Security and privacy

• Operating System: Only use a computer running an operating system that is currently supported by the vendor: Windows 10 or MacOS 10.15 and later. 
• Security updates: Make sure to regularly install operating system patches, browser updates, and application patches, (e.g.: Zoom). 
• Antivirus: Always keep your antivirus software up to date. If you have a college-issued laptop, Sophos is already installed and updates automatically.  The LITS page on malware protection has free home use antivirus software solutions for both Mac and PC.
• Computer screen lock: A screen lock prevents unauthorized access to your device. It is recommended on college-issued laptops and personal computers. Screens should be set to lock and require a password after a short period of inactivity. If walking away from your computer, even for a few minutes, it is best to lock your screen. To lock your screen manually on Windows, use the key combination Windows + L. To lock on MacOS, use Command + Control + Q. 
• Home router/wifi: Your home router should have the latest firmware updates installed and the default router password should be changed. The wireless security should also be configured using WPA2 or WPA3.
• Strong, unique passwords: Your Mount Holyoke College password should be complex, and you should not use that same password for any other services. All accounts should have a unique password.
• VPN: When possible, LITS recommends you use the college-supported VPN whenever accessing college data, including Google Docs and email to name a few. This allows you to take advantage of the security built into our campus firewall. For more information on use and installation of Mount Holyoke’s VPN visit the LITS VPN Page.
• Remote Desktop: Some work requires applications or systems only available from college desktop/laptop machines. Once a VPN connection has been established, you may remotely connect to your office computer. Follow the instructions on How to Connect to your MHC Computer From Home to get it up and working. If your department uses RAdmin, you will be able to use that application to access your office desktop. All other remote access tools are prohibited. 
• Downloading College Data: Avoid downloading college data to your personal computer. Please let the Technology Help Desk know if downloading college data is part of your workflow and you do not have a college issued computer at this time.

• Antivirus and malware protection: Antivirus and malware tools help protect your computer against harmful software that is written to transmit, destroy or change important information on your computer. All computers should have up-to-date antivirus software installed before you connect to the campus network. LITS manages this for College-owned computers.

• Phish bowl fraudulent email alerts: The Phish Bowl tracks the most recent fraudulent email examples, allowing you to familiarize yourself with what phishing attempts look like. If you receive a suspicious email, check the Phish Bowl to see if anyone else has received the same fraudulent message. If you responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the Technology Help Desk at helpdesk@mtholyoke.edu and reset your account password to prevent scammers from using your account.

• File storage guidelines: Are you wondering where should you should store your files? Read LITS' current recommendations.

• Library privacy policy: The Mount Holyoke College Library is committed to protecting your right to privacy regarding the questions you ask and the materials you borrow. This notice explains our information practices, what information we collect in the Library and how we use that information.

• Faculty and staff online training: Security awareness training is available for all Mount Holyoke faculty and staff via the SANS.org Advanced Cyber Security Learning Platform.

The College’s single sign-on (SSO) service lets you provide your username and password to one system and access many other applications within the same browser without having to login again. If you’re on a shared computer, even at home, it is critical to log out and close your browser when you’re done.

Current SSO-enabled systems include Moodle, Commons (WordPress), Pathways, Kaltura, Five Colleges library systems and Smith College systems that accept MHC credentials (Moodle, &c.). More systems will be added in the coming weeks and months.

Phishing attacks use email or malicious websites to infect your machine with malware and viruses in order to collect personal and financial information. Cybercriminals attempt to lure users to click on a link or open an attachment that infects their computers, creating vulnerability to attacks. Phishing emails may appear to come from a bank, business, government agency, or individual you recognize. The email may also request personal information such as account numbers, passwords, or Social Security numbers.

MHC tracks Phishing Attempts in the MHC PhishBowl.  Please review to see past examples!  

Gift card scams are particularly on the rise. If someone contacts you asking you to buy them a large sum of gift cards, DO NOT take the bait. It’s almost certainly a scam, even if the message appears to be from someone you recognize and trust. If something about the email seems “phishy,” do not respond and do not click on any links or attachments. See the National Initiative for Cybersecurity Careers and Studies (NICCS) cheat sheet on phishing to learn more.

Google 2-step verification adds an extra layer of security to your Mount Holyoke Google account by requiring a second piece of information — a numeric code — as well as your username and password when you sign in. The code changes at regular intervals, so you must have a way to obtain it (such as your phone) in order to log in to the account. By requiring this code, the account cannot be accessed by an intruder that has obtained your password.

• Turn on Google 2-step verification here
• Learn more about multi-factor authentication tools and practices

If you’re looking for a job, job scammers are looking for you. Scammers advertise jobs exactly where real employers do, including popular websites and the classifieds. They may say they’ve got a job waiting, or guarantee to place you in a job, if you just pay a fee. Legitimate employers and firms DO NOT ask you to pay for the promise of a job.

Learn more about employment scams and how to protect yourself here:

• MHC’s Career Development Center’s guide to fraudulent job postings
• Federal Trade Commission (FTC) guide to job scams

Creating strong passwords is one of the most effective ways you can protect personal information and keep yourself safe from cyber attacks. Shake up your password protocol, because not all passwords are created equal.

You should always consider using the longest password or passphrase permissible. Get creative and customize your standard password for different sites, which can prevent cyber criminals from gaining access to these accounts and protect you in the event of a breach. Use password managers to generate and remember different, complex passwords for each of your accounts. See the National Initiative for Cybersecurity Careers and Studies (NICCS) cheat sheet on password tips for more information.

Have you been targeted by cyber scammers? You aren’t alone. Here’s what to do and who to contact if you suspect you’re dealing with a cyber criminal:

• First and foremost, contact law enforcement. If you are on campus, contact Public Safety and Service at 413-538-2304.
• If you responded to a suspicious email and/or clicked on a link and entered any account or personal information, please immediately contact the Technology Help Desk at helpdesk@mtholyoke.edu and reset your MHC account password to prevent scammers from using your account.
• If you’ve been targeted by a fraudulent job posting, please contact the Career Development Center at cdc@mtholyoke.edu immediately and end all communications with the employer.
• Contact your financial institution immediately upon suspecting or discovering a fraudulent transfer. You may also request that your bank reach out to the financial institution where the fraudulent transfer was sent.
• File a complaint with the FBI’s Internet Crime Complaint Center, regardless of dollar loss. Provide all relevant information in your complaint.
• File a complaint with the United States Department of Justice.

Helpful resources:

• MHC Public Safety and Service guide to cyber security
• MHC Public Safety and Service guide to Internet safety