To protect systems against potential cyber attacks, the Information Technology Department has made further improvements to continue to protect Metropolitan Community College systems and data.
Recently, the department formed a standing committee that represents various functional areas responsible for protection of sensitive data and are working as a team to enhance security.
As part of that committee, three short term improvements have been identified to be implemented.
- Employees will notice a new legal notice that will appear on the log in screen on MCC owned computers. This notice is to remind employees of the obligation to protect the data within systems and properly use technology resources consistent with district policies and procedures. (below is what will appear on the screen)
- Notice Terms and Conditions
- By clicking OK below and logging into this computer you are agreeing that you will adhere to the required processes to protect the confidentiality and appropriate use of college data and will abide by MCC’s COMPUTER AND COMPUTER TECHNOLOGY USAGE Board Policy 2.25050 BP (http://web.mcckc.edu/asp/infoex/prp/files/225050BP.pdf) and all applicable policies, procedures, regulations and laws, including those regarding confidentiality and data security. All information contained in the MCC network and databases are the property of the College and are to only be used to support normal institutional duties. I also understand that failure to adhere to the confidentiality and usage guidelines may result in disciplinary action up to and including termination/expulsion.
- Employees do not need to do anything in this regard, it is for information only. It will just appear on the login page beginning in March.
- Employees will also notice that a new confidentiality notice will be automatically added to emails that are sent outside of the MCC system as follows:
- CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited.
- If employees have added a disclaimer as part of the “signature” in email, that should be removed so as to not cause confusion. The above institutional statement has been approved by legal for inclusion.
- Also, it may be a good time update the signature line.
- The following format is recommended:
- PCs will automatically lock out after 15 minutes of inactivity. Systems will not be logged off, but users will be required to reenter a password to unlock the computer. Again, this is to ensure information which may be displayed onscreen is not viewed by non-authorized individuals or access to such information that could be gained by not “locking” the PC is limited.
Added note: MCC requires password updates in the system every three months. The maximum time period allowed in federal law for PCI compliance is 90 days.