Below you will find answers to questions recently posed about the College’s computer security concerns.

 

 

Is my student information and student health information safe? Is my employee information safe?

Currently there is no evidence that any of the College’s main servers and databases held in trust by the College have been compromised. Our security consultants are still conducting their analysis but it appears at this time that the viruses focused on information taken off individual workstations and computer servers for student labs. Confidential student and employee information is held in trust and stored on District servers. Our network security consultants are continuing their analysis of the servers and we will communicate the results of this work as soon as it is available. We expect to be able to make more definitive statements about student and employee data early next week.

 

Can I use the computers in the computer lab?

Yes. Computer labs can be used for school work and research. Remember, hackers are interested in getting information that can be used to steal your identity. Do not use any district computer if you need to input your social security number, driver’s license, medical record number, credit card number, bank account number, etc. for the website. We recommend that you do not access sites that require PINs and passwords.

 

Can I use my personal USB flash drive to save my homework?

If you only use your USB on one computer there’s no problem but it’s a good idea to run an antivirus scan on it periodically.  If you use your USB flash drive in more than one computer, we recommend you run an antivirus scan over it each time it is utilized in another system or computer.

 

How can I protect my home computer?

  1. First, you should make sure that your home computer’s operating system has all patches and updates installed.
    1. You can go to your computer manufacturer’s or operating system’s web page to obtain the latest updates. It’s a good idea to have your computer set for automatic updates so your system is always up-to-date on all security patches.
  2. Next, you should put antivirus software on your computer. There are many free antivirus programs on the web and now even free cloud-based antivirus programs are available.
    1. Set the antivirus to run each time your computer is turned on and set it to run in the background while the computer is operational.
    2. When you connect an external memory source to it, e.g. USB flash drive or external hard drive, you should first have the antivirus program scan it before you transfer any files. 
  3. Once you are assured your data is clean back it up to an external memory source such as a flash drive or external hard drive.
  4. Taking these few steps can help to protect your data.

 

Can I use my computer on the CCSF Wi-Fi?

Yes, if your wireless computer has a current antivirus program. It can also be used to connect directly to the internet. You should routinely change passwords on all your internet accounts. Additionally, all the guidelines and practices previously recommended in this document should be applied when connected to the CCSF Wi-Fi.

 

Can I use my smart phone on the CCSF Wi-Fi?

There are many free applications on the market today that can be downloaded onto your smart phone to protect it from viruses. As like any other antivirus, you should check for updates or set your phone for automatic updates, if this feature is available.

 

What can I do to protect my identity?

There are some very fundamental actions that you can take in order to protect yourself and your information.

 

  1. First, do not conduct any personal banking business on CCSF computers.
  2. Using an external computer change passwords to any accounts you may have accessed using CCSF computers.
    1. It’s also a good idea to change passwords on your computers and other password protected accounts on a routine basis. Microsoft.com recommends every six (6) months.
    2. Passwords and pass-phrases should contain capital and lower cased letters, numbers and special characters. See the IT department’s information on passwords for more information.
    3. It is also recommended by Micrsoft.com that passwords with 14 characters or longer are preferred.
  1. Be alert. If you have ever used CCSF computers to conduct any financial transactions, then you need to keep an eye on your credit card bills for fraudulent charges. The Federal Trade Commission has suggestions about actions to be taken if you suspect your identify has been stolen. Go to the Federal Trade Commission’s web site http://www.ftc.gov/bcp/edu/pubs/consumer/idtheft/idt07.shtm  for more information.
  2. It is an IT best practice never to use the same password for your different accounts, including ATM cards, credit cards and online access. Also, avoid using family or pet names and birthdates, because these are the easiest passwords for thieves to guess.

 

What is the Technology Department doing to fix this?

There are several things that the Technology Department is doing to resolve this issue quickly.

1.     Our security consultants are conducting a comprehensive analysis of the issue.

2.     We are currently monitoring outbound connections for malicious traffic, and the necessary steps will be taken to address the issues detected. 

3.     We are stopping the flow of virus-generated data out of the network. We are working with our security consultants to design and implement this fix very quickly.

4.     We upgraded our antivirus software.

5.     We are reconfiguring our firewalls for added protection.

6.     Server operating systems are being verified and updated.

 

How long do I need to follow these procedures?

It is always a good idea to follow good cyber security procedures any time. There will be additional announcements when the investigation has been completed. The technology team is working to contain the issue as quickly as possible.