Related Pages
Cochise College Information Security Programs
Business, technology, and the cyber-threat landscape are continuously evolving. Additionally, the scale of information processing, storage, use, sharing, and communicating is continuously growing. Attempting to apply protection capabilities across all uses of information in all cases and within all technology implementations at all times is infeasible. Even if such an approach were feasible, the time to implement would make the approach irrelevant given the pace of business, technology, and cyberthreat evolution. The Information Security Program will therefore implement a Risk Management approach to protecting the information assets and operations of the college.
In accordance with the Cochise College Information Security Program, the Information Security Risk Management Program provides Cochise College’s framework for the management of Information Security risks. The program covers the following risk management areas:
- Performance of Risk Assessments
- Monitoring of risk response initiatives
- Measuring effectiveness of risk reduction controls
- Communicating risk posture to Cochise College leadership and governance bodies
| Cochise College Acceptable Usage Policy | Student Handbook 2024-2025 (PDF) |
Welcome to our Information Security page at Cochise College. We prioritize your safety and well-being in all aspects of your academic journey.
Fake Internships - 03/28/2024
Recently, the college has received reports of Cochise College students receiving fraudulent emails offering promises of internships. Please be mindful of emails offering unsolicited internships, jobs, or ways to make money quickly. The emails indicate that the college’s student service division hosts the internships. This is not true. These internship offers are fraudulent and created by scammers for monetary gain.
Scammers often try to contact individuals through email or phone, soliciting to hire for a job or internship. Sometimes, these scammers reference reputable companies or a college/university in some way to make the opportunity appear to be more legitimate; however, you will notice that they are sending the communication through a personal email (Gmail, Hotmail, etc.) and will ask for you to respond to that email rather than an official company or college email.
Know the Signs! Be suspicious if a listing contains any of the following:
- Ask for your bank account number so they can pay you.
- Asks you to pay money or to give them secure personal information.
- Asks you to buy equipment or supplies for a virtual job.
- Sends you a check before you accept an offer or have done any work.
- Links to a generic e-mail address (like Gmail, Hotmail, or Yahoo), not corporate or academic e-mail.
- Requires no interview or previous experience.
- Came “out of the blue” to your inbox or phone.
- Doesn’t list a recognizable employee, department, college/university, or company.
- Sounds too good to be true!
Deposit scammers will attempt to get you to deposit a fraudulent check in several ways. They may mail or even email you a check. They may attempt to exploit loopholes in money transfer apps such as Zelle or Venmo.
Cochise College will never send money/reimburse expenses via any of these means and will never pay an intern or student worker before officially hiring them and enrolling them in the college’s payroll system. Additionally, all college payments to interns and student employees, paid via the college’s payroll system, will receive a college paycheck or direct deposit statement from the Cochise College Business Office. This statement will include many details about the student’s payment history with the college and employment history.
For more information on these types of scams and others, we encourage you to view the Federal Trade Commission (FTC) tutorials on how to spot and protect yourself from these scams.
ONLINE THREATS
Here are some common scams and online threats that students could be vulnerable to, along with some deterrent measures.
1. Phishing Emails: Scammers may send emails pretending to be from reputable sources, such as the college administration, financial aid office, or popular companies. These emails often contain links or attachments that can install malware or steal personal information.
– Deterrents: Encourage students to verify the sender’s email address, avoid clicking on suspicious links or attachments, and report any suspicious emails to the college’s IT department or security team.
2. Fake Job Offers: Scammers may offer fake job opportunities, including work-from-home jobs, internships, or part-time positions, with the intention of stealing personal or financial information or sending counterfeit checks.
– Deterrents: Students should research the company offering the job, verify the legitimacy of the job posting through official channels, never provide sensitive information (such as Social Security numbers or bank account details) over email, and be cautious of unsolicited job offers that seem too good to be true.
3. Financial Scams: Scammers may target students with promises of easy money, such as lottery winnings, inheritance claims, or investment opportunities. These scams often involve requesting upfront payment or personal information.
– Deterrents: Students should be skeptical about offers that require upfront payments or personal information, verify the legitimacy of financial opportunities through reputable sources, and seek advice from trusted financial advisors or family members before making any financial decisions.
4. Tech Support Scams: Scammers may impersonate tech support representatives from legitimate companies, claiming that the student’s computer has a virus or other issue that requires immediate attention. They may then request remote access to the computer or payment for bogus services.
– Deterrents: Legitimate tech support representatives will never contact you unsolicited, avoid engaging with unsolicited callers or pop-up messages claiming to be tech support, and seek assistance from the IT department or a trusted tech professional if they encounter any issues with their devices.
Resources
Understand and be aware that you, your technology devices, and your accounts are targets
- Cybersecurity is everyone’s responsibility
- Do your part to protect yourself, others, and Cochise College assets
- Your reputation and financial well-being, and that of the college are at stake
Don’t share your password, protect it so no one can access/obtain it
- Use a password manager (software that can be obtained from the Office of Technology Services); Password managers can help you create strong passwords that are very difficult to hack
- Safeguard your password from others; Never share your password with someone
- Use different passwords for different accounts – don’t let one password compromise lead to every account you have being compromised
Avoid Phishing scams – beware the dangers of attachments and links in emails
- Keep aware of current Phishing techniques – Tech Services provides security awareness training
- Think before you click – Are you sure you can trust those links?
- Never give out personal information – the college will not send you an email or call you to request your account information.
- Ensure your antimalware software is up to date
- Do not open attachments if there is any uncertainty about the email – especially from anyone you do not know
Keep your software up to date – this ensure the latest security updates are installed, reducing the vulnerability of your systems and devices.
- Turn on automatic updates and periodically check to verify all is working
- Ensure browsers are getting automatic updates
Ensure you have antimalware installed and keep it up to date
Be careful what you click
- Avoid visiting websites that are not familiar to you
- Avoid visiting websites that have suspicious or irregular URLs
Protect important data
- Don’t store RESTRICTED data (data that presents extreme consequences in the event it is compromised) on your workstation, laptop, or mobile device
- Use encryption whenever you must store RESTRICTED data on your system or device. (Office of Technology Services can assist).
- Ensure to encrypt external storage such as flash drives, thumb drives, USB drives, DVDs and CDs.
- Always use encryption when sending RESTRICTED or sensitive data via email
- Avoid faxing RESTRICTED or sensitive data – fax services have evolved over the years and very often store faxes along the path of communication, allowing for accidental disclosure of fax contents.
Never leave your system or device “unlocked” and unattended
- Lock up laptops and mobile devices if they are to be left unattended
Don’t leave mobile assets unprotected (i.e. unlocked in your office, in your car, etc…)
Use anti-malware on all your devices (mobile, personal computer/laptop, tablet)
Don’t connect to wifi networks you do not know to be secure (public wifi areas are huge targets for bad guys to snoop your online communication)
Do not email sensitive information without encrypting it and be sure you are aware of the email recipients on your emails – replying to “all” without first ensuring verifying the recipients is a hazard
Be aware of and comply with Cochise College Information Security Policies
- [Refer to the policy list on this page]
Backup your data – regularly. If you are a victim of a security incident, the only guaranteed way to restore your systems and devices is to rebuild and use the backed up data.
Avoid installing browser extensions – thoroughly research them or contact the Office of Technology Services before installing them.
- 6015 – Acceptable Use of Technology
- 6052 – Cloud Storage
- 6053 – Mobile Device
- 6054 – Remote Access
- 6055 – Computer Accounts
- 6056 – Physical & Environmental Security
- 6060 – Third Party Management
- 6061 – Change Management
- 6063 – Data Classification
- 6066 – Computer and Server Security Standards
- 6068 – Datacenter Backups
- 6070 – Disaster Recovery
- 6071 – Incident Response
- 6073 – Security Awareness
|
Director, CIS/Cybersecurity Program |
