Cybersecurity Guidelines for Valencia Employees

Data Security Safeguards 

DO review and follow the requirements and expectations set in the College’s data and technology policies and procedures (Volume 7). 

DO NOT copy or download highly restricted data (e.g., Social Security Number (SSN), credit card numbers, electronic health records, or other personally identifiable information protected by law, contract or regulation, such as HIPAA, GLBA, FERPA, PCI, etc.) from the College’s administrative systems to your personal PC, laptop, smartphone, public web server, personal cloud systems, or any portable storage device. Storage of personally identifiable information on PCs, portable devices, personal cloud systems/services (e.g., Dropbox, etc.) is strictly prohibited. 

DO NOT send or share such data via email. If sensitive or restricted data is sent to you via email, please handle appropriately, including removing/deleting attachments from emails sent to you. It is advisable to share this with others if there were multiple recipients to the email. Copies of attachments with sensitive information are stored in every mailbox that sends and receives them. 

DO leave highly restricted data on enterprise systems. Restricted data, such as sensitive business data, grade books, etc., can be stored on institution-provided equipment and institution-provided cloud storage systems, such as Office 365 OneDrive for Business, Teams or SharePoint sites. 

DO protect all sensitive data in printed form. Store in a secured cabinet, within an accessed-limited room or office designated space for storing sensitive documents. 

DO shred sensitive data in printed form or securely delete and wipe digital media that needs to be disposed. 

DO NOT leave sensitive data in printed form (hard copy) lying around, unattended on copiers, fax machines, or printers. 

DO download only the data you need to complete your tasks. 

DO NOT download data not intended for the immediate task at hand. 

DO NOT share sensitive data with individuals who are not authorized to view it. This includes being mindful of what you access when in public places, such as cafes or other public places where others can peer over your shoulder. 

Email Security Safeguards 

DO double check each email prior to sending it to ensure no unintended email address are added in any recipient fields (e.g., “TO”, “CC”, “BCC”, etc.) and that no highly restricted data is attached.  

DO NOT send emails without reviewing the content or attachment for highly restricted data, and unintended email addresses. Make sure to double check all attachments that may contain hidden data fields, such as spreadsheets where columns are set to hidden or multiple tabs with additional data fields. 

DO follow requirements regarding the retention of emails that may be subject to Florida’s Records Law as most email may need to be retained for a period of 7 years. 

DO NOT reply to emails or pop-up messages that ask for personal or financial information. No one at the College should ever ask you to submit personal information or credentials via return email or by clicking on a link. 

DO leave your College emails on the College email system, Office365. 

DO NOT forward your “business” emails to a third-party external email system, such as Gmail, Hotmail, Yahoo mail, or any third-party email system. Such action could potentially expose sensitive data and your personal email mailbox may be subject to Florida’s Public Records Laws. 

DO look closely at links embedded in an email by hovering your mouse/pointer over it and cut and paste a link from the email into your web browser. Scammers can make links look as though they go to a safe site but will send you to a harmful website. 

DO reporting potential phishing emails, or any suspicious email, to the service desk team. Feel free to send them to OITServiceDesk@valenciacollege.edu as we can assist you with getting the appropriate reporting completed. Please send suspected emails as an attachment. Or use the built-in feature in Outlook (desktop or web app) for reporting phishing emails. This will automatically report the suspicious email, with the email attached, to OIT and Microsoft. 

DO NOT click on links in an email message or open file attachments from an unsolicited email. 

DO confirm the source by contracting the sender before opening email attachments. 

Secure Computing Safeguards 

DO secure your workstation (lock or logoff of your session) every time you leave your desk. Make sure to disconnect from VPN when logging off of your computer. 

DO NOT leave a logged-on workstation unattended. 

DO NOT use a computer without having up-to-date anti-malware software running on it. 

DO NOT dispose or transfer ownership of devices without making sure it is properly erased by OIT. 

DO use anti-malware software and update it frequently to keep malicious programs off your computer. 

DO NOT use wireless technologies for transmitting sensitive data without making certain end-to-end encryption is enabled (e.g., VPN, TLS, HTTPS, etc.), regardless of whether or not wireless encryption is used. 

DO run the most up-to-date versions of your web browser, browser plug-ins (e.g., Adobe Flash, Java), email software, and other programs. 

DO NOT download programs, documents, applets, and/or images from unreliable and unknown sources; your download may contain malicious software. 

DO use a strong password that is difficult to guess, consisting of eight (8) or more characters, including lower case and upper-case letters, numbers, and special characters. Longer passwords, or pass phrases are in general more secure than shorter passwords. 

DO NOT use easy-to-guess passwords that contain only numbers or letters. 

DO use different passwords for your different online websites. Using the same password for all your online websites will put you at risk of an account compromise. 

DO use a non-administrative account when using your computing devices. Administrative accounts are created for system management responsibilities and are not intended for regular use. 

DO use College-provided VPN solution to securely connect to the College’s resources from remote untrusted networks, such as public Wi-Fi networks, hotels, Internet Cafes, etc. Make sure to disconnect from VPN when not in use. 

 

 

 

Additional Training and Awareness Resources 

The College now has 4 information security training and awareness videos available through the Edge. 

Security Awareness Fundamentals 

This course gives users a solid overview of the most important issues they will face with security awareness. Issues include: incident response, malware, safe surfing and human firewalls, phishing and social engineering, mobile and the Cloud, backup and preventative care, physical and non-technical security, privacy, and policy. It begins with an explanation of the Triads of Information Security and ends with a post-assessment quiz. 

Captain Awareness: Foil Phishing 

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers. In this episode, Nick "The Click" is tempted to click on a suspicious link. Julie and Captain Awareness share the potential consequences of clicking on a phishing link. Please note the following: Although the content is presented in a light-hearted format, it is important to take internet security seriously to help protect your sensitive information and that of your colleagues and our students. You must watch the entire video to mark completion. If you skipped to the end of the video, it will not be marked complete.  

Captain Awareness: Securely Working from Home 

With so many of us working from home, cybersecurity is as important as ever!  Although the OIT department provides a security software and a VPN software so you can connect to the college network securely, there are additional precautions you can implement to ensure a secure remote working environment. In this video, Julie and Nick navigate their company's policy for working from home and Captain Awareness drops by to talk about best practices. Please note the following: Although the content is presented in a light-hearted format, it is important to take internet security seriously to help protect your sensitive information and that of your colleagues and our students. You must watch the entire video to mark completion. If you skipped to the end of the video, it will not be marked complete. 

Working From Home in Times of COVID-19 

There are important security questions to consider, now that you are working from home: Do you know how to protect yourself against cyber risks? Do work devices at home fulfill the most rigorous security standards? How should you deal with company documents and emails? What are the pitfalls when using voice assistants and video conferences? It's important to note that phishing emails and fake news are also experiencing a renaissance due to the coronavirus. Be sure that you are familiar with the security-relevant aspects of the home office. Please note that you must watch the entire video to complete. If you’ve skipped to the end, you will not be marked complete.