Cyber Threat Protection
Best Practices for Minimizing Cyber Threats
One of the most prevalent delivery methods for malicious software payloads comes from
the use of email. With access to public records, cyber criminals can easily obtain
information that can be used to capture demographic information in order to simulate
sending a legitimate sounding email from your co-workers, friends, or family. They
use social engineering techniques to make these emails appear as though they are legitimate.
EICC has upgraded systems to better detect issues with email, and network intrusions
but systems alone won’t detect every threat. Security begins with each of us, so below
are some guidelines and techniques to limit your risk of becoming a victim of cyber
threats.
Don’t open emails from strangers.
- Any email that is of a solicitous nature is always suspect. You can mark these emails as junk in your email software to prevent any future issues by funneling them to your spam/junk email folder. Simply opening a suspect email sends a confirmation to the sender that they have an active and live account they can use for further future spamming, phishing, or other nefarious purposes.
- If the grammar and spelling of an email looks suspect, then assume it’s not from a legitimate source.
- Any emails that appear as confirmation of an order placement could be suspect, so don’t assume that it legitimate until you verify the sender.
Before you open an email in your inbox, hover over the sender information to verify the email address matches and has not been “spoofed” by a fraudulent sender.
If the email addresses from the email header does not match the detailed sender information,
then the sender has fraudulently tried to simulate a legitimate sender and likely
has malicious content.
Don’t click on any link inside an email until you have verified the sender is legitimate.
Once you verify the email sender is legitimate, then check the link to ensure it appears
accurate and you are not directed to a malicious website for a download. If the email
sender has a different domain address (e.g. @eicc2.edu vs @eicc.edu), then there is
likely malicious intent.
Don’t download any attachment that is an executable object.
If an email attachment has a file name that ends in “.exe” or similar executable program
it is highly likely it’s a cyber-threat preparing to install malicious software once
you click on it or download it.
Don’t forward suspicious emails to others.
Forwarding emails introduces further risk to the environment since you could infect
a recipient’s machine in addition to yours if you have already been compromised. Contact
the Helpdesk via phone or send a separate email to investigate the suspicious email
you identified, but don’t forward the potentially malicious one until it has been
reviewed with Helpdesk personnel.
- Leave your computer on at all times – EICC uses software tools to deploy both operating system updates and patches to software. These updates are scheduled in the evenings to run automatically so leaving your computer on will enable them to run at times that minimize conflicts with your working times and avoids unexpected updates in the morning after powering your computer on.
- Reboot your computer before leaving every day – This will accelerate scheduled software patches or updates to your computer that may be waiting to install so they can begin sooner. It also ensures any lingering software you may have used or loaded to your computer from a passing website ad is shut down at the end of the day. This will also keep your computer in good operating condition as it frees up unneeded software not currently in use.
Regular password changes are required at EICC and you are prompted to do so at the proper interval. This ensures that accounts less frequently used are protected, but remember to change your passwords at home also.
Each year, EICC selects courses to familiarize you with the evolving cyber threat landscape and to help provide best practices and tips on how to avoid dangerous and malicious software that can infect your computers. EICC has identified additional courses through SafeColleges that are available to you. The specific courses related to Cyber-Security include the following:
- Cybersecurity Overview
- Browser Security Basics
- Email and Messaging Safely
- Password Security Basics
- Protection Against Malware
If you have doubts about whether an email is legitimate, you have message about software installs, or any other suspicious cyber activities please contact the helpdesk. They will assist with assessing the situation and can help identify and log any activity that is dangerous to you or others. Once again, do not forward emails to others including the helpdesk until a preliminary discussion has occurred.
Helpdesk
Monday – Thursday, 7:30 a.m. – 5:30 p.m.
Friday, 7:30 a.m. – 4:30 p.m.
By phone 563-336-3456 or email helpdeskFREEEICC
Available on weekends by email, helpdeskFREEEICC.
Personal credit protection
Our colleges continue to take various measures to keep our records safe. The information shared below regarding heightened protections can apply to both your campus environment as well as your personal accounts should you choose to use them for your own protection. These measures include placing a fraud alert and/or security freeze on your credit files, and/or obtaining a free credit report.
With the increasing threat frequency surrounding identity theft, each person has some
steps they can take to better protect themselves against others from stealing your
identity. Obtain a free credit report as well as methods that you can implement to
lock your credit account to prevent others from opening credit card and other financial
accounts in your name.
A fraud alert and security freeze, in particular, is intended to prevent someone from extending credit in your name. Additionally, you should always remain vigilant in reviewing your account statements for fraudulent or irregular activity on a regular basis. Furthermore, if you do see a fraudulent charge on your payment card(s), you should immediately contact your bank, credit union or other financial institution that issued your card. The phone number to call can be found on the back of the card. If reported promptly, major credit card companies typically guarantee cardholders will not be responsible for fraudulent charges. We also caution against you providing any information to any entity or person contacting you directly asking for your personal information. Otherwise, you can take steps to protect your information online by always using strong passwords, utilizing multi-factor authentication where available, and updating your software regularly. These are good practices in both your professional, academic, and personal environments.
We recommend that you place an initial 1-year “fraud alert” on your credit files, at no charge. A fraud alert tells creditors to contact you personally before they open any new accounts. To place a fraud alert, call any one of the three major credit bureaus at the numbers listed below. As soon as one credit bureau confirms your fraud alert, they will notify the others.
- Equifax
P.O. Box 105069
Atlanta, GA 30348
equifax.com
1-800-525-6285 - Experian
P.O. Box 2002
Allen, TX 75013
experian.com
1-888-397-3742 - TransUnion LLC
P.O. Box 2000
Chester, PA 19016
transunion.com
1-800-680-7289
If you are personally concerned about becoming a victim of fraud or identity theft, you may request a “security freeze” be placed on your credit file, at no charge. A security freeze prohibits, with certain specific exceptions, the consumer reporting agencies from releasing your credit report or any information from it without your express authorization. You may place a security freeze on your credit report by sending a request in writing or by mail, to all three nationwide credit reporting companies. To find out more about how to place a security freeze, you can use the following contact information:
- Equifax
Security Freeze
P.O. Box 105788
Atlanta, GA 30348
1-800-685-1111 - Experian
Security Freeze
P.O. Box 9554
Allen, TX 75013
1-888-397-3742 - TransUnion
Security Freeze
P.O. Box 2000
Chester, PA 19016
1-888-909-8872
In order to place the security freeze, you’ll need to supply your name, address, date of birth, Social Security number and other personal information. After receiving your freeze request, each credit monitoring company will send you a confirmation letter containing a unique PIN (personal identification number) or password. Keep the PIN or password in a safe place. You will need it if you choose to lift the freeze.
Under federal law, you are entitled to one free credit report every 12 months from each of the above three major nationwide credit reporting companies. Call 1-877-322-8228 or request your free credit reports online at annualcreditreport.com. Once you receive your credit reports, review them for discrepancies. Identify any accounts you did not open or inquiries from creditors that you did not authorize. Verify all information is correct. If you have questions or notice incorrect information, contact the credit reporting company.
Even if you do not find any suspicious activity on your initial credit reports, the Federal Trade Commission (FTC) recommends that you check your credit reports periodically. Checking your credit report periodically can help you spot problems and address them quickly.
If you find suspicious activity on your credit reports or have reason to believe your information is being misused, call your local law enforcement agency and file a police report. Be sure to obtain a copy of the police report, as many creditors will want the information it contains to absolve you of the fraudulent debts. You may also file a complaint with the FTC by contacting them on the web at ftc.gov/idtheft, by phone at 1-877-IDTHEFT (1-877-438-4338), or by mail at Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Your complaint will be added to the FTC’s Identity Theft Data Clearinghouse, where it will be accessible to law enforcement for their investigations. In addition, you may obtain information from the FTC about fraud alerts and security freezes.