Monthly Archives: September 2015

Take the Library Student Needs Survey and Enter to Win Prizes!

Your Voice. Your Library.

Will you help us improve the Library for yourself and other students? We’re looking for your feedback so we can better understand you and what you need from us. In return for about 15 minutes of your time, you’ll have a chance to win one of twenty $25 Amazon gift certificates!

Please help by filling out the Library Student Needs Survey. The survey will be open until October 23rd. Your responses will be completely anonymous and your voice will be heard.

 

Greg & Steve are Coming to LCC!

Kids love to sing and dance with Greg & Steve and you will too! Grab your family and join us for this fun and enriching concert that will be held on Friday, October 2 at 7 p.m. at Dart Auditorium. Get your FREE tickets today at lcc.edu/gregandsteve.

Made possible through a generous grant from the Lansing Community College Foundation, Gretchen’s House Child Care Center. and C-Campus Child Care Grant.

STEMfest is October 10!

STEMfest is Saturday, October 10 from 9 a.m.-1 p.m. in the Arts & Sciences Building! STEMfest is a day for kids grades K-6 to experience more than 50 hands-on math and science activities staffed by LCC’s own faculty and student volunteers. Visit lcc.edu/stemfest for more information and to register for this FREE event.

Fall on the Mall October 7!

The LCC University Center invites you to Fall on the Mall on Wednesday, October 7 from 9:30 a.m.-1 p.m. and 4 -6:30 p.m. Don’t miss this opportunity to learn how you can earn your bachelor’s or master’s degree right in downtown Lansing! Enjoy refreshments and visit with our University partners. Look for the tables on the mall located between the Gannon and Arts & Sciences buildings. In case of inclement weather, the event will be moved to the 2nd floor of the Gannon Building. For more information and areas of study please visit lcc.edu/uc.

Upcoming College and Service Fairs

Community Service Fair | Sept 30 | 11 a.m.-2 p.m. | Gannon room 244

Students– Are you looking to enrich your college experience through community service?  Are you passionate about a particular social issue?  Attend the upcoming Community Service Fair on Wednesday, October 30, from 11am – 2pm in the Gannon Building, room 244. Stop by and learn about organizations making a positive impact in your area!

  • Student Organizations– Take advantage of this opportunity to make some great community contacts for volunteer opportunities!

College Night | Oct 8 | 5:30-7 p.m. | Gannon

Plan your next step! College Night is on Thursday, October 8 from 5:30 to 7:00 p.m. at LCC’s Downtown Campus in the Gannon Building. Attend this event to visit with representatives from over 40 colleges and universities from around the state. Learn about admission, financial aid, scholarships, transfer and more. See who will be there at www.lcc.edu/collegenight.

HBCU Fair | Oct 20 | 9 a.m.-3 p.m. Gannon | 6:00-8:00pm Union Missionary Baptist Church

The Historically Black College and University (HBCU) Fair 2015 is happening on Tuesday, October 20 with a day and evening events. The day event will be from 9:00 AM – 3:00 PM in the Gannon Building, StarZone, or attend the evening event from 6:00 PM – 8:00 PM at Union Missionary Baptist Church. Learn about HBCU’s admissions, programs and learn more about LCC’s HBCU Transfer Partnerships. Register online by October 13 for your chance to win a Kindle Fire. To see a list of colleges and universities attending and to register go to www.lcc.edu/hbcufair.

October is Cyber Security Awareness Month

For the past 11 years, the month of October is used to advocate Cyber Security Awareness across the United States of America.  Likewise at LCC I want to take this opportunity to reach out and train all staff and students on cyber threats and offers tips and best practices concerning how to stay safe online.

LCC faces cyber threats every day.  Our network is constantly probed for weaknesses, sometimes reaching over 90,000 per day—that’s more than 1 attack per second.  Similarly, LCC personnel receive emails and phone calls from criminals asking for our network credentials, credit card numbers, and social security numbers.  Moreover, major web site breaches have exposed LCC email addresses to identity theft criminals.

Over the past year, we have done an outstanding job to minimize the impact of cyber thieves.  I would like to offer the following Top 9 best practices on how you can stay safe on the LCC network:

  1. Recognition of phishing emails.
  2. Storage locations of college information and traveling best practices.
  3. Wireless network options.
  4. Sending Social Security Number (SSN) and Credit Card Numbers via email.
  5. Malvertising – watch where you go on the internet.
  6. Password Reuse? Use a password manager.
  7. Lock vs Log-Off my computer?
  8. Don’t’s and Do’s when using Public Wi-Fi.
  9. Records Retention Schedule.

 

Are you excited for Cyber Security Awareness Month?  Me too!  Please sit back and take a look at the cyber security best practice information below.

——————————

  1. Recognition of phishing emails.

 

Did you know that 91% of all hacking attacks begin with a phishing email?  Fraudsters send fake emails or set up fake web sites that mimic LCC’s sign-in pages (or the sign-in pages of other trusted companies, such as eBay, PayPal, or Office365) to trick you into disclosing your user name and password. This practice is sometimes referred to as “phishing” — a play on the word “fishing” — because the fraudster is fishing for your private account information.  Other fraudsters are trying to get you to visit malicious web sites or open a malware-infected attachments.

Once they gain access, they can use your personal information to commit identity theft, charge your credit cards, empty your bank accounts, read your email, and lock you out of your online account by changing your password.  The will take control of your computer and scan the network, join a bot net, or sit and listen for your keyboard activity…passwords, bank account details, and credit card numbers.

 

Let’s take a look at an example:

 

From: Sharon McPherson [mailto:badguy@yahoo.com]

Sent: Friday, June 12, 2015 9:42 AM
To: youraddress@lcc.edu
Subject: My Resume

Good day.

I witnessed your website today Fri, 12 Jun 2015 and found it very interesting.  I was praying there was any possibility of employment, just to prove my competence.

As you will see in my CV, I am very qualified and have a very broad experience in this line of employment. I am confident it will be worth your time reviewing it, and I am even more positive you will find me very appropriate in your business. Please see my attached CV.
I’m very much looking forward to hearing from you.

Many thanks,

Sharon McPherson

 

Did you find 6 red flags?  Let me explain:

-Unfamiliar sender with an unsolicited email

-Sender asks multiple times for you to open the attachment

-If you are not in HR, or work with resumes, then the email was sent to the wrong person

-Poor grammar…’witnessed your website’

-Email is from a ‘free’ email account (hotmail.com, yahoo.com, gmail.com, etc.)

-No contact information in the email

 

  1. Storage locations of college information and traveling best practices.

 

In an effort to properly organize LCC information and minimize confidential information exposure, I would like to recommend the following locations for your documents:

 

  1. Files created/stored for inter-office use should be stored on Divisional/Departmental workspace (N: drive), LCC-all-public (O: drive), or on SharePoint (for files that require collaboration).
  2. Files created/stored for use only by you should be stored on your personal H: drive. These files are not needed by your coworkers and will be deleted when you retiree/leave LCC.

I recommend that you do not store documents on your local workstation, thumb drive, or external hard drive.  First, they are not backed-up by ITS backup systems.  Second, they are not accessible remotely.  And finally, if the workstation/drive is lost or stolen, there is a risk of a breach of information.  The solution is to store your information on the networks drives listed above.

Likewise, when traveling with LCC laptops, please ensure the device is encrypted/password protected with Bitlocker Drive Encryption.  When traveling, please power off (not sleep, hibernate, etc.) the laptop, this ensures the encryption cannot be subverted.  And finally, keep the laptop ‘extra’ secure.  For example, you should store it in a locked car trunk, we’ve lost too many laptops that were visible in the back seat of a locked car.

  1. Wireless network options.

If you are bringing your own device (computer, phone, etc.) onto campus, do not connect it to the LCC wired infrastructure with a network cable.  If you need internet service, please connect your device to the correct wireless network:

  • LCCStudent: LCC employees, students, and third parties (contractors, auditors, etc.) who bring their own devices or do not have a computer provided by the college or anyone else who has been assigned an active LCC account should connect to LCCStudent with their LCC credentials.
  • LCCVisitor: This network is designed for those individuals that do not have LCC network credentials, such as those who are just visiting one of LCC’s campuses, those who only need internet access for a limited time period, and anyone who wants to become an LCC student.  It doesn’t require LCC credentials but does require a simple text message to their cell phone for authentication.  As a temporary-use network, it runs substantially slower and require re-authentication every 2 hours.

 

  1. Sending Social Security Number (SSN) and Credit Card Numbers via email.

 

Never send SSN and Credit Card Numbers through email.  First, SSN’s are Personably Identifiable Identifier (PII) and can be used to steal a person’s identity. If stolen, the criminal could make loans, get a driver’s license and file a bogus tax return.  If the identity information is stolen, LCC may be at some fault and need to assist the owner with identity protection—at our expense.  Second, email is unencrypted so anyone with access to any spot on the path can load a free sniffer to capture all of your information…from your home, ISP, commercial data centers, etc.  This means that you should assume your email is being searched and saved by the ‘bad guys.’  It’s the equivalent of entering your SSN or credit card number into an unencrypted/http web site.

There are several solutions to minimize risk of sending SSN’s:  snail mail, hand-delivery, and fax are better options with lower chances of exposure to criminals.  If you must email the information, then you have several options.  First, leave the SSN off the document, and after delivering the document, follow-up with a phone call to pass the SSN to the recipient.  Second, encrypt the email’s info using a free file encryption tool called 7-Zip.  It’s available at: www.7-zip.org.  I can provide instructions if needed.

 

  1. Malvertising – watch where you go on the internet.

Do you think you are a fairly cyber-secure individual?

 

No one expects to get infected with malware when they visit trusted sites like YouTube or eBay – hardly the seedy sides of the Web.  But when you visit those popular Web sites, your device is actually connecting to dozens of other URLs, imperceptibly, as Web browsers accept connections to render pop-ups, video files and even stealthier interactions.

 

Malvertising (derived from “malicious advertising”) is the use of online advertising to spread malware.  It involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.

 

Ad content is pushed to your browser without your intervention—simply visiting the site could allow malware to compromise your computer.  Moreover, trusted web sites sell advertising space on the cheap and bad guys buy ad space, install their malware, and let trusting users pull the content onto their workstations.

 

To prevent malvertising from infecting your computer, you need to deny malware the opportunity to find a flaw. Make sure your Web browsers and browser plugins (such as Java or Adobe Flash), as well as operating systems, are up-to-date so that known flaws are fixed.  Another essential and simple step is to install a solid antivirus program.  Finally, the most proactive defense against malvertising is to use an ad-blocking browser plugin such as Adblock Plus available at adblockplus.org.

 

  1. Password Reuse? Use a password manager.

Do you also re-use your password between your LCC network, bank, home email, credit card, etc.?  Not so great!  Once a hacker gets a hold of one breached account, they run a 5-second script to try your password against on all major banks, credit cards, social media accounts, etc., to see if they can further steal info and your sweet, sweet money.

But how do I remember so many unique passwords?  I recommend a password manager program–then you only have to remember one password (for the program), plus your laptop/phone lock codes, and that’s it!  Yes!  A password manager program is a small application or secure web site that stores all passwords in a single password encrypted file.  I recommend Keepass, a free password manager, available at: http://keepass.info.  And please make your ONE password an annoyingly long series of letters, numbers, and symbols that doesn’t contain any recognized dictionary words.  This will give you the best chance at password security. Unbreakable!

  1. Lock vs Log-Off my computer?

I prefer LCC users to 1) always lock your workstation when the workstation is not visible (e.g. they leave the office) per the AUP, and 2) log-off or shut down your computers at the end of the day.

Logging-off is better than locking a computer because there are some remote negative possibilities such as a locked computer might have open, active connections to both internal and external servers, safe or otherwise (e.g. infected web site), while a logged-off session would not.   Also some applications allow incoming connections so closing them down would be more secure.  Logging off is also preferred because some open processes, programs, etc., may remain running and fail to update.  Likewise, if the workstation is locked, any files you may have opened will be locked, possibly negatively affecting the backup process or use of the file by others.

  1. Don’t’s and Do’s when using Public Wi-Fi.

You probably assume that your coffee shop is responsible for the security of their Wi-Fi. WRONG!  Your coffee shop is merely providing free Wi-Fi to get you into their store and wanting delicious peppermint white chocolate mocha.  Do you think IT Security is someone else’s problem?  WRONG!  It’s your job to protect yourself.

If you find yourself in a coffee shop, or doctor’s office, or wherever wanting to join the free Wi-Fi, I recommend:

  • Assume all Wi-Fi networks are suspicious—check with the receptionist to make sure you chose the wireless network provided by the coffee shop, doctor, etc.
  • Never leave your device unattended—not even for a moment. You may come back and still see your computer where you left it…but a thief may have installed a keylogger into it to capture your keystrokes.
  • Use public Wi-Fi for quick browses only, such as Wiki, Google, etc.
  • Do not e-mail messages of a sensitive or serious nature.
  • Don’t leave on your file sharing. This is how we bust students illegally sharing movies!
  • If you must log into a secure website, make sure it is encrypted (HTTPS) throughout the browsing session (and doesn’t drop back to HTTP).
  • If available, use 2-factor authentication for login/password access to sites with confidential info.

 

  1. Retention schedule.

Do you have tons of stored email or binders and boxes of documents in your office?  Did the person you replace leave you travel receipts from 15 years ago?  As information grows, it reaches a point of saturation where it does not add value to current LCC programs and procedures.  LCC needs to dispose of documents on a regular basis to control the amount of information we retain.  An organized information structure decreases the attack surface for criminals looking to get their hands on LCC information.

The approved records retention and disposal schedule, titled General Schedule #1 for Faculty Records, covers the records created and retained by most of Lansing Community College’s faculty members and deals with syllabi, grade books, quizzes/test, etc.  All other records are or will be covered by divisional Retention and Disposal Schedules.  Please ask your division operations support personnel to get a copy of your record retention schedule, and clean out your office!

In closing, security touches every aspect of everyone’s roles at LCC and just like LCC’s Men’s Basketball Team, we are only as strong as our weakest link.   I would love to discuss your ideas on cyber security, or if you have any questions on the information I provided, please contact me at:  Mr Paul H. Schwartz, Director of Information Security, Lansing Community College, 400 North Capitol Avenue, Lansing, Michigan 48933, 5174835264, schwarp1@lcc.edu.

Therapeutic Massage Clinic – Open to the Public

LCC’s Therapeutic Massage Program located at the Downtown campus is currently seeking clients for the Therapeutic Massage Clinic. Appointments for relaxation and clinical massages are available Wednesday’s through December 9th at 6pm and 7:30pm. One-hour, full body massage is $25. Gift certificates are available. Visit lcc.edu/massage or call (517) 483-1451 for more information and to make an appointment.  

9/18 Gannon Commons *CLOSED*

The Gannon Commons food vendors and seating areas will be closed on Friday, September 18. Alternative seating, coffee, and snacks will be available in the Gannon 3rd floor lobby. Food vendors and seating areas will resume normal hours on Monday, September 21. We apologize for the inconvenience.