Essential

  • Stop (or at least slow down) and think
    • Many scams prey on fear and worry to pressure you to act without thinking.
      • "I need this right away.
      • "If you don't respond immediately we will suspend your account."
      • "Your account has been hacked."
    • Does this make sense?
      • Would this person really contact you?
      • Why would they ask you to do this?
      • Would they really be sending you this document?
    • Ask questions (You can inquire with ITS via the Help Desk, helpdesk@ccsf.edu or www.ccsf.edu/help-desk)
    • Verify
      • Call them back on a number you know or can look up (don't trust the contact info they sent)
      • Contact their secretary or administrative assistant
      • Go to their office to talk to them
  • Limit providing personal information as much as possible. Never give your password to anyone.
  • Avoid online banking, shopping and other sensitive activities away from home
  • Pay attention:
    • Use only secure sites (avoid websites that your browser doesn't show the lock symbol on)
    • Read the screen
  • Be wary
    • Of people online (are they who they say they are?)
    • Of e-mails (is it real?)
    • Of attachments (could this be malware?)
    • Of links (is it really taking me to the correct website?)
    • Of public Wi-Fi (should I be doing this here?)
  • Avoid risky sites
    • Stick to your favorite sites
    • Use only major companies
    • Do some research before going to an unknown site
  • Passwords:
      • Is at least 12 characters long? The longer your password is, the better.
      • Uses uppercase and lowercase letters, numbers and special symbols. Passwords that consist of mixed characters are harder to crack.
      • Doesn't contain memorable keyboard paths. The letters a-s-d-f-g-h-j-k-l may seem random, but they are, in fact, just the keys straight down the line.
      • Is not based on your personal information:
        • Children's names
        • Pet's names
        • Home address
        • Memorable dates
    • Use different passwords per site, so if you every get comprised, it's only a single site.
    • Don't write passwords down. Put them in a password manager instead. See the Cyber Security page for reviews and recommendations.
    • Don't share them with anyone

Highly Recommended

  • Use a Virtual Private Network (VPN) when possible. (See the Cyber Security page for reviews and recommendations.)
  • Use a password manager. (See the Cyber Security page for reviews and recommendations.)
  • Use anti-malware protection (See the Cyber Security page for reviews and recommendations.)
  • Encrypt your data where possible
  • Back up your data in multiple places
    • Different Hard drives/SSD
    • USB drives
    • In the Cloud (e.g. OneDrive or Google Drive)
  • Use  (MFA)
    • ÃÈ·­µ¼º½ offers this for employee e-mail and other systems (send a request via the Help Desk, helpdesk@ccsf.edu)
    • Google offers it with their accounts. They call it 2 step. ()
  • Get educated
    • Online Training classes:
        • ~24 videos (about an hour, 1-4 minutes per module)
        • Self-paced
        • Certificate awarded upon completion
        • ÃÈ·­µ¼º½ employees can access via
        • 3 short videos (~3.5 minutes each)
          • Cybersecurity 101
          • Hacking and Privacy
          • Cyber Codes
        • Interactive Game
        • ~15 courses on various Cyber Security topics
          • We recommend starting with Cyberessentials
        • Self-paced
        • Certificate awarded upon completion