Cybersecurity

What is Cybersecurity?

Cybersecurity refers to the preventative steps and techniques used to safeguard and protect the integrity of a network, programs and data from attack, damage, and/or unauthorized access.

Who is responsible for Cybersecurity?

It is not just the responsibility of IT. All users at LLCC play a vital role in the protection of our network and data.

Should home computer users be concerned with Cybersecurity or just businesses?

Anyone using a computer, whether it be for personal or work use are subject to a security breach. It is imperative that each of us take precautions to keep our personal and work technology protected.

What are the different types of attacks that I should be concerned with?

There are many different types of security attacks that could potentially affect you and/or LLCC. Some to be aware of include, but are not limited to: Phishing, Ransomware, Malware, Rogue Software and security attacks via your Password.

What should I do if I think I've had a security breach?

If you feel that you may have been subjected to a security breach, immediately change your LLCC password and notify the IT Help Desk at 217.786.2555 or helpme@llcc.edu. If the computer has any personal online account passwords stored, it is recommended that you change these passwords immediately, as well as check with any financial institutions for issues.

How do I stay safe from attacks?

Third party software companies are available that you can sign up with to provide credit and/or identity monitoring for a fee, such as Life Lock, Identity Force and Identity Guard for your personal accounts. These will help, but there are many more things you can do as an active computer user both at home and at LLCC.

1. Never give out or reply via email with your password, Social Security Number, banking account numbers or other personal information. The IT Service Desk and/or your personal financial institutions will have the necessary information to verify who you are and will never ask you for this data by email.

2. Update your computer software - Operating System, web browsers, antivirus and antimalware. Enable automatic downloads and set a schedule to complete the downloads whenever possible.

3. Do not click on an advertisement to close, use the X in the upper right corner of the window.

4. Do not open, delete emails that you feel could be unsafe. Empty your Deleted Items folder after.

4. Do not open attachments in unsolicited emails.

5. Download software from sites you know and trust.

6. Store your LLCC data in OneDrive for Business - LLCC or a Group Site - LLCC. For personal data, back up with personal Cloud storage, via USB drive, etc.

7. If you are unsure and this is your LLCC email account or LLCC computer, contact the IT Service Desk at 217.786.2555 or helpme@llcc.edu before proceeding.

Password Management

When should I change my passwords?

It is imperative that you immediately change your passwords any time you feel that you may have been subject to a phishing or ransomware attack. Make sure to create new passwords that are not easily guessed, different than the last password and enable two-factor authentication (security questions, phone call or text for access, etc.) whenever possible.

It is a good idea to change your passwords every 30 - 180 days for each account or use a password manager software to assist you.

Is it okay to use the same password for all online accounts?

It is not recommended to use the same password for multiple online accounts. Your passwords should be unique and not easily guessed. Follow the recommended guidelines for each online account for passwords, and whenever possible use a combination of upper and lower case letters, numbers and special characters.

What is a password manager?

A password manager is software that is installed onto your device (computer, smart device/phone) and is used to help you generate, retrieve and store encrypted passwords.

How can I find a password manager software?

There are many password manager software applications available to personal consumers. Some are free, while others may charge a monthly or yearly fee. Some examples are: LastPass, 1 Password and Dashlane.

How can I create a strong password?

Create passwords with a minimum of 8 characters that are comprised of upper and lowercase letters, numbers and symbols.
Use a passphrase when possible. This is long string of characters that can range from a sentence, quote, etc. and intersperse upper and lowercase letters.
Choose difficult to guess passwords.
Avoid common words and phrases.
Be creative in the spelling. Use special characters for letters, phonetics for single letters (EX. PH for an F), and intentionally misspell words.
Keep your passwords secure and do not share them with others. Never share them in an email or text.
Do not use the same password for multiple online accounts. Create a different password for each account.
When possible, enable two-factor authentication. This can include contacting by phone call or text, for authorization.

Phishing

What is Phishing?

Phishing is a fraudulent attempt to obtain personal information from you, such as passwords, banking information, etc. and are most commonly sent to you by email.

How can I idendify a Phishing scam

1.-Don’t trust the display name

On an phishing email, the sender’s email display name may look right, but the actual email address won’t. The email may look something like this:

Esteban Cruz <ecruz@secure.com> OR

Amazon <orders@amazon1.com>

The name may be correct, but the email address looks suspicious because the domain is not genuine. In the first example the domain name should be llcc.edu not secure.com; on the second one, the domain name should be amazon.com, not amazon1.com.

This fraudulent email, once delivered, appears legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if it looks suspicious, don’t open the email and forward it to phishing@llcc.edu

2.- Look but don’t click

Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

3.- Check for spelling mistakes

Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully.

4.- Analyze the salutation

Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name.

5.- Don’t give up personal information

Legitimate banks and most other companies will never ask for personal credentials via email. Don’t give them up. Also LLCC including the IT Help Desk will never ask you for your Login Name and Password or any other personal information.

6.- Beware of urgent or threatening language in the subject line

Invoking a sense of urgency or fear is a common phishing tactic. Beware of subject lines that claim your “account has been suspended”, your account had an “unauthorized login attempt or "your email is over its storage limit".”

7.- Review the signature

Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details.

8.- Don’t click on attachments

Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

9.- Don’t believe everything you see

Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it and forward it to phishing@llcc.edu

How do Phishing attacks occur?

Typically, an email will be sent to you that appears to be from a well-known organization, possibly someone that you do business with, or even an IT Service/Help Desk or IT Administrator. They will ask you for your password, account information, contain hyperlinks to update your information, etc. The LLCC IT department will never ask you for this information via email.

Are there different types of Phishing schemes or should I only worry about emails?

There are 4 main types of phishing attacks.

Deceptive Phishing - most common, usually from a recognized group or company and ask for you to verify your account information, logins, passwords, ask you to change passwords via their link and/or make a payment.

Spear Phishing - similar to Deceptive phishing, except that they will be more specific when contacting you, meaning that it may appear as a personal contact to you. A link asking you to provide information will be in the email body.

Phishing Calls - individuals will pretend to be from a company that you do business with and may ask you for a payment, login and password information, etc over the phone.

CEO Fraud/Whaling - impersonating a head of the organization to obtain sensitive data, attack the network, etc.

What do I do if I get an email that I think is a phishing attack?

When receiving Junk or Phishing emails, please use the "Report Message" button in Outlook to report the malicious email directly to Microsoft. (See below).

Outlook Desktop Application

Outlook Office 365

When using the online application, within the message, select the More Options function (...) > Report Message > Phishing.

Reporting malicious and unsolicited emails makes LLCC's email filtering system more effective.

Please contact the IT Help Desk if you need assistance at helpme@llcc.edu or ext. 62555.

Ransomware

What is Ransomware?

Ransomware is an extreme form of malware (malicious software) that has infected your computer and will block all access to your files until a fee has been paid to release the lock.

Are there different types of Ransomware?

Yes, there are different types of Ransomware. One type is called encrypting ransonware and it will lock your files and folders. Another type is locker ransomware and it will lock your computer so that you cannot access the desktop, files or applications and can infect the portion of the hard drive that allows the Operating System to boot.

How is Ransomware different than Phishing?

Phishing will typically ask you for personal information and Ransomware can infect your pc, cause damage to your data by renaming file extensions, renaming files, extracting data from you and can even infect other pc's on the same network.

How do I protect myself from Ransomware?

Ensure that all updates to the Operating System, Antivirus, Malware software and browsers are updated regularly. Enable automatic updates and scheduled installation whenever possible.

Backup your data daily or use Cloud storage, such as Office 365 OneDrive or Google Docs to keep your data secure. If you are using an external hard drive for your data backup, disconnect the drive when not in use.

If you receive email from an unknown source with active hyperlinks, investigate before opening. Verify the sending email address, hover your mouse over any hyperlinks to see the URL first. If you are unsure, do not open the email, delete and empty the trash bin.