Information Systems and Security works closely with staff, faculty and students to protect and secure valuable data, keep GGC’s critical infrastructure and computing system running in a consistent and effective manner at all times, and protect the confidentiality, availability and integrity of sensitive data and infrastructure.

With this easy access to information online and convenience comes potential risks. Some of these risks include theft and modification of personally identifiable information (PII) like a Social Security Number (SSN), date of birth, account numbers, credit card numbers, private health information (PHI), tax information and more.

Malicious individuals do not need to enter an office or home; they may not have to even be in the same country to gain access to private information. Attackers typically are motivated by the following: 

  • Financial gain
  • FIG (fun, ideology and grudge)
  • Political motive
  • Hacktivism 
  • Information leak
  • Disruption

Protecting Sensitive Information

Strong Password

One of the most important controls for access to information is a strong password. You use password to access most of your sensitive information such as bank accounts, email accounts and learning management systems (MyCourses) on a daily basis. Creating a strong password can protect against brute force attack (password guessing using script/program) and dictionary attack (combinations of common words). Use a strong password for every site and application.

  • Choose a password that is at least eight characters long and should include the following:
    • Upper/lowercase (AaBaCa -Zz)
    • Numbers (0-9)
    • Special characters (such as ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | \ : " ; ' < > ? , . /) 
  • Change password at least once every six months.
  • Use a passphrase, a group of words the mean something, for example, !LuvGGC_5ecurity.
    • Means: I love GGC security
  • Remembering numerous password can be frustrating and you may be tempted to write password down. Do not write down passwords. Instead, use password managers such as KeePass or LastPass.

Multi-Factor Authentication

Multi-factor authentication (MFA) is a mechanism that requires two methods of authentication. There are three factors that can be used to authenticate an individual: something you know (password, PIN, date of birth, mother’s maiden name), something you have (smart card, swipe card, access card, one-time passcode like Google Auth, Duo or text message) or physical attribute (fingerprint, retina).

A strong authentication utilizes two of these methods, like something you know and something you have. This provides layered security and makes it difficult for an unauthorized access to your accounts, systems, applications and emails.

You should use MFA whenever possible, especially when it comes to your personal and sensitive data.

Antivirus

All GGC’s computing systems have antivirus installed and running on a regular basis. Information Systems and Security highly recommends all campus community members also download and install antivirus on their personal devices, including laptops, smart phone and tablets. TotalAV and PCProtect are free antivirus software options.

  • Antivirus must be actively running and up-to-date.
  • Configure antivirus to automatically scan all downloads, email attachments and removable media.
  • If you believe that a GGC computer is infected with a virus, disconnect the computer from the network and contact GGC Helpdesk.
  • Make sure your laptop’s operating systems, applications and plug-ins are up-to-date.

Email Security

Email is a widely used means of communication, and hackers leverage it to conduct malicious acts.

  • Beware of phishing emails. Phishing emails attempt to trick you into revealing sensitive information such as password, financial information, credit card numbers, personal information or ask you to send money. No trustworthy organization will request these types of information.
  • Malware and other malicious software can be easily be transmitted via email. Make sure your anti-malware is configured to scan all email attachments, and don’t open any link you are not expecting or seem suspicious.
  • Do not send any sensitive or restricted information via email unless encrypted with PGP (Pretty Good Privacy) encryption.
  • View more information on phishing.

Wi-Fi Connections

Students, staff and faculty that use the GGC Wi-Fi wireless network on campus and dormitories should connect to the "GGC wireless" network. GGC wireless uses the WPA2 encryption to secure the wireless connection and your data and allows you to login using your GGC credentials.

  • When home, make sure your Wi-Fi network is password-protected.
  • When using public network such as airports, hotels transit stations, coffee shops, public libraries, do not connect to a wireless network you don’t recognized.

Social Media Networks

Limit the amount of personal information you provide when signing up on social media networks. Do not post information that can be used for authentication such as full date of birth or potential answers to security questions. Learn how to use privacy and security setting for all social media network.