Information Security

Information Security

Phoenix College Information Security

Phoenix College Information Technology is dedicated to helping you stay safe in the digital world. Below, find helpful resources related to information security to assist you at work and at home, including these tips on how to connect with care:

  • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way cybercriminals compromise your computer. If it looks suspicious, even if you know the source, it’s best to delete it or if appropriate, mark it as junk email.
  • Get savvy about Wi-Fi hotspots: Limit the type of business you conduct and adjust the security settings on your device to limit who can access your machine.
  • Protect your money: When banking and shopping, check to be sure the website has security enabled. Look for web addresses with “https://” or “shttp://”, which means the site takes extra measures to help secure your information. “Http://” is not secure.

If you have any concerns about an email sent to you or questions about information security best practices, please contact us at 602-285-7200 or helpdesk@phoenixcollege.edu.

Data storage

The Google for Education suite of products (specifically, Google Drive) is the official, approved, and authorized solution for cloud data storage. The official cloud storage solution has been approved to process and store information classified as Public and Internal. It is recommended to retain work-related materials only in Google Drive, please refer to the MCCCD ‘Acceptable Use’ policy. Information classified as Confidential shall not be processed or stored unencrypted within the official cloud storage solution with the exception of certain categories of Family Educational Rights and Privacy Act (FERPA) information as specified below: 

  • Grades 
  • Assignments 
  • Associated names, Maricopa student IDs, or MEIDs. 

* FERPA information not identified above should not be processed or stored within the official cloud storage solution\\

Multi-Factor Authentication/DUO

MCCCD uses Cisco Duo for multi-factor authentication (MFA) for both students and employees.  Duo MFA is required for most password-protected applications, such as Canvas, the Google Suite, and the Student Information System (SIS).  For more information and guidance on Duo, please visit the Maricopa Community Colleges Duo Support Page.

CyberSecurity

General Security Tips

  • Never include sensitive personal or banking information in email correspondence
  • If you print it, go get it right away
  • Never respond to an email asking for personal information
  • Do not download files from unknown sources
  • Never leave your computer logged in when you walk away
  • Watch out for shoulder surfers who read over your shoulder or try to steal your password
  • Do not check "remember my password" boxes
  • Do not use reuse passwords
  • Do not use unauthorized software
  • Do not leave thumb drives or other small devices lying around
  • Do not plug in USB drives that you do not own

More Information

Helpful Password/Passphrase Tips

 

  • DO Make your password UNIQUE to your life and not something that is easily guessed.
  • DO Have a different password for each online account.
  • DO Change your password several times a year.
  • DO Make your password between 8 to 20 characters long. The longer and more complex it is, the harder it is to crack.
  • Do NOT share your password with others.
  • Do NOT write your password down and leave it under your keyboard or on a sticky note on your monitor.
  • Do NOT Use your name, Social Security number or any other personal information that could identify you. This means pet names, girlfriend/boyfriend names, birth dates, phone numbers, license plates, car models or addresses.
  • Do NOT Use any word found in a dictionary longer than three letters. Hackers use automated programs to crack passwords using special programs that scan for any word found in a dictionary. This includes any word spelled backwards.
  • A Strong Passphrase:
    • Is 20 to 30 characters long.
    • Is a series of words that create a phrase.
    • Does not contain common phrases found in literature or music.
    • Does not contain words found in the dictionary.
    • Does not contain your user name, real name, or company name.
    • Is significantly different from previous passwords or passphrases.
  • Help yourself remember your strong password or passphrase by following these tips:
    • Create an acronym from an easy-to-remember piece of information. For example, pick a phrase that is meaningful to you, such as My son's birthday is 12 December, 2004. Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
    • Substitute numbers, symbols, and misspellings for letters or words in an easy-to-remember phrase. For example, My son's birthday is 12 December, 2004 could become Mi$un's Brthd8iz 12124, which would make a good passphrase.
    • Relate your password or passphrase to a favorite hobby or sport. For example, I love to play badminton could become ILuv2PlayB@dm1nt()n.

 

Here are a few ways to avoid phishing attacks:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information
  • Do not provide personal information or information about your organization
  • Do not reveal personal or financial information in email
  • Do not send sensitive information over the internet before checking a website's security
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly
  • Install and maintain anti-virus software, firewalls, and email filters
  • Take advantage of any anti-phishing features offered by your email client and web browser

See more Information here.

 

 

  • Do not give your email address out arbitrarily
  • Check privacy policies
  • Be aware of options selected by default
  • Use email filters
  • Report messages as spam
  • Do not follow links in spam messages
  • Consider opening an additional email account when posting to public mailing lists, social networking sites, blogs, and web forums
  • Use privacy settings on social networking sites
  • Do not spam other people
  • Do not use unsubscribe, as it verifies the email is active

See more Information here.

 

  • When choosing a mobile phone, consider its security features
  • Configure the device to be more secure
  • Configure web accounts to use secure connections
  • Do not follow links sent in suspicious email or text messages, such links may lead to malicious websites
  • Limit exposure of your mobile phone number
  • Carefully consider what information you want to be stored on the device
  • Be careful when selecting and installing apps. do a little research on apps before installing them
  • Maintain physical control of the device, especially in public or semi-public places
  • Disable interfaces that are not currently in use, such as Bluetooth, infrared, or Wi-Fi
  • Set Bluetooth-enabled devices to non-discoverable. When in discoverable mode, your Bluetooth-enabled devices are visible to other nearby devices
  • Avoid joining unknown wi-fi networks and/or using public Wi-Fi
  • Perform a factory reset before discarding your old phone
  • Do not "root” or “jailbreak” the device

See more information here.

  • Review your bank’s information about its online privacy policies and practices
  • Before setting up any online bill payment, check the privacy policy of the company or service you will be sending payments to
  • For security purposes, choose an online personal identification number (pin) that is unique and hard to guess
  • Install anti-virus, firewall, and anti-spyware programs on your computer and keep them up to date
  • Regularly check your online account balance for unauthorized activity
  • Use a credit card or PayPal to pay for online goods and services
  • Avoid situations where personal information can be intercepted, retrieved, or viewed by unauthorized individuals
  • If you receive email correspondence about a financial account, verify its authenticity by contacting your bank or financial institution
  • If you have disclosed financial information to a fraudulent website, file reports with the following organizations:
  • Your bank
  • The local police
  • The Federal Trade Commission
  • The Internet Crime Complaint Center
  • The three major credit bureaus — Equifax, Experian, and TransUnion

See more information here.