounts or any messages they have posted on public blogs or forums. Based on this research, the attackers then create a highly-customized email that appears relevant to the intended targets. This way, the individuals are far more likely to fall victim.
The cyber-criminal information presented above is based on the original work of Brian Krebs. You can learn more about cyber-criminals at his blog at: http://krebsonsecurity.com.
When in doubt, throw it out.
Links in email, tweets, texts, posts, social media messages and online advertising are the easiest way for cyber criminals to get your sensitive information. Be wary of clicking on links or downloading anything that comes from a stranger or that you were not expecting. When available, use the "junk" or "block" option to no longer receive messages from a particular sender. Don't trust those links.
Get savvy about WiFi hotspots.
Public wireless networks and hotspots are not secure, which means that anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi, and avoid logging in to key accounts like email and bank accounts. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
LSC is a National Cyber-Security Awareness Month Champion
Lone Star College is a recognized NCSAM Champion by the National Cyber Security Alliance. Visit stopthinkconnect.org for tips & advice. Every October, OTS observes National Cybersecurity Awareness Month (NCSAM) to help raise awareness among students, faculty, staff about ways we can all be safe and secure online. No one person, company, or agency is responsible for the security of the Internet. Cybersecurity is our shared responsibility, and we all play a part in keeping data safe.
Throughout the month of October, National Cyber Security Awareness Month, OTS sends weekly email blasts with helpful tips and reminders to our faculty, staff and students on topics such as what to do if you spot "phishy" emails and how to keep from getting locked out of your account when it comes time to change your network password. In addition to the helpful information in the weekly emails, OTS runs digital signage across the campuses throughout the month that offers tips on keeping data safe and how to be responsible online. The Awareness Program is intended to educate the campus community on information security topics, to heighten awareness regarding information security, and to reduce the risks of a security breach.
Cybersecurity Awareness Bulletins are sent to students, faculty, and staff at regular intervals throughout the year with cybersecurity topics to help keep them informed year-round.