Information Technology Security

Protecting against the unauthorized use of electronic data

Cybercriminals are exploiting coronavirus fears to scam users, steal their personal and financial information, and spread viruses. Such scams are sent through email, texts, or social media and claim to provide coronavirus awareness, products and/or, at times, ask for donations to charity. They can often appear to be from a legitimate organization or individual, including a business partner or friend.

Tips to avoid being a victim of cybercrime
  • Don't reveal personal or financial information in an email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Pay attention to the website's URL. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using the information provided on an account statement, not the information provided in an email. Check out the links provided below on this web site to learn about known phishing attacks and/or how to report phishing.
  • Keep a clean machine. Keep all software on internet-connected devices - including PCs, smartphones, and tablets - up to date to reduce the risk of infection from malware.
  • Connect to a secure network and use a Parkland College Virtual Private Network to access secure work accounts. Home routers should be updated to the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public WiFi to access work accounts unless using a VPN.
  • Separate your network when possible, so your work devices are on their WiFi network, and your personal devices are on their own.
  • Keep devices with you at all times or stored in a secure location when not in use. Set auto log-out if you walk away from your computer and forget to log out.
  • Limit access to the device you use for work. Only the approved user should use the device (family and friends should not use a work-issued device).
  • Never give out personal information over the phone unless you initiate the call.
  • Shred all document and mail with identifying information.
  • Never write down PINs or passwords. Don't use anything easy to guess as a PIN.
  • Use multi-factor authentication for your online accounts whenever possible. MFA helps prevent your account from being accessed even if your password is compromised.
  • Don't carry any information you don't need in your wallet (Social Security card, extra credit cards, birth certificate, etc.)
  • Keep track of all credit cards, ATM and debit cards, receipts, and statements.
  • Periodically check your credit rating with each of the three major credit agencies: Equifax, Experian, and Trans Union. You are eligible to receive a free copy of your credit report each year. To access them, visit www.annualcreditreport.com.
What to do if you’ve given out personal or financial information
  1. Do not click on anything in the message
  2. Change all your passwords immediately
  3. Contact cybersecurity@parkland.edu
  4. Report the theft of this information to the financial institution as quickly as possible
  5. Report the theft of this information to the card issuer as soon as possible
  6. Check your other accounts and keep an close eye on them
  7. Contact the Social Security Administration's Fraud Hotline to report the unauthorized use of your personal identification information
Securely Work from Home

SysAdmin, Audit, Network and Security (SANS) provides the following information to improve security while working from home. We know that working from home can be new to some of you, perhaps overwhelming as you adjust to your new environment. One of our goals is to enable you to work as securely as possible from home. Below are five simple steps to working securely. The best part is all of these steps not only help secure your work, but they will make you and your family far more safe as you create a cybersecure home.

  1. You, the best defense against cyber-attacks is you: First and foremost, technology alone cannot fully protect you - you are the best defense. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data, or control of your computer, they'll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they can call you pretending to be Microsoft technical support and claim that your computer is infected. Or perhaps they send you an email warning that a package could not be delivered, fooling you into clicking on a malicious link.
  2. Home Network: Almost every home network starts with a wireless (often called WiFi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:
    • Change the default administrator password: The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
    • Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
    • Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.
    Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor's website.
  3. Passwords: When a site asks you to create a password, create a strong password: the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. A passphrase is nothing more than a password made up of multiple words, such as "bee honey bourbon." Using a unique passphrase means using a different one for each device or online account. This way if one passphrase is compromised, all your other accounts and devices are still safe.  Use a password manager (lastpass.com), which is a specialized program that securely stores all your passphrases in an encrypted format (and has lots of other great features, too!). Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it's much easier than you think.
  4. Updates: Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack in to the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but internet-connected TV's, baby monitors, security cameras, home routers, gaming consoles, or even your car.
  5. Kids and Guests: Something you most likely don't have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices. They can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.
Parkland College Multi-Factor Authentication

What is Multi-Factor Authentication (MFA)?

MFA is the requirement of two or more proofs of identity before gaining access to a system. The National Institute of Standards and Technology has provided a helpful definition on their website:

MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence - your credentials - when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint).


Okta for MFA

Okta is a robust MFA security platform that keeps Parkland's network, data, and users safer from account hijacking. It will allow you to sign in with your ParklandOne credentials and utilize a second factor such as:

  • Okta Verify mobile application
  • Google Authenticator
  • SMS text message
  • Voice call

Campus Technologies has enabled MFA for many of our online services and will continue to add more.


MFA in Office 365

Parkland Email and Office 365 services are already protected with MFA through Microsoft. These services will transition to use the Okta platform in the near future.


MFA Resources

Additional technical guidance on the use of MFA at Parkland College can be found in our KnowledgeBase.