Security Awareness Program
A Security Awareness Program is a structured initiative aimed at educating and training individuals within organizations and educational institutions on how to protect themselves and their institutions from security threats like cyberattacks, data breaches, and insider threats. The primary goal is to foster a culture of security awareness, ensuring that staff, faculty, and students understand the importance of safeguarding sensitive information and adhering to best practices to minimize risks.
Dos and Don’ts for Email Security
Dos
- Use strong, unique passwords- Avoid using easily guessable information like birthdays or pet names. Consider using a password manager to generate and store complex passwords.
- Enable two-factor authentication (2FA)- This adds an extra layer of security by requiring a code sent to your phone or another device to log in.
- Be cautious of attachments and links- Avoid opening attachments or clicking links from unknown or suspicious senders. If you must open an attachment, scan it with antivirus software first.
- Verify sender addresses- Hover over the sender's name to check the actual email address. If it doesn't match the expected address, be cautious.
- Report phishing attempts- If you receive a suspicious email, report it to your email provider or the relevant authorities.
- Keep your software updated- Ensure your email client, operating system, and antivirus software are up-to-date with the latest security patches.
- Use a reputable email provider- Choose a provider with strong security measures and a good reputation for protecting user data.
- Educate yourself- Stay informed about the latest email scams and security threats.
Don'ts:
- Reply to unsolicited emails- Avoid responding to emails from unknown or suspicious senders.
- Share personal information- Never share sensitive information like credit card numbers or passwords in emails.
- Open attachments from unknown senders- Only open attachments from trusted sources and scan them before opening.
- Click on links in suspicious emails- Avoid clicking on links in emails from unknown or suspicious senders.
- Ignore security warnings- If your email client or antivirus software issues a warning, take it seriously and investigate the issue.
- Reuse passwords- Use unique passwords for each online account.
Phishing: Recognize and Report
Phishing is a type of email scam where the attacker sends emails that impersonate a company (often financial), a service desk, an employer, or someone that you already know and trust. The goal is to:
- steal personal information by tricking you into entering your username, password, PIN, or other sensitive information.
- Install malware or viruses on your computer that can record keystrokes, capture saved or stored information, or destroy files.
For example, Dine students, faculty, and staff may receive emails that appear to come from trusted sources like “IT Help Desk,” “MyDCPortal,” with a link to a website where you are asked to enter your username and password to “verify your account” (see “How to spot a fake login page,” below.)
How to Handle a Phishing Message:
- Identify the email as suspicious.
Phishing messages usually have one or more of the following:- Spelling or grammatical errors. These should be immediate red flags.
- Heightened urgency. Phishing attempts often try to get you to respond before you can think.
- Generic signatures. A signature line with “IT Help Desk” rather than a College’s official whose name you can verify.
- A request for personal information from contacts you did not initiate.
- If you think it’s suspicious, report it:
- Report the email to phishing@dinecollege.edu with full headers (see “How to report a suspicious email to phishing@dinecollege.edu,” below) so the Dine Cybersecurity team can investigate.
- Dine Users: If the suspicious email was sent to @dinecollege.edu email address, please send the phishing attempt with full headers to phishing@dinecollege.edu
If in doubt, contact the 928-724-6675.
- If you have already clicked on a phishing link or have entered your information on a suspicious site:
- Change your password at MyDCPortal immediately.
- Contact the IT Help Desk at 928-724-6675.
How to report a suspicious email to phishing@dinecollege.edu
1. Double-click on the message you want to forward.
2. Click on the Message Tab, and find the Respond section.
3. Expand the More Respond Actions drop-down menu, and click Forward as Attachment.
4. Send the message (with attachment) to phishing@dinecollege.edu.
1. Click the New Message Button.
2. Drag the email you want to forward into the body of the blank message (this message will be added as an attachment).
3. Send the message (with attachment) to phishing@dinecollege.edu.
How to spot a fake login page
- The genuine MyDCPortal page has a URL that begins with https://dinportal.jenzabarcloud.com/ICS (or the Desktop symbol/icon followed by dinecollege.edu/information-technology-services/).
- Clicking on login will redirect you to the following: https://id.quicklaunch.io/authentica…
- You’ll see the Second window which includes all the required information.
If you think you have clicked a phishing link or have accidentally entered your login information on a suspicious site, please change your password immediately, then contact the IT Help Desk at 928-724-6675.
For additional information on how to recognize and protect yourself from phishing attacks, please visit:
MyDCPortal
Forgot Password Procedures
Password >
Forgot Username Procedures
Password >
How to Setup MFA
Password >
My Diné College
Explore >
- First Window
- Second Window
