şÚÁĎłÔąĎÍř

Directors and above have access to the security application in OnBase.  They must complete the application with the new employee together.  For myWNC and Onbase access FERPA training with the Registrar is required in addition to the security application.

Supervisor or Departmental Assistant will submit an electronic  and an IT support ticket.  The incoming employee form starts the process for a WNCAnywhere and college email account. 

The IT support ticket is to start the process for:

  • A workstation with printing capabilities if needed
  • Access to shared network folders if needed.
  • Access to shared email account

If access to the above is not needed there is no need for and IT support ticket.

Supervisor or Departmental Assistant submits an electronic . This form will begin the process for:

  • Account deletion for all systems. If Emeritus status is granted, an email from Human Resources will be sent to the employee regarding their college email account.
  • If employee has assigned equipment, the equipment will be picked up by Information Technology (IT) Services. College portable devices must be returned to Department Assistant or Supervisor upon termination.

Employee and students can use the wireless network for portable devices. Personal equipment cannot be used on the college network.  The threat posed by machines not updated with anti-virus software may affect other users of the network and network security of data, etc.  Therefore, employees are not allowed to plug in personal equipment to any network drop at WNC.

  • Software cannot but purchased with a credit card. Exceptions must be pre-approved by Information Technology (IT) Services to purchase.
  • If hardware purchase is under $100 (mouse, keyboard, webcam) then a credit card can be used. All purchases over $100 and all printer purchases require a purchase order.  Exceptions must be pre-approved by Information Technology (IT) Services prior to purchase.

 

Malware is malicious software designed to infiltrate or cause damage without the user’s knowledge or permission.  Viruses, worm, trains, ransomware, and spyware are all considered malware.

Spammers, Spoofers, Phishers, and hackers will try any method possible to entice you to open an attachment or click a link.  The most common trick is to pretend the email is from someone you know.

Email attachments and links are popular methods for installing malware on computers.  Take the time to understand what to do when you get an email that has an attachment or link.

Attachments can be one of two things:

  • The actual file or document designated in the email
  • A copy of the expected attachment that malware embedded in it.

Links are underlined phrases in email message that simplify going to a specified website.  Clicking on a link can cause one of three things to happen:

  • The link opens the correct webpage referred to in the email
  • The link activates a malware program embedded in the email message.
  • The link is spoofed and opens a webpage similar to the correct page, but with malware embedded in it.

Once installed, malware will immediately send an email message with the same infected attachment to all the email addresses listed on the newly-infected computer.  Those recipients will more than likely open the email attachments as well since they think you are the one sending it.   This can quickly overrun every computer on the network.

 

 

Here are a few suggestions on how to be a super sleuth if you receive a suspicious email:

  • If there are numerous typos, delete the email
  • If you know the senders address and you know the extension is not correct, delete the email
  • Make sure the link makes sense and isn’t misspelled
  • Copy and paste the link address into a web browser instead of clicking it, or don’t use the link and go to the website on your own accord (preferred method)
  • Potentially dangerous executable attachments including but not limited to (.ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js, .jse, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .vb, .vbe, .vbs, .wsc, .wsf, and .wsh) and encrypted ZIP attachments containing such files will be rejected. All other attachments passing virus scanning will be delivered normally.
  • No legit business will request login names and passwords.  Never provide this information.

    When in doubt contact the sender and confirm they sent the email.  If their computer is infected, there’s a good chance they have no clue the email was sent by them.

 Keeping passwords private, secure, and unbreakable is the most important step you can take for safer computing.  The next important step is remembering passwords because almost everything you do on a computer requires a password, and every site has a different password combination requirement.

The password struggle is real for all of us.  Seems every day a new password is required or needs to be changed.  You need to simplify your password library so it’s manageable.  Listed below are some helpful suggestions on password maintenance.  

  • The 8/4 rule: minimum 8 characters and include each of the 4:
    • UPPER case
    • Lower case
    • Symbols
    • Numbers
  • Use passphrases versus one word. Create a few different phrases to use and be sure they are ones that make you smile every time you type them
  • Develop a personal password formula and system for changing and remembering your passwords
  • Create a few passwords and categorize use by most secure to least secure depending on the site
  • If your password is compromised and that password is used for other accounts that store sensitive data, you should immediately change the password.

What is considered a password weak?

 Poor, weak passwords have the following characteristics:

  • The password contains less than eight characters and no more than 20 characters
  • The password is a word found in a dictionary (English or foreign)
  • The password is a common usage word such as:
  • Names of family, pets, friends, co-workers, fantasy characters, etc…
  • Computer terms and names, commands, sites, companies, hardware, software
  • The words "Western Nevada College", "Carson", "WNC" or any derivation
  • Birthdays and other personal information such as addresses and phone numbers
  • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc…
  • Any of the above spelled backwards
  • Any of the above preceded or followed by a digit (e.g., secret1, 1secret).

What is considered a strong password?

Strong passwords have the following characteristics:

  • Contain both upper and lower case characters (e.g., a-z, A-Z)
  • Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:";'<>?,./)
  • Are at least eight alphanumeric characters long. The strongest is a passphrase (Ohmy1stubbedmyt0e)
  • Are not words in any language, slang, dialect, jargon, etc…
  • Are not based on personal information, names of family, etc.

Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: "This May Be One Way To Remember" and the password could be: "TmB1w2R!" or "Tmb1W>r~" or some other variation.
NOTE: Do not use either of these examples as passwords.

How to protect passwords?

Do not reveal a password over the phone to ANYONE
Do not reveal a password in an email message
Do not reveal a password to your supervisor
Do not talk about a password in front of others
Do not hint at the format of a password (e.g., "my family name")
Do not reveal a password on questionnaires or security forms
Do not share a password with family members
Do not reveal a password to co-workers while on vacation

Do not use the "Remember Password" feature of applications (e.g., Internet Explorer, Firefox, etc…).  Consider having to remember your password a good memory test!

Do not write passwords down or store them anywhere in your office. Do not store passwords in a file on ANY computer system without encryption.

If someone demands a password, refer them to this document or have them call the Information Technology (IT) Services.
Change passwords at least once every six (6) months.
When changing a password, do not use a password you have used for that system within the last year. 
If an account or password is suspected to have been compromised, report the incident to Information Technology (IT) Services and change all passwords.

 

 

 

 

 

NRS 603A.040 defines PII as follows:

“Personal information” defined.

1.  “Personal information” means a natural person’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted:

(a) Social security number.

 (b) Driver’s license number, driver authorization card number or identification card number.

(c) Account number, credit card number or debit card number, in combination with any required security code, access code or password that would permit access to the person’s financial account.

(d) A medical identification number or a health insurance identification number.

(e) A user name, unique identifier or electronic mail address in combination with a password, access code or security question and answer that would permit access to an online account.

2.  The term does not include the last four digits of a social security number, the last four digits of a driver’s license number, the last four digits of a driver authorization card number or the last four digits of an identification card number or publicly available information that is lawfully made available to the general public from federal, state or local governmental records.

If personally identifiable information is being stored as defined in NRS 603A.040 FERPA the data is required to be stored on an encrypted device.   This is extremely important for those that store and/or transport data on external devices such as flashdrives, laptops, and hard drives.  Encrypted devices can be purchased online or at most office supply chains.