Cybersecurity, or information security, is a risk management discipline addressing the preservation of information confidentiality, integrity, and availability. Cybersecurity protects networks, devices, and data from unauthorized access or criminal use.

The Information Security Program at Georgia Highlands College is established by a hierarchical set of policies, standards, and procedures that help our users define and mitigate data risks, maintaining a trade-off between information value and the cost of risk mitigation. Our goals include:

• Providing policies and standards that promote an enterprise cybersecurity environment.
• Improving cybersecurity by establishing an effective safeguards program on information systems, with the focus on proactive threat detection.
• Promoting the importance of cybersecurity awareness, training, and education.
• Informing college leadership and the University System of Georgia of the state of cybersecurity maturity across the institution.

Georgia Highlands College recognizes that our data and information systems are critical organizational assets. Simply put, the college cannot function without these resources. Cybersecurity incidents often result in service outages, equipment damage, cause reputational damage to the institution, and expose our users to an increased risk of identity theft.

Our cybersecurity policies are available online.

• Use a strong, unique password for your online accounts and do not share passwords with anyone. Enable multi-factor authentication on your online accounts whenever possible.
• Keep your devices up to date with the latest software and security fixes.
• Do not use your GHC email address to create accounts on websites or services that are unrelated to your job responsibilities (if you’re an employee) or classes (if you’re a student).
• Be cautious with all forms of electronic communications; think before you click. Use common sense when communicating with individuals you know and individuals that claim to know you. Do not click on unsolicited links in messages and never attempt to open unsolicited attachments.
• Don’t reveal too much information about yourself on social media. Depending on the information you reveal, you could become the target of identity theft or other criminal activity.

Phishing is the practice of sending email that purports to be from a reputable person or company in order to trick someone into revealing confidential information, installing malicious software on their device, or making a fraudulent payment. It is important to remember that phishing is not the same thing as spam. Spam is simply unsolicited (junk) email that may be a nuisance but does not constitute a threat to you or your data. Phishing is a form of social engineering that is inherently fraudulent and malicious. You can protect yourself from phishing by staying alert for the following warning signs:

• The message contains unsolicited attachments or file sharing links without an explanation for why you’ve received them.
• The from address doesn’t look genuine, doesn’t match the purported sender, or seems unusual.
• The email asks you to confirm some sort of personal information.
• The message is overly vague, poorly written, or contains grammatical errors or some other awkward/unnatural use of language.
• The message attempts to create a sense of urgency by claiming you’ve made a serious error, such as forgetting to pay a bill.

You can read more about phishing scams here: US Federal Trade Commission (FTC) | How to Recognize and Avoid Phishing Scams

How good are you at spotting a phishing message? This interactive quiz is a great way to put your skills to the test: Phishing Quiz – With Google

A cybersecurity incident is an occurrence that (1) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (2) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. (NIST Privacy Framework Version 1.0)

Examples of cybersecurity incidents include:

• A phishing campaign targeted at GHC employees leads to account compromises and a data breach due to the exposure of sensitive or federally protected data.
• One or more students attempt to open a phishing email attachment in GHC classrooms and labs, which exposes those devices to ransomware, a particularly disruptive and damaging form of malicious software.
• A student uses software to perform reconnaissance on the institution’s network and systems to obtain employee credentials and change their grades in official class records.

Contact us by emailing abuse@highlands.edu if you receive a strange email message notice anything unusual on a GHC website. Please provide as much detail as possible in your email. Screenshots are recommended for error messages or other activity that appears unusual.

Faculty/Staff: If you notice any unusual activity on your GHC laptop or workstation, immediately remove any network cables and adapters, disconnect it from Wi-Fi, contact IT by emailing abuse@highlands.edu and take notes until someone from our team arrives. DO NOT reboot or turn off your device. Doing so may destroy important forensic data.

GHC students and employees can use OneDrive for Business to create a secure sharing link for a file. Please refer to the following guide for step-by-step instructions.

The following GHC cybersecurity presentations contain information and resources that faculty, staff, and students can use to take charge of cybersecurity on and off campus:

• Email Safety and Phishing
• Cybersecurity @ Home

Other cybersecurity newsletters, publications, and guides:

• Consumer Reports | Guide to Digital Security and Privacy
• Electronic Frontier Foundation (EFF) | Tool Guides