Computing Services FAQ’s

Malware is malicious software designed to infiltrate or cause damage without the user’s knowledge or permission.  Viruses, worm, trains, ransomware, and spyware are all considered malware.

Spammers, Spoofers, Phishers, and hackers will try any method possible to entice you to open an attachment or click a link.  The most common trick is to pretend the email is from someone you know.

Email attachments and links are popular methods for installing malware on computers.  Take the time to understand what to do when you get an email that has an attachment or link.

Attachments can be one of two things:

• The actual file or document designated in the email
• A copy of the expected attachment that malware embedded in it.

Links are underlined phrases in email message that simplify going to a specified website.  Clicking on a link can cause one of three things to happen:

• The link opens the correct webpage referred to in the email
• The link activates a malware program embedded in the email message.
• The link is spoofed and opens a webpage similar to the correct page, but with malware embedded in it.

Once installed, malware will immediately send an email message with the same infected attachment to all the email addresses listed on the newly-infected computer.  Those recipients will more than likely open the email attachments as well since they think you are the one sending it.   This can quickly overrun every computer on the network.

Here are a few suggestions on how to be a super sleuth if you receive a suspicious email:

• If there are numerous typos, delete the email
• If you know the senders address and you know the extension is not correct, delete the email
• Make sure the link makes sense and isn’t misspelled
• Copy and paste the link address into a web browser instead of clicking it, or don’t use the link and go to the website on your own accord (preferred method)
• Potentially dangerous executable attachments including but not limited to (.ade, .adp, .bas, .bat, .chm, .cmd, .com, .cpl, .crt, .exe, .hlp, .hta, .inf, .ins, .isp, .js, .jse, .mdb, .mde, .msc, .msi, .msp, .mst, .pcd, .pif, .reg, .scr, .sct, .shb, .shs, .vb, .vbe, .vbs, .wsc, .wsf, and .wsh) and encrypted ZIP attachments containing such files will be rejected. All other attachments passing virus scanning will be delivered normally.

No legit business will request login names and passwords.  Never provide this information.

When in doubt contact the sender and confirm they sent the email.  If their computer is infected, there’s a good chance they have no clue the email was sent by them.

Keeping passwords private, secure, and unbreakable is the most important step you can take for safer computing.  The next important step is remembering passwords because almost everything you do on a computer requires a password, and every site has a different password combination requirement.

The password struggle is real for all of us.  Seems every day a new password is required or needs to be changed.  You need to simplify your password library so it’s manageable.  Listed below are some helpful suggestions on password maintenance.

• The 8/4 rule: minimum 8 characters and include each of the 4:
  • UPPER case
  • Lower case
  • Symbols
  • Numbers
• Use passphrases versus one word. Create a few different phrases to use and be sure they are ones that make you smile every time you type them
• Develop a personal password formula and system for changing and remembering your passwords
• Create a few passwords and categorize use by most secure to least secure depending on the site
• If your password is compromised and that password is used for other accounts that store sensitive data, you should immediately change the password.

Poor, weak passwords have the following characteristics:

• The password contains less than eight characters and no more than 20 characters
• The password is a word found in a dictionary (English or foreign)
• The password is a common usage word such as:
  • Names of family, pets, friends, co-workers, fantasy characters, etc…
  • Computer terms and names, commands, sites, companies, hardware, software
  • The words “Western Nevada College”, “Carson”, “WNC” or any derivation
  • Birthdays and other personal information such as addresses and phone numbers
  • Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc…
  • Any of the above spelled backwards
  • Any of the above preceded or followed by a digit (e.g., secret1, 1secret).

Strong passwords have the following characteristics:

• Contain both upper and lower case characters (e.g., a-z, A-Z)
• Have digits and punctuation characters as well as letters e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:”;'<>?,./)
• Are at least eight alphanumeric characters long. The strongest is a passphrase (Ohmy1stubbedmyt0e)
• Are not words in any language, slang, dialect, jargon, etc…
• Are not based on personal information, names of family, etc.

 

Passwords should never be written down or stored on-line. Try to create passwords that can be easily remembered. One way to do this is create a password based on a song title, affirmation, or other phrase. For example, the phrase might be: “This May Be One Way To Remember” and the password could be: “TmB1w2R!” or “Tmb1W>r~” or some other variation.
NOTE: Do not use either of these examples as passwords.

• Do not reveal a password over the phone to ANYONE
• Do not reveal a password in an email message
• Do not reveal a password to your supervisor
• Do not talk about a password in front of others
• Do not hint at the format of a password (e.g., “my family name”)
• Do not reveal a password on questionnaires or security forms
• Do not share a password with family members
• Do not reveal a password to co-workers while on vacation
• Do not use the “Remember Password” feature of applications (e.g., Internet Explorer, Firefox, etc…).  Consider having to remember your password a good memory test!
• Do not write passwords down or store them anywhere in your office. Do not store passwords in a file on ANY computer system without encryption.
• If someone demands a password, refer them to this document or have them call the Computing Services.
• Change passwords at least once every six (6) months.
• When changing a password, do not use a password you have used for that system within the last year.
• If an account or password is suspected to have been compromised, report the incident to Computing Services and change all passwords.

If the problem stops an employee from doing their assigned duties call 775-445-4290. If the problem isn’t causing the work flow to stop then submit a Computing Services work order for assistance.

Workloads vary for Technicians depending on the time of year. Technicians have expertise in certain areas of IT. For the overall efficiency of the department the IT Supervisor will dispatch the Technician that can resolve the issue promptly.

Leaving messages and/or calling every Technician when needing assistance creates a bottleneck in customer service for the Technicians. We can’t provide great customer service when employees leave messages for assistance when the Technician is out sick/annual. Time is wasted by Technicians when they return calls after being absent because most issues have been resolved. Calling every Technician when needing assistance causes workflow to stop while all of them are responding to one employees call.

For overall efficiency and prompt service call 775-445-4290 when you have a break/fix issue that stops you from doing assigned duties.

Supervisor or Departmental Assistant will submit an electronic incoming employee located here:  https://intranet.wnc.edu/forms/hr/incoming/.  This information generates a work request within Computing Services that will begin the processing for:

• A workstation with printing capabilities if needed
• A WNCAnywhere network account with the exception of faculty. Faculty accounts are automatically created and login information sent to Departmental Assistants or Supervisors.
• A WNC Gmail account if requested
• Access to shared data folders if requested
• Faculty/staff assignment to college email groups

• An email account is created after the employee contract is processed in the HR system, or volunteer paperwork has been processed. All requests for email accounts must be submitted in a Computing Services work order by the new employees Supervisor or Department Assistant.
• WNCAnywhere accounts for Staff are created after the employee contract is processed in the HR system. All requests for WNCAnywhere accounts must be submitted in a Computing Services work order by the new employees Supervisor or Department Assistant.
• New faculty WNCAnywhere accounts are automatically generated when faculty are linked to their course in the system. The login information is sent to the Department Assistant when the account is created.

Wireless, library database, computer login, WestNet, and myWNC.  Gmail accounts are not linked to the WNCAnywhere account so the password may or may not be the same depending on what the employee chooses.

New employees receive temporary WNCAnywhere login information.  To complete the setup of the account, click the WNCAnywhere button and complete account setup on the WNC Anywhere Login page. If new employees cannot complete the account setup call 445-4290 or email WNC.IT.Personnel@wnc.edu for assistance.

Complete a password reset.

The Department Assistant or Supervisor will need to request the WNCAnywhere password reset for the employee through Computing Services.  After the WNCAnywhere account has been updated the employee needs to login to myWNC to update their preferred email address.

Department Assistants or Supervisors can call 4290 or email WNC.IT.Personnel@wnc.edu to request a reset for their employees.  Computing Services will not provide password information over the telephone.

Gmail will only keep the attachment in the primary thread of an email.  In order to keep an attachment in an email you must forward, not reply.

Existing or new Supervisor or Departmental Assistant submits an electronic outgoing employee form located here:  https://intranet.wnc.edu/forms/hr/outgoing/.  This form will generate a work request within Computing Services that will begin the process for:

• Account adjustments if necessary.
• Equipment ownership transfers and setup if necessary.

Supervisor or Departmental Assistant submits an electronic outgoing employee form located here:  https://intranet.wnc.edu/forms/hr/outgoing/.  This form will generate a work request within Computing Services that will begin the process for:

• Account deletion for all systems. If Emeritus status is granted, an email will be sent to the employee regarding keeping college email and WNCAnywhere account.
• If employee has assigned equipment, the equipment will be picked up by Computing Services. College portable devices must be returned to Department Assistant or Supervisor upon termination.

The employee that is requesting access for the guest account(s) must submit a wireless guest account form attached to a Computing Services work order at least one week in advance of date(s) access is needed.

Supervisors can request an account for permanent full or part time employees.  Faculty report issues to Departmental Assistants who create the work orders on their behalf.  All other employees must have Departmental Supervisors or Assistants submit work orders on their behalf.

Employee and students can use the wireless network for portable devices. Personal equipment cannot be used on the college network.  The threat posed by machines not updated with protective anti-virus software may affect other users of the network and our network security of data, etc.  Therefore, employees are not allowed to plug in personal equipment to any network drop at WNC.

WNC is not licensed to install personal software not belonging to the college on employee machines.  College-owned software is not licensed for home use unless it is installed on a machine owned by WNC, typically a laptop.

Does WNC have discounted software offers for students and staff?

• Employees that have a WNC email address are eligible for a Microsoft Office home use discount. Email IT.Personnel@wnc.edu for details
• Students can contact the UNR Bookstore to check on software discounts.

WNC is contracted with Encompass for service and repair of most black and white laser printers.  If there is an Encompass sticker on the printer, then toner replacements and service calls for black and white printers are free of charge.  There are 800 numbers on the stickers to call for toner replacements and servicing.  Encompass will provide discount pricing toner and service/repair for color laser jet printers.

bcc: all.college@wnc.edu. Do not put he address in the “To:” field. When replying to an all college email be sure to select “Reply” versus “Reply to all”.

WNC supports and has established standards for HP and Apple computers, laptops, and printer products.  Exceptions must be approved by Computing Services prior to purchase.

The Request and Justification for Printer Purchase form must be completed and approved.  The form is located on the Computing Services intranet site.  If approved the Department Assistant or Supervisor submits a Computing Services work order for a quote.  The completed approval form needs to be attached to the work order.  Computing Services will provide a quote and complete the install.

Computing Services maintains a supply of computers for the college community.  Department Assistants or Supervisors can submit a Computing Services work order to request an evaluation of a workstation.  If the Computing Service Technician deems an upgrade is necessary, a computer upgrade will be granted.  If the Technician recommends hardware upgrades versus a new computer, then quotes will be provided for hardware.

The Department Assistant or Supervisor can submit a work order to request a quote.  All equipment is standardized for purchasing.  Exceptions can be requested, however, Computing Services has the final approval for all laptop purchases.

Computing Services has a surplus of 17” monitors.  If the request is for a larger monitor the requestor must purchase the monitor.  The Department Assistant or Supervisor can submit a work order to request a quote or a surplus monitor.

Quotes are good for 30 days. A new quote must be requested if expired.

• Software cannot but purchased with a credit card. Exceptions must be pre-approved by Computing Services prior to purchase.
• If hardware purchase is under $100 (mouse, keyboard, webcam) then a credit card can be used. All purchases over $100 and all printer purchases require a purchase order.  Exceptions must be pre-approved by Computing Services prior to purchase.

Good news! Microsoft has recently made changes to the Home Use Program (HUP) benefit that you should know about:

1. Ability to purchase both versions of Office:
   WNC employees are eligible to buy Office for their personal devices through the HUP benefit. Employees will be allowed to purchase 1 copy of Office Professional Plus 2016 AND 1 copy of Office Home and Business 2016 for Mac. Previously, employees could purchase only one version of Office when using the HUP benefit, and can now purchase both.
2. Change to Employee Authentication and Program Codes:
   By default, employees are no longer required to enter a program code to validate their eligibility. Microsoft will only require college email validation for access to the HUP site.

HUP Program Updates Frequently Asked Questions (FAQ):

• Does this qualify for employees that already purchased 1 version of HUP?
  Yes. Employees that have already purchased one copy of either product will still be eligible to purchase a copy of other the product.
• What is the price for each product?
  Office can be purchased for PCs and Mac for the price of 9.95 USD each.
• Where do employees find the Microsoft Home Use Program offer to purchase Office?
  https://www.microsofthup.com/hupus/home.aspx?culture=en-US
• Are all employees eligible for the home use offer?
  The Home Use Program is available to WNC employees that have a WNC email account. Employees are eligible to purchase these Office applications for use on a personal device during the term of their employment. This offer expires upon termination of employment with the covered organization.

• Do not use personal information
• Do not use common phrases or words
• Change password regularly
• Combine letters, numbers, special characters
• Do not write down your password, memorize it

• Do not access the web by selecting links in e‐mails or pop‐up messages
• Contact the organization using a telephone number
• Delete the e‐mail
• View all e‐mail in the plain text
• Type the web address or use bookmark
• Never give out your password
• Never reveal any personal information in an e‐mail

• Never give out your password
• IT will never ask for your password
• Never reveal any personal information in an e‐mail
• Look for digital signatures
• Never give out your password; IT will never ask for your password
• Never reveal any personal information in an e‐mail

• Use online sites to confirm or expose potential e‐mail hoaxes
• Do not forward e‐mail hoaxes

• View e‐mail in plain text
• Disable preview panes in Outlook
• Use caution when opening e‐mail
• Scan all attachments
• Delete e‐mail from senders you do not know
• Turn off automatic downloading

• E‐mail must not:
• Adversely affect performance
• Reflect poorly on the Government
• Do not use e‐mail to:
• Sell anything
• Send chain letters
• Send offensive letters
• Do not send:
• Mass e‐mails
• Jokes or Pictures
• Inspirational stories
• Avoid using Reply All
• Personal e‐mail use may be authorized

Examples of Computer Misuse:

• Viewing/downloading pornography
• Gambling on the Internet
• Private business/money‐making ventures
• Loading personal/unauthorized software
• Unauthorized configuration changes

• Check all documents for sensitivity level
• Label all files, removable media, and subject headers
• If a spillage occurs, notify your security POC
• When storing or transmitting sensitive information, including PII:
• Encrypt before storing on mobile devices or transmitting
• E‐mail with caution
• Store on authorized system
• Never transmit, store, or process on a non‐sensitive system

• Do not participate in unapproved surveys on the telephone or online
• Do not give out personal information
• Do not give out computer or network information
• Do not follow instructions from unverified personnel
• Document interaction:
• Verify the identity of all individuals
• Write down phone number
• Take detailed notes
• Contact your security POC

• Do not participate in unapproved surveys on the telephone or online
• Do not give out personal information
• Do not give out computer or network information
• Do not follow instructions from unverified personnel
• Document interaction:
• Verify the identity of all individuals
• Write down phone number
• Take detailed notes
• Contact your security POC

• Scan all external files before uploading to your computer
• Do not e‐mail an infected file to anyone
• Contact your help desk for assistance

• Set your browser preferences to prompt you each time a website wants to store a cookie
• Only accept cookies from reputable, trusted websites
• Confirm that site uses encrypted links (https) in URL name or web address

• Ensure that the recipient is at the receiving end
• Use the correct cover sheet
• Contact the recipient to confirm receipt
• Never transmit sensitive information via an unsecured fax machine

• You may telework from a telework center
• You may work at home, in a dedicated work area
• You must use authorized equipment and software
• You must implement appropriate security measures
• You must sign a telework agreement
• You must sign a safety checklist
• You must protect your data

• Be careful of information visible on your laptop
• Ensure that the wireless security features are properly configured
• Wireless technology (e.g., Bluetooth) is not a secure technology
• Never discuss sensitive information on an unsecured phone
• Maintain possession of your laptop at all times
• Password protect and encrypt your laptop using whole disk encryption
• Encrypt all sensitive and non‐sensitive information not cleared for public release
• Sign for and protect government furnished equipment (GFE) from loss and theft
• Report a loss of GFE immediately to your security POC

• Ask how information will be used before giving it out
• Pay attention to credit card and bank statements
• Avoid common names/dates for passwords and PINs
• Pick up mail promptly
• Shred personal documents
• Carry your SSN card and passport only when necessary
• Order credit report annually

How to respond to identity theft:

• Contact credit reporting agencies
• Contact financial institutions/creditors to place an alert on:
• Credit cards
• Bank accounts
• Monitor credit card statements for unauthorized purchases
• Report crime to the local police

Examples: thumb drives, flash drives, CDs, DVDs, external hard drives.

• Encrypt all data stored on removable media
• Encrypt in accordance with the data’s classification or sensitivity level
• Label to reflect the sensitivity level
• Store in GSA approved storage containers at the appropriate level of classification
• Purge all removable media before discarding
• Contact your security POC for more information

Examples: personal digital assistants (PDAs), laptops, cell phones, and other portable electronic devices (PEDs), wireless readers (e.g., Kindle and iPads); music players such as iPods).

• Be extra vigilant when storing data on mobile computing devices
• All mobile computing devices must comply with Federal policy
• Do not connect personally owned mobile computing devices to Government computers or networks
• The Government classifies laptop computers as mobile computing devices
• Encrypt all sensitive and non‐sensitive data not cleared for public release
• Encrypt all Personally Identifiable Information* (PII) on mobile computing devices
• Social Security Numbers
• Dates and places of birth o Mothers’ maiden names o Biometric records
• If lost or stolen, immediately report the loss to your security POC
• If the device contains PII, you must report the loss immediately to your organization’s
  security POC or help desk
• Contact your security POC for more information

*Note: PII is Any information about an individual maintained by an agency, including, but not limited to education, financial transactions, medical history, criminal or employment history, and information that can be used to distinguish or trace an individual’s identity, such as name, Social Security number, date and place of birth, mother’s maiden name, and biometric
records, including any other personal information that is linked or linkable to an individual.

• Require confirmation before enabling
• Only allow mobile code to run from Government trusted sites

Consult these examples to easily identify sensitive information:

• Information that cannot be posted on a wall or on a public or internal website, for example:
• Credit card numbers
• Social Security Numbers
• Employee’s home telephone numbers
• Information that can originate from only specific individuals, for example:
• Prescriptions
• Checks

• Use caution if you are allowed to use web mail on Government computers.
• By using web mail, you are bypassing firewalls and other security measures, and exposing you and your agency to potential viruses and other malware.

Use caution if you are allowed to use social networking sites on Government computers. Best practices include:

• Consider carefully the information you post online about yourself and your family
• Understand the privacy settings and defaults
• Consider who you accept as a friend online carefully
• Create strong passwords and user names
• Beware of links to games, quizzes, advertising, and other applications available through social networking sites

Directors and above have access to the security application in OnBase.  They must complete the application with the new employee together.  For myWNC access FERPA training with the Registrar is required in addition to the security application.

In accordance with the NSHE Information Security Policy, all sensitive data maintained or transmitted by an NSHE institution must be secure. Sensitive data is defined as “any data associated with an individual, including but not limited to social security number and data that is protected by Board policy, or state or federal law.”

To comply with the NSHE Information Security Policy, all WNC notebooks or tablets running Microsoft Windows 7 or Windows 10 storing sensitive data will be encrypted with BitLocker using the AES 128-bit encryption method.

USB Flash Drives and External Drives

WNC staff and faculty are responsible for any sensitive data stored on a device that may be taken off campus. This includes, but is not limited to, devices such as USB flash drives, external drives (backup drives), burned CDs or floppy disks. This also includes any sensitive data that may have been transferred to a personal computer or device, such as a mobile phone via email, ftp, or any other transfer method. If the storage drive or personal device carrying sensitive data becomes lost or stolen, you will be held liable which may result in disciplinary action.

Computing Services recommends the following devices for users that take sensitive data off campus:

Apricorn Secure Key Flash Drive

• FIPS 140-2 Level 3 Validated drive with 256-bit AES XTS encryption
• Aegis Configurator Compatible
• High quality rugged aluminum housing IP57 Water and Dust Resistant
• Embedded 7-16 digit pin authentication with user forced enrollment
• 2 Read-Only modes
• Sizes available: 8GB, 16GB, 32GB, 64GB, 126GB

Apricorn Padlock External Drive

• Utilizes Military Grade FIPS PUB 197 Validated Encryption Algorithm
• Super fast USB 3.0 Connection – Data transfer speeds up to 10X faster than USB 2.0
• Software Free Design – With no admin rights needed
• Sealed from Physical Attacks by Tough Epoxy Coating
• Brute Force Self Destruct Feature
• Compact, Rugged Design – Perfect for taking your data on the road
• Water Resistant Key Pad
• Sizes available: 500GB, 1TB, 2TB

Requests for software must be submitted in advance for testing and install.  The entire lab needs to be closed in order to install new software so no new software can be installed after a semester begins.  If software is needed for the Fall semester the deadline to request the install is May 1 prior to the Fall semester.  Software needed for the Spring semester needs to be requested by December 1 prior to the Spring semester.

All lab and public computers are setup to return to original settings that are configured by the Lab Manager upon startup.  Computers are programmed to logoff nightly at 11:00 p.m. and when started again all changes and documents loaded previously are removed automatically.

Instructors and students can load software and save documents, however, upon reboot of the computer(s) all software and documents are removed.  Computers are automatically shut down at 11:00 nightly.  If software without any special configurations is needed for a one-day course, then the instructor can install the software.  Keep in mind the software would have to be installed individually on each computer if the entire class needs access to it.

Requests for new technology in labs and public computers requires a Computing Services work order and completion of a located here: https://intranet.wnc.edu/committees/technology/.  The work order starts the process of obtaining quotes and/or testing.  The Technology Request forms are reviewed monthly by the Technology Committee during the Fall and Spring semester.  If approved the requester needs to be sure a Lab request is submitted by May 1 for the upcoming Fall semester, or December 1 for the upcoming Spring semester.  If approved the Technology Committee will purchase the software/hardware and the Lab Manager will schedule the install.

WNC cWireless

Submit a work order in advance with the dates and location.

Submit a work order requesting a quote.  There is a cost to the department to additional network connections.

Computing Services needs to be involved if the remodel involves equipment moves, lab furniture, podium purchases, or infrastructure upgrades.  Submit a work order in advance of the project so a member of the Computing Services team can assist in the successful completion of your project.

Yes, submit a work order.  Some equipment requires special configurations and should be approved by the Network Administrator in advance.