Best Practices

Password Security

  • Never use your CPCC login or password on a non-CPCC website or application.
  • DO NOT share your password with ANYONE (including the helpdesk and your instructor/supervisor).
  • Never use your CPCC credentials from a machine you don't trust (i.e., rented computer at a cyber cafe or even at a friend's house.)
  • Choose strong passwords that are atleast 8 characters in length, and include upper and lower case letters, numbers, and punctuation.
  • Change your password frequently.

Workstation Security

  • While your workstation will auto-lock itself after 15 minutes of inactivity, you are encouraged to lock it manually whenever you leave your area.
  • Log off your workstation at the end of the day. Doing so will protect you from losing unsaved work and also make it easier for us to provide critical patches and updates to your computer.
  • Only install work related software
  • Only install and use P2P software for legitimate purposes. Sharing music and software with tools such as Limewire, KaZaa, and Gnutella, could put you and the college at risk.

Email Security

  • Do not open any email attachments or click on links in email messages from senders you do not know. Some of the linked web sites can conspicuously download malware on your computer without your knowledge.
  • If you receive a piece of ‘spam’ that includes a link to unsubscribe, do not click on it. Doing so will notify the sender that your email address is an active target, and you may end up receiving even more unwanted messages.
  • If you receive a suspicious email message, please attach it to a new message addressed to spam[at]cpcc.edu. This will ensure that details of the original message remain intact for analysis and corrective measure.
  • Disable the auto-preview feature in Outlook. Doing so will prevent emails with questionable or malicious content being opened without your direct action.  The ITS Helpdesk staff can assist you with this procedure if you’re not familiar with it.
  • Never ever provide personally identifiable information (Social Security Number, birth date, password, credit card number) to anyone through email. No legitimate entity will ask you for such information via email.
  • Remember, email is sent in the clear and may pass through networks that are outside of our control. You should assume that anything you write in an email is public. Anything that is not public information should not be transmitted via email.

Web Security

  • Always verify that a website is secure (i.e., has https:// in the url and a lock icon) before entering any private information or logging in.
  • Enable pop-up blocking and only allow popups from sites you trust.
  • Consider disabling Javascript, Java plugins, ActiveX controls, and other media addons if you don't need or use them as they are increasingly used to install spyware and worms.
  • Be very careful when typing a URL into your browser. Commonly misspelled versions of some domains often are setup to look like the real thing but are phishing sites.

Removable Storage Device Security

  • Beware of unrecognized USB sticks and CDs that you find lying around. They may have been planted for the sole purpose of infecting any machine they are inserted into.
  • Do not transport confidential or personal information on CDs, Laptops, USB keys, portable harddrives, etc., unless necessary and only then in a format that is encrypted and secure.

Telephone Security

  • If you receive calls from your bank or other institution, verify that the number they are dialing from is the same as that on your statement or other known trusted document. If it is not, do not reveal any personal information. Instead, call the institution at the number listed on your statement or other known trusted document to verify that they did call.
  • Never give out your password over the phone.
  • In a large educational institution, you probably haven't met everyone. Before giving information to a caller you do not recognize, verify they are who they say they are (i.e., by calling their office number or the office of a co-worker that you do know.)

Mobile Device Security

  • Never store sensitive information on a mobile device.  Mobile devices are usually small in size and can be easily lost or stolen.
  •  Keep mobile devices with you at all times and do not leave them unattended.
  • Set your mobile device to lock after a timeout period, and require a strong password or pin to unlock the device.  Doing so will prevent an unauthorized user from accessing it, if it is lost or stolen.
  • Enable remote wiping capabilities.  Doing so can allow you to remotely access and disable the device, should it get lost or stolen.
  • Be careful about what apps you install.  If allowed, third-party apps can get full-access to your contacts, emails, and text messages, then send that information to an unknown third-party.
  • Install & update anti-virus software on your mobile device.  Mobile devices are just as susceptible to viruses as PC’s, and should be protected the same.
  • Update software and firmware regularly.  This will protect your device from vulnerabilities, enhance its performance, and enable new features.
  • Set Bluetooth devices to “hidden mode”, and disable Bluetooth when it is not in use.  This will prevent unwanted users from connecting to your device.

Social Networking Security

  • Restrict who can view your profile and information.
  • Avoid providing personal information, such as your Social Security number, birth date, address, telephone number, class schedule, or location.
  • Be wary of answering online surveys that people post on your wall, comments, etc.  Although they appear innocent, they can provide an attacker with useful information about you.  This information can then be used for things like answering your secret questions to gain access to accounts or reset passwords.
  • Remember that anyone can see what you post on the internet.  Always think about what you post and what people post about you.
  • Don’t click on suspicious links in messages, chat windows, or status updates.  This can infect your computer with malware, and spread to your contacts.
  • Report spam, phishing, or hacking violations to the social network provider.  Reports can help reduce future violations from offenders.

WiFi Security

  • Be careful what you access on public WiFi networks.  Attackers can hijack sessions or view information that is not sent via encrypted methods (HTTPS, SSH, VPN).
  • Consider installing browser plug-ins that forces sites that support HTTPS, to use it by default.  This can secure your login session and information.
  • Always enable personal firewalls, run up-to-date anti-virus software, and install system updates before connecting to public WiFi hotspots.  This can protect your system from malware and vulnerabilities.
  • Never leave a personal WiFi router open without requiring authentication.  You should also avoid using WEP encryption, and at least use WPA or WPA2 encryption to secure your access point.
  • As an extra layer of security, you can also enable MAC filtering on your wireless router, which will only permit the devices you choose to access your wireless network.