Information Security


 

Service Description:

Information Security tools and resources are available for all users to keep their devices and personal data safe and secure.

Available to:

Everyone

Videos

Cyber Security Awareness Month Presentation (October 2022, requires login)

How to access the service:

Contact the Help Desk for questions or more information.

  • Passwords

    Consider the following for password strength and security:

    • Password Managers

    LastPass password manager available for Pitzer users for creating and managing unique passwords.

    • Complex Passwords

    Passwords with more than 15 alpha-numeric characters with upper and lower case text and symbols are recommended. Avoid short and easy to guess passwords. Do not reuse passwords. Consider using non-personal identifiable passwords or passphrases.

    • Multi-factor Authentication

    Use mulit-factor or 2-step authentication when available for professional and personal accounts. DUO is required for most Pitzer and Claremont College accounts for staff, faculty and students.

  • Phishing

    “Phishing” is a method of informational or identity theft that is initialized by a fraudulent email, website, or other means.

    Here are some ways to identify phishing emails:

    Sender’s Address:  In an email, you may typically see a Display Name and an Email Address.  You might see something listed like this:  ‘Jill Klein’ <[email protected]>.  Do not just check the name; look at the address for a trusted domain like pitzer.edu.

    Urgency:  Phishing emails instill a sense of urgency like your account is about to be deactivated or a file you need to review right away.  This urgency is deliberate so that you don’t spend time scrutinizing the email for mistakes.

    Links and Attachments:  It is common for an email to include a link to click on, but if you hover your mouse cursor over the link, it should provide the actual URL path of where it’s sending you.  Always check a link before you click on it.  For example  text may say: Bank of America website – hover your mouse cursor over the “Bank of America,” and you may see that the web link is actually taking you to Pitzer or other unrelated website.  Always be on your guard with links and attachments.  Be vary careful with attachments that have .html, .zip, .exe, .dmg files in them; make sure they came from an expected and trusted source.

    Use Your Instinct:  Does an email from Michelle Muturi asking for Target gift cards seem out of place?  Is this document link to a recommendation letter something you expected to receive from this person?  Take your time and look for grammar mistakes or other signs that it may be a phishing attack.

    Personal Accounts:  Remember, these emails can appear in your personal email account, not just your school email.  Your personal email may be linked to several social media sites, including LinkedIn, so it is a prime target for spear phishing scams.

  • Phishing Reporting

    Report Phishing directly from Outlook. The Phish Alert Button provides you with a convenient way to report suspicious emails.

    The button is located on the far-right side of your Outlook toolbar:

    Or on the far-right side of the read window in Outlook web version:

    How to use the Phish Alert Button:

    1. While you have the suspicious email open, click on the Phill Alert Button.
    2. It will ask you confirm that you would like to report the email, click Yes to confirm your action.
    3. A message will display to confirm you have successfully reported an email.
  • Personal Identifiable Information (PII)

    Personally identifiable information (PII) is any information that permits the identity of an individual.  This includes information like your name, social security number, date and place of birth, mother’s maiden name, or biometric records, but also includes information linked (or is linkable) to your medical, education, financial, and employment information.

    As an employee or student, we are obligated to treat your personal data responsibly and confidentially.

    Here are some tips for handling data responsibly:

    • Do not leave documents with PII laying around or locally on your device.  Save data in an encrypted or protected location, like Box.
    • Shred physical documents that hold confidential data when you are done with them.
    • Keep your keys and passwords safe, do not share them with others.
    • Verify emails and messages before clicking on a link or attachment.
    • Take care when sharing links or attachments to documents, and only share it with others if they are authorized.

    Do not access PII while on a shared device, or while on a public or untrusted wireless or network

  • Secure Email (Encrpytion)
    Encryption is an important way for individuals and companies to protect sensitive information. Pitzer staff and faculty can encrypt emails using Outlook (desktop and web versions).
    Outlook for Windows
    • With your new email message open, click on File, and then Encrypt this item
    Outlook for the web