OTS Cybersecurity - Personal and Professional protection
OTS Cybersecurity - Protect against identity theft
OTS Cybersecurity - Are you exposing yourself
Share with care banner
Keep a clean machine banner

Welcome to the College of Southern Nevada’s resource for information technology security. It is important that everyone who uses a computer, laptop, tablet, mobile phone or any kind of smart device understands how to keep their information safe. OTS is committed to helping our faculty, staff and students protect their information and keep it as secure as possible.

Secure choices you can make:

Click Wisely: Beware of phishing emails and scams and only click on links you trust.  Forward suspicious emails to .

Protect Your Password: Use strong and unique passwords and implement two-step verification when possible.  Don’t share your password and use different passwords for work and non-work activities.

Protect Data: Make sure to protect PII data you may handle. Securely encrypt (Link to encrypt how to) or delete files with sensitive information.

Use CSN Email: CSN email should be used to conduct CSN business.  Don’t forward or save college sensitive emails to personal devices or email accounts.

Use Supported Tools: Don’t use unsupported or unapproved software or hardware without consulting OTS.  Downloading software to CSN devices or attaching voice enabled devices or hardware to the CSN network can compromise data at the college. 

Physical Security: Never leave laptops and mobile devices unsecure and unattended.  Secure your area and lock computer screens before leaving them unattended-even if for a few seconds!  Password protect all of your devices using strong authentication when possible.

 

Acceptable Use Policy
Information Security Plan
Password security

How Strong is your Password?

Cybersecurity video - Cyber Safety for Students

Pause, Think and Act (Security Awareness Video)

Cybersecurity Newsletter

Cybersecurity: OUCH! Newsletter

Stop, think, connect campaign logo

Cybersecurity: Stop | Think | Connect

As Hackers Target Mobile Payment Apps, Here's How to Keep Them at Bay
A little vigilance helps retailers reduce and prevent three of the most common kinds of mobile app fraud
 

Consumers love paying for goods and services with their smartphones. But as more retailers release their own mobile apps with in-store payment options, the threat of fraud must be carefully considered. Retailers offering in-store purchasing through a mobile app should be aware of major card-not-present fraud schemes.

Let’s imagine a fictitious retailer called Smoothie Shop; its mobile app allows saves customers' credit card information to facilitate in-store purchases. And that opens the door to at least three kinds of potential fraud.

In the first scenario, the fraudster takes over an existing Smoothie Shop account. Since the account already has a credit card saved in the app, the fraudster can simply walk over to a Smoothie Shop, present the mobile app with the saved credit card information, and enjoy a refreshing smoothie that was paid for with someone else's stored credit card.

In a second scenario, the fraudster takes over a Smoothie Shop account again, except this account lacks a saved credit card. That in turn prompts the fraudster to buy a stolen credit card off the Dark Web or some other electronic market, then add the newly obtained card to the Smoothie Shop account and app. They can then proceed to the closest shop to buy smoothies using the stolen credit card. 

Why would fraudsters go through the trouble of taking over an existing account instead of just creating a brand new account to commit fraud? It's because savvy fraudsters know that "aged" accounts more than 3–6 months old with a good transaction history are less closely scrutinized than a brand new account with no transaction history. 

Finally, in a third and more sophisticated scheme, the fraudster uses a bot tool or a human click farm to create hundreds of fake Smoothie Shop accounts. Once the fraudster has access to multiple fake accounts, he can then add as many stolen credit cards as he pleases in order to make in-store purchases.

What, then, can retailers and consumers do to protect themselves?

Prevent account takeover (ATO)
There are many ways to prevent or at least significantly reduce the amount of ATO -- eliminating credential stuffing, for instance. The goal of the organization should be to eliminate the economic advantage that fraudsters obtain from taking over an account. If the cost/effort of taking over an account outweighs the value of said account, there will be no incentive for the fraudster, and they will likely go elsewhere to commit fraud. 

Maintain control of the account creation process
Creation of accounts by bots and scripts can be limited by using a captcha, but these can be bypassed by mid-level sophistication fraudsters, and consumers generally dislike captchas. Preventing bulk creation of accounts requires collecting device-level information in order to restrict the number of new accounts that can be created by a single device. Forcing the fraudster to leverage a device farm could make their rate of return less desirable and push the fraudster elsewhere. 

Ensure customers aren't logging in with compromised credentials 
This is a set of NIST recommendations concerning authentication and digital identities that make a lot of sense in today’s world of daily breaches. The customers who are logging in to your website or mobile app with compromised credentials are most likely the accounts that will be taken over and defrauded first. 

Build controls around misuse of credit cards in the mobile app
Legitimate customers will likely need to add one, maybe two, unique credit cards to their account/device. Any account/device trying to add a third or more credit cards to an account should be closely inspected and possibly restricted from adding more. The stored credit card should also be tied to the device rather than to the account. That way, if an account is taken over from a new device, there will be no stored credit card information available for the fraudster to use. Both of these require a strong and unique identifier at the device level. 

Even if apps are more convenient for customers and encourage repeat business, they’re a liability for consumers and retailers alike. It’s important retailers learn how to protect their customers and avoid the fallout from a breach by making critical changes in the development and monitoring of their apps. After all, while using apps to purchase goods is a fun novelty, it's even better when no one has to worry whether the credit card info has been stolen.

 

How do I send an encrypted email?

Whenever you need to send an email to a recipient outside of CSN, it is very important that it be encrypted, especially if it contains Personally Identifiable Information (PII) of students, staff, or faculty. PII is defined by the US Government as:

Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

Send An Encrypted Email Graphic

I’ve Received Spam or a Suspicious Email. What Should I Do?

If you have received spam or a suspicious email, follow the steps below: 

  1. Do not click any links within the email.
  2. Forward the message to so the OTS team can investigate the email.
  3. Delete the email.


If you have clicked any links within the email or opened any suspicious attachments, contact the OTS Help Desk.