While your workstation will auto-lock itself after 15 minutes of inactivity, you are encouraged to lock it manually whenever you leave your area. You can lock your Windows workstation by holding the Windows key and pressing the letter L. When using the Central Piedmont Cloud, the "Disconnect" option is equivalent to locking the virtual workstation.
Log off your workstation at the end of the day. Doing so will protect you from losing unsaved work and also make it easier for us to provide critical patches and updates to your computer.
Only install software required to fulfill your role at the college.
Only install and use P2P, torrenting, and other file sharing software for legitimate purposes. Sharing copyrighted media is a violation of college policy and could put you and the college at risk.
Do not open any email attachments or click on links in email messages from senders you do not know. Some of the linked websites can download malware on your computer without your knowledge.
To report phishing or other suspicious email, please attach it as an email Item to a new message addressed to firstname.lastname@example.org. This will ensure that the original message details remain intact for analysis by our security team and automated systems.
If you receive spam or other unwanted email, you can visit spam.cpcc.edu and add the sender to your blocked senders list. Learn more about employee email spam filtering.
To report spam email, please attach it as an email Item to a new message addressed to email@example.com.
Consider disabling the auto-preview feature in your email settings. This prevents emails with malicious content from being automatically displayed. If you’re not familiar with how to disable the auto-preview feature, contact the Service Desk.
Never provide personally identifiable information (Social Security Number, birth date, password, credit card information) to anyone through email. No legitimate entity will ask you for such information via email.
Email is not an encrypted format. While in transit, emails may pass through networks and devices that are outside of our control. Assume that anything you write in an email is public — do not send anything over email that is not public information.
Always verify the email address of a message, not just the displayed name. It is common for malicious emails to spoof a display name of someone you know.
Do not trust caller ID. If you receive a call appearing or claiming to be from your bank, the IRS, or other institution, do not provide any information. Request a name, extension, or reference number, hang up, and call them back at the number listed on a known trusted document, such as a bank statement, the back of your credit card, an official government website, etc. Legitimate institutions should be accommodating to these security measures. If you are met with resistance or feel pressured, you may be dealing with a scam artist.
Never give out your password over the phone.
In a large educational institution, you probably haven't met everyone. Before giving information to a caller you do not recognize, verify they are who they say they are (e.g., by calling their office number or the office of a co-worker that you do know).
Beware of unrecognized USB sticks and CDs that you find lying around. They may have been planted for the sole purpose of infecting any machine they are inserted into.
Do not transport confidential or personal information on CDs, laptops, USB keys, portable hard drives, etc., unless necessary. If you do use these tools, only use them in a way that is encrypted and secure (contact ITS for advice and assistance with this).
Restrict who can view your profile and information.
Avoid providing personal information, such as your Social Security number, birth date, address, telephone number, class/work schedule, or location.
Be wary of answering online surveys that people post on your wall, comments, etc. Although they appear innocent, they can provide an attacker with useful information about you. This information can then be used for things like answering your secret questions to gain access to accounts or reset passwords.
Remember that anyone can see what you post on the internet. Always think about what you post and what people post about you.
Don’t click on suspicious links or download files in messages, chat windows, or status updates. This can infect your computer with malware and spread to your contacts.
Report spam, phishing, and access violations to the social network provider.
Be careful what you access on public WiFi networks. Attackers can hijack sessions and view your data, unless you use encrypted services such as HTTPS websites or use a VPN to "tunnel" your traffic through an encrypted connection.
Always enable personal firewalls, run up-to-date anti-virus software, and install system updates before connecting to public WiFi networks and hotspots. This can protect your system from malware and vulnerabilities.
Never leave a personal WiFi router open without requiring a long password. You should also avoid using WEP or WPA encryption, as these have known weaknesses. You should use at least WPA2 encryption to secure your network.
As an extra layer of access control, you can enable MAC address filtering on your wireless router. MAC filtering only allows the devices you specify to access your wireless network.
Avoid sharing your WiFi password. Most routers allow setting up a guest network with a different password.