Cybersecurity Training and Tips for Remote Work
OIT Update, March 31

We have had to make an abrupt change to remote work. Remote work increases the risk to SFCC and our resources. Below are some things you can do to protect your home network and SFCC. The Office of Information Technology will post additional information about these recommendations in the coming weeks.

Next week you will receive an email announcing Cybersecurity Training on KnowBe4. We appreciate your time to complete this critical training.

1. Install Patches and Updates: This includes the OS, browsers, and software. Patches and software updates are the best way to protect your systems from vulnerabilities. OIT regularly patches SFCC equipment and will continue to do so.
2. Use a supported OS: XP and Windows 7 are two examples of an unsupported OS. Consider upgrading to Windows 10. Contact the Service Desk if you have an SFCC device with Windows 7.
3. Secure your Wi-FI: Make sure your Wi-FI is secured with a strong password and change the default password of your router. Large numbers of internet routers are using the default password, which makes them vulnerable to attacks. Check the internet for information about how to do this on your router.
4. Anti-Virus and Anti Malware: AVG Free and Malwarebytes free are a decent combination, but purchasing a complete package is best. SFCC laptops have Microsoft Endpoint Protection, and we are rolling out Malware Bytes and Advanced Threat Protection.
5. Install Firewalls: Ensure devices have active firewalls. OIT laptops have the firewalls enabled.
6. Secure your Access: Use strong and secure passwords with no fewer than 16 characters. Do not reuse passwords. Do not allow others to use your accounts or credentials.
7. Use 2-factor or Multi-Factor Authentication:  OIT is rolling this out for Microsoft (Office) 365 products, but you can also use this for personal email accounts, banking, and other services.
8. Manage IoT Devices: Update IoT devices and change their default passwords. IoT devices can include; security cameras, baby monitors, light bulbs, doorbell security, and any other device that you have connected to your network.
9. Use Encryption: Encrypt your devices and communications where possible. Microsoft (Office) 365 is encrypted by default, but consider encrypting email sent outside of SFCC or that contains sensitive information. OIT has encrypted most laptops, but if you have an older SFCC laptop, check-in with us. OIT will be posting a reminder about how to use email encryption next week!
10. Be vigilant about spam and phishing email: OIT is going to deploy a label to all emails received from an external site, but this is just a reminder to be aware. Review the sender and the content for oddities. Use the Phish Alert button to submit any suspect phishing email.
11. Use SFCC Tools when possible and, if needed: SFCC configures tools and software with compliance requirements in mind. These configurations include SSO, MFA, logging, backups, archiving, data storage requirements, and more. If there are compliance requirements, individually licensed products and tools likely don’t meet the criteria. Consider your situation and your work.
12. Protect Equipment: Do not allow others to use equipment provided by SFCC. Lock and secure any SFCC equipment when not in use.

Thank you,

Office of Information Technology Service Desk
(505) 428-1222
OIT@sfcc.edu