Best Practices

Below are some tips and guidelines that you can use to help us maintain a healthy and secure network

Never use your CPCC login or password on a non-CPCC website or application.
Never reveal your password to anyone.
Never use your CPCC credentials from a machine you don't trust (i.e., rented computer at a cyber cafe or even at a friend's house.)
Choose strong passwords that include upper and lower case letters, numbers, and punctuation.
Change your password frequently.

While your workstation will auto-lock itself after 15 minutes of inactivity, you are encouraged to lock it manually whenever you leave your area.
Log off your workstation at the end of the day. Doing so will protect you from losing unsaved work and also make it easier for us to provide critical patches and updates to your computer.
Only install work related software
Only install and use P2P software for legitimate purposes. Sharing music and software with tools such as Limewire, KaZaa, and Gnutella, could put you and the college at risk.

Disable the auto-preview feature in Outlook. Doing so will prevent emails with questionable or malicious content being opened without your direct action.
Do not open any email attachments from senders you do not know.
If you get a piece of SPAM that includes a link to unsubscribe, do not click on it. Doing so will tell the spammer that you exist causing you to get more. Even opening an HTML formatted spam will tell the spammer that you exist.
No legitimate institution will ask you for your social security number via email. Please report all suspicious mail to: spam [at] cpcc.edu
Remember, email is sent in the clear and may pass through networks that are outside of our control. You should assume that anything you write in an email is public. Anything that is not public information should not be transmitted via email.

Always verify that a website is secure (i.e., has https:// in the url and a lock icon) before entering any private information or logging in.
Enable pop-up blocking and only allow popups from sites you trust.
Consider disabling Javascript, Java plugins, ActiveX controls, and other media addons if you don't need or use them as they are increasingly used to install spyware and worms.
Be very careful when typing a URL into your browser. Commonly misspelled versions of some domains often are setup to look like the real thing but are phishing sites.

Beware of unrecognized USB sticks and CDs that you find lying around. They may have been planted for the sole purpose of infecting any machine they are inserted into.
Do not transport confidential or personal information on CDs, Laptops, USB keys, portable harddrives, etc., unless necessary and only then in a format that is encrypted and secure.

If you receive calls from your bank or other institution, verify that the number they are dialing from is the same as that on your statement or other known trusted document. If it is not, do not reveal any personal information. Instead, call the institution at the number listed on your statement or other known trusted document to verify that they did call.
Never give out your password over the phone.
In a large educational institution, you probably haven't met everyone. Before giving information to a caller you do not recognize, verify they are who they say they are (i.e., by calling their office number or the office of a co-worker that you do know.)