LCTC Tech Academy - Digital Security and Protection

Digital Security & Safety Basics

Best practices for passwords

DO NOT choose a password that is too simple (e.g. "password" or "123456")
DO choose a password that you can remember but that people who know a little about you wouldn't be able to guess
DO choose a password that:
- - is at least 8 characters long
  - uses a mixture of:
    - - letters (uppercase and lowercase)
      - numbers
      - special characters ( ! @ # & * etc.)
DO consider "hashing" your password (i.e. replace the letter "a" with "@" or the letter "s" with "$")
DO NOT use the same password for all your online accounts. Consider using a small group of different passwords. If someone were to crack a single password that you use for all accounts, then they would be able to access your entire online presence.
DO change your password(s), at a minimum, once a year. Even better, change your password(s) every 3–6 months.
DO consider using a password manager (like LastPass or KeePass, for example) to securely remember your passwords or generate random passwords.

2-factor authentication

Many online services offer 2-factor authentication, which is an enhanced method of verifying your identity. The most common form of 2-factor authentication involves sending a verification code to your personal phone after you enter your password. You must then enter this verification code online before you are granted access.

Limit your public identity

Many online services offer password retrieval or reset functionality. After verifying your identity through answering a series of questions about you (e.g. "What model was your first car?" or "What is your pet's name?" or "What city were you born in?"), these services will reset or retrieve your password. But if the answers to any of these questions are publicly available through social media, a malicious user could easily answer any of them and gain access to your online account(s). Be careful who you share this information with on social media.

Keep a watchful eye on your email

Cyberattacks through email are one of the most common threats we face on a daily basis. For more information on email safety, visit the Email Safety page.

Vishing

Vishing (voice phishing) is a tactic similar to email phishing, in which a malicious user attempts to trick you into providing confidential or private information over the phone. Never provide a password over the phone to anyone.

Spoofing

Spoofing refers to an attempt to disguise a web address or link to a malicious website with an address or link that looks safe. There are a couple methods of verifying the authenticity of a link:

- - Hover your cursor over the link (but don't click it!) The web address should appear next to or below your cursor or at the bottom of your web browser. If the address looks suspicious, don't go there.
  - Right-click a link and copy the link ("copy link address" in Chrome). Then open a new browser tab, right-click and paste in the address bar, but don't press Enter. If the address looks suspicious, don't go there.

Try both methods with this link: www.google.com. Where will this link take you?

Web browser extensions

Extensions or add-ons are useful "mini-apps" that can be installed in your web browser. However, be careful when installing any extensions that offer to save passwords or enhance your web searches. It is common for these kinds of extensions to secretly steal your passwords or web browsing habits.

Secure websites

Never input private or confidential information in an non-secure website. To check whether a website is secure, look for a padlock icon next to the web address or look for "https://" in front of the address. An address starting with "https://" is secure and your connection to the website is encrypted. An address starting with "http://" is not. In the current version of Chrome browser (v67 or newer), secure and non-secure websites will be clearly marked.

Mobile devices

You are strongly encouraged to lock your mobile device with a passcode, fingerprint, or similar protection, especially if you have any private or confidential information stored on it. If you have access to your Tech Campus email or any other Tech Campus information on your personal device, you must secure it. If your device is lost, misplaced, or stolen, the security of all information on it, whether it be your private information or any Tech Campus information, is at risk.

Additionally, only install apps from trusted sources. No mobile device is 100-percent safe from malware.

Wi-Fi safety

Be especially careful when accessing public or open Wi-Fi networks that don't require a password, such as those in stores, coffee shops, restaurants, hotels, malls, etc. You never know who else might be on the same network or who may be watching you. Do not access confidential student or Tech Campus information while on an open Wi-Fi network.

Protect your home devices

If you access any Tech Campus information from your home computers, ensure you have adequate anti-virus and/or anti-malware software installed. There are many free and paid options available. Your internet service provider or bank may also provide this kind of software for free or at a reduced price.

Keep your operating system (Windows or Mac) up to date. Microsoft regularly updates and patches Windows to address vulnerabilities. Keep your web browser updated as well.

Unauthorized access

Do not grant any unauthorized person access to your personal or school computer under any circumstances, whether in person or remotely. If someone other than you is accessing your computer (e.g. if the Technology Department is addressing an issue with your computer), close any private or confidential information (Outlook, PowerSchool, Skyward, etc.)

If you are not at your desk or using your computer, lock your computer by pressing [Windows key]+L or sign out.

Worst-case scenario

If you suspect the security of your Tech Campus accounts has been compromised in any way, please alert the Technology Department immediately. Call ext 7900. Do not open a Help Desk ticket. Be prepared to explain the situation and the series of events that led to the suspected security breach. Also be prepared to change your password(s) and/or temporarily lose access to your accounts as the suspected breach is investigated.

Report abuse