ERM Free Training videos

UNLOCKED: Security Awareness Training available through ERM Cybersecurity Solutions

Welcome to the College of Southern Nevada’s resource for information technology security. It is important that everyone who uses a computer, laptop, tablet, mobile phone or any kind of smart device understands how to keep their information safe. OTS is committed to helping our faculty, staff and students protect their information and keep it as secure as possible.

Secure choices you can make:

Click Wisely: Beware of phishing emails and scams and only click on links you trust.  Forward suspicious emails to .

Protect Your Password: Use strong and unique passwords and implement two-step verification when possible.  Don’t share your password and use different passwords for work and non-work activities.

Protect Data: Make sure to protect PII data you may handle. Securely encrypt (Link to encrypt how to) or delete files with sensitive information.

Use CSN Email: CSN email should be used to conduct CSN business.  Don’t forward or save college sensitive emails to personal devices or email accounts.

Use Supported Tools: Don’t use unsupported or unapproved software or hardware without consulting OTS.  Downloading software to CSN devices or attaching voice enabled devices or hardware to the CSN network can compromise data at the college. 

Physical Security: Never leave laptops and mobile devices unsecure and unattended.  Secure your area and lock computer screens before leaving them unattended-even if for a few seconds!  Password protect all of your devices using strong authentication when possible.

 

Password security

How Strong is your Password?

Cybersecurity video - Cyber Safety for Students

Pause, Think and Act (Security Awareness Video)

Cybersecurity Newsletter

Cybersecurity: OUCH! Newsletter

Stop, think, connect campaign logo

Cybersecurity: Stop | Think | Connect

Top 5 Tips for Working from Home Securely

Courtesy of Sans.org

Top 5 Tips for Working from Home Securely
With the coronavirus disrupting communities across the globe, many businesses have implemented work-from-home policies. For many of you, working from home is new, perhaps even overwhelming. Plus, you may be working in environments you’re not used to, using technologies and networks you’re not familiar with, exposing yourself to greater cyber threats.

Fortunately, there are five simple — yet critical — steps you can take to ensure you can work remotely from home as securely as possible. Even more, they will help you make a far more safe and secure home for you and your family moving forward.

1. Trust your instincts.
First and foremost, remember that technology alone cannot fully protect you — you are the best defense. Cyber criminals have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. These are called social engineering attacks.

If attackers want your password, work data or control of your computer, they’ll most often attempt to trick you into giving it to them by creating a sense of urgency. For example, they may send you a message pretending to be Microsoft technical support, claiming that that your computer is infected and they need access to your computer right away. Or they may email you claiming that your package cannot be delivered unless you confirm your mailing address by clicking on a link, which ultimately allows them to hack into your computer.

The most common indicators of a social engineering attack include:

Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations.
Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!).
Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.

2. Secure your home’s wireless network.
Almost every home network starts with a wireless (or Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by either your Internet router or a separate, dedicated wireless access point. Either way, they work by broadcasting wireless signals to which your devices connect. To secure your wireless network, do the following:

Change the default administrator password. The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
Only let people you trust connect to your network. Do this by enabling strong network security, which requires a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
Make passwords strong. The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password. Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor’s website.

3. Create a strong passphrase.
When a site asks you to create a password, create a strong and unique passphrase instead. A good password is long, the more characters it has the stronger it is. This is why we recommend that you create a singular passphrase by simply using a series of words that are easy to remember, such as “beehoneybourbon.” Be sure to use a different passphrase for each device or online account. This way, if one passphrase is compromised, all of your other accounts and devices are still safe.

Worried you won’t be able to remember all those passphrases? Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and also has lots of other great features).

Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts, and it’s much easier than you may think.

4. Ensure your devices, programs and apps are running the latest version of software.
Cyber attackers are constantly looking for new software vulnerabilities, and when they discover them, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that create software are hard at work fixing their products by releasing software updates.

By making sure to install the latest software updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including Internet-connected TV’s, baby monitors, security cameras, home routers, gaming consoles or even your car.

5. Don’t let anyone else use your work devices.
Something you most likely don’t have to worry about at the office is children, guests or other family members interrupting your work or using your work laptop or other devices.

Make sure your family and friends understand they cannot use your work devices as they can accidentally erase or modify information or, perhaps even worse, accidentally infect the device. If you have any questions about how to most securely work remotely from home, please don’t hesitate to contact us. We are here to help you!

 

Resources
Got Backups
Four Simple Steps to Being Secure

Making Passwords Simple
Digital Inheritance
Wired Review of Best Password Managers

 

 

How do I send an encrypted email?

Whenever you need to send an email to a recipient outside of CSN, it is very important that it be encrypted, especially if it contains Personally Identifiable Information (PII) of students, staff, or faculty. PII is defined by the US Government as:

Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

Send An Encrypted Email Graphic

I’ve Received Spam or a Suspicious Email. What Should I Do?

If you have received spam or a suspicious email, follow the steps below: 

  1. Do not click any links within the email.
  2. Forward the message to so the OTS team can investigate the email.
  3. Delete the email.


If you have clicked any links within the email or opened any suspicious attachments, contact the OTS Help Desk.