Apply for
Spring
2018
Logo for Print

Sierra College Cyber Security

  • Share
    • Email

Beware if you see this email!

Screenshot of scam

Our Sierra College security systems have detected 46 Ransomware attempts on our District computers over the past 90 days (as of Jan 2017).

Ransomware is a serious security matter that encrypts data and makes your computer data inaccessible. Please be vigilant in preventing ransomware from impacting our District systems. Typically these present themselves to you in the form of an email scam or malicious web site.

How to prevent ransomware:

  • Do not respond to phishing emails or click on embedded links within those emails
  • Do not browse suspect sites and/or click on advertising links
  • If you believe you have been a victim of computer virus, malware, or Ransomware attack on your work computer immediately contact the IIT help Desk at 916-660-7777 (x7777).

What a Ransomware attack looks like: http://www.csoonline.com/video/72555/what-a-locky-ransomware-attack-looks-like

Official information from Sierra College IIT will come from: sierra-college-iit@sierracollege.edu.

Sierra College Staff only:

To assure your District data is properly backed up always save it on a District network file share (N: drive, S: drive, or Department share). Note: Your computer’s C: drive is not regularly backed up by IIT!

Other Security Issues

Email Phishing Scams

Please protect yourself and our network users against email phishing scams. Phishing scams are more prevalent during the holiday season. Typically, they entice individuals to take action in one of the following ways: (a) click on an embedded link that installs malicious software on your computer, (b) get you to respond with personal information or financial support, (c) sends you to a website where you provide personal information or financial support, or (d) get you to spam others with ill-intended emails.

When you look at a message in your mailbox, take a moment and follow these helpful security tips:

  • Understand who it is from
    • Look at the "From" address. If it looks suspicious, DO NOT respond to it.
  • Review any embedded links in the message
    • Hover over the link to view the address. If the address appears suspicious, DO NOT click on the link.
  • Use caution and be suspicious when you notice:
    • Misspelled words
    • Bad grammar
    • A sense of urgency for your response
    • You won the lottery
    • It is an unexpected email

screenshot of scam email

It is also important to ensure your computer has the current security patches and your antivirus software has the latest updates.

Always, report suspicious emails to your supervisor and the IIT Help Desk at helpdesk@sierracollege.edu.

Security Awareness Training Videos

To log in to the site the URL is: https://vle.securingthehuman.org/auth/login.php. Anyone with a California Community College email address can sign up for a free account at http://cccsecuritycenter.org/2-uncategorised/21-security-awarness-training-signup.

The following website also provides free IT security training:

https://www.cybrary.it/

Security Corner

Is your Android Device Secure?

Google has patched a severe Android vulnerability that researchers at IBM said impacts more than 55 percent of devices. As with most Android vulnerabilities, users are reliant on handset makers and carriers to push patches downstream to devices, something they’ve not always been diligent about.

IBM characterizes the vulnerability as a serialization flaw that if exploited allows an attacker complete control over an Android device. The most serious of the vulnerabilities disclosed today at USENIX by researchers Or Peles and Roee Hay affect versions 4.3 to 5.1, Jelly Bean through Lollipop, as well as Android M Preview 1 currently in beta. Make sure you keep your Android devices updated!

See more at: https://threatpost.com/patched-android-serialization-vulnerability-affects-55-percent-of-devices/114213#sthash.V7obrKl6.dpuf

How To Avoid CryptoLocker Ransomware

screenshotOver the past several weeks, a handful of frantic Microsoft Windows users have asked how to recover from PC infections from “CryptoLocker,”  the generic name for an increasingly prevalent and nasty strain of malicious software that encrypts your files until you pay a ransom.  For years, security experts have emphasized the importance of backing up one’s files as a hedge against disaster in the wake of a malware infestation. Unfortunately, if your backup drives are connected physically (USB for example), or via the local network to the PC that gets infected with CryptoLocker, your backups may also become  encrypted as well.

Computers infected with CryptoLocker may initially show no outward signs of infection; this is because it often takes many hours for the malware to encrypt all of the files on the victim’s PC and attached or networked drives. When that process is complete, however, the malware will display a pop-up message similar to the one pictured above, complete with a countdown timer that gives victims a short window of time in which to decide whether to pay the ransom or lose access to the files forever.  Windows users should check out CryptoPrevent, a tiny utility from John Nicholas Shaw, CEO and developer of Foolish IT, a computer consultancy based in Outer Banks, N.C.  Another option might be cloud data storage systems such as the new Microsoft Office One-Drive, since it is not connected and susceptible like a network shared drive or USB drive.

Sierra College and the Center of Academic Excellence 2-Year Award (CAE/2Y)

This institutional award is established by the National Security Agency (NSA) and the Department of Homeland Security (DHS), with the support of the National Science Foundation (NSF) and CyberWatch. Community colleges that have established a robust information assurance program, and have successfully mapped their security courses to two of the Committee on National Security Systems training standards, CNSS 4011 and one other, are now eligible to apply for the coveted status of CAE/2Y. (reference)

Sierra Community College CyberSecurity Center

Director: Steven Linthicum, slinthicum@sierracollege.edu

The goal of the CAE/2Y (Two-Year) Education program is to proactively increase our understanding of robust Information Assurance (IA) and Cyber Defense (CD) technology, policy and practices that will enable our Nation to effectively prevent and respond to a catastrophic cyber event. This program will contribute significantly to the advancement of state-of-the-art IA/CD knowledge and practice. More information to come soon!

Center of Academic Excellence in Cyber Defense

CIAS Home - College of Engineering & Computer Science at Sacramento State University

Security Committee

The mission of the Sierra College Security Committee is to establish and maintain an information security program for Sierra Community College. The program core initiatives are to:

  • Assess our security posture annually through self-assessment using industry standard best practices such as ISO 270001 and NIST
  • End-User Awareness Program designed to educate students, faculty, and staff to proactively avoid security breaches.
  • Review and Update District Security Standards and Procedures
  • Implement and Practice Security Incident Response
Latest Update
Featured Video