IT Security Hub

Stay Secure. Stay Smart.
Stay SAC.

The Office of Technology Services at San Antonio College is dedicated to protecting the College’s data and privacy through proactive cybersecurity, education, and strong policies—supporting a safe and effective digital environment.

Common Security Threats

Cyber threats constantly evolve, making it crucial to stay informed and vigilant. This section highlights some of the most common security risks, including phishing scams, malware attacks, weak passwords, and social engineering tactics. By understanding these threats and following best practices, you can better protect your personal and institutional data from cybercriminals.

Phishing & Email Scams
Malware & Ransomware
Password Security
Social Engineering

Cybercriminals use phishing emails to trick people into revealing sensitive information like passwords or financial details. These emails often appear to come from trusted sources and may contain urgent requests or malicious links. Always verify the sender, avoid clicking suspicious links, and report any suspicious emails to IT security.

▶ How to Spot Phishing and Email Scams

Check the sender's email – look for misspellings or strange domains.
Watch for urgent or threatening language.
Look for grammar and spelling errors.
Don’t click suspicious links – hover to preview.
Avoid unexpected attachments.
Verify requests for personal info.
If it sounds too good to be true, it probably is.

Malware and ransomware can infect your device through malicious downloads, email attachments, or compromised websites. These threats can steal data, lock files, or disrupt operations. Keep your software updated, use reliable antivirus protection, and avoid downloading files from unknown sources to minimize the risk.

▶ Desktop Security Tips for Personal and College Devices

Use strong passwords: Avoid using the same password for multiple accounts. Use a password manager if possible.
Enable automatic updates: Keep your operating system, antivirus, and software up to date.
Lock your screen: Always lock your computer when stepping away — even for a minute.
Use college-approved antivirus software: Ensure it's installed and actively running.
Store data securely: Use college-approved cloud storage instead of local or external drives for sensitive data.
Secure your Wi-Fi network: Use a strong password and WPA3 if available. Avoid public Wi-Fi or use a VPN.
Be cautious with USB drives: Avoid plugging in unknown or untrusted USB devices.
Use remote desktop tools safely: Only access college systems using approved remote access tools and follow IT guidelines.
Report suspicious activity: Contact IT if you suspect malware, data loss, or phishing attempts.

Weak passwords are an easy target for hackers. Always use complex, unique passwords for different accounts and enable multi-factor authentication (MFA) for added security. Consider using a password manager to safely store and manage your credentials.

Form to set up MFA for Faculty and Staff

▶ Password Protection and Multi-Factor Authentication (MFA) Tips

Use strong, unique passwords: Avoid using simple or repeated passwords. Use at least 12 characters, mixing letters, numbers, and symbols.
Enable MFA everywhere possible: Add an extra layer of security by requiring a second form of authentication (like an SMS code or authenticator app).
Don’t reuse passwords: Each account should have a unique password to prevent a single breach from compromising multiple accounts.
Use a password manager: Store and generate strong passwords easily with a password manager, so you don’t have to remember them all.
Verify identity with trusted apps: Use authenticator apps (e.g., Google Authenticator, Microsoft Authenticator) instead of SMS for MFA when possible.
Keep your recovery options up to date: Update your email and phone number linked to accounts in case you need to recover access.
Change passwords periodically: Regularly update your passwords, especially for sensitive accounts like email or banking.
Be cautious with security questions: Choose answers that are not easily guessable or searchable (e.g., avoid your pet's name or mother's maiden name).

Attackers use social engineering to manipulate people into providing sensitive information, often by posing as trusted individuals or organizations. Be cautious of unexpected requests for passwords, financial details, or access permissions. If in doubt, verify the request through official channels before responding.

▶ Social Engineering Awareness Tips

Be cautious with unsolicited communication: Be wary of unsolicited emails, phone calls, or messages, especially those requesting sensitive information.
Verify identities: Always verify the identity of anyone asking for confidential information, even if they appear legitimate.
Don't click on suspicious links: Be cautious about links in emails or messages, even from trusted contacts. Hover over them to see the actual URL.
Question unusual requests: If someone asks for unusual or unexpected information, verify the request through a different channel (e.g., call them directly).
Be aware of "urgent" requests: Scammers often create a sense of urgency to pressure you into making a quick decision. Take your time and verify.
Avoid sharing personal information: Do not share passwords, personal details, or sensitive data through unverified communication channels.
Educate yourself and others: Train yourself and your colleagues to recognize common social engineering tactics, such as phishing, vishing (phone scams), and pretexting.
Report suspicious activity: If you suspect you've been targeted by social engineering, report it immediately to IT or security teams.