A magnifying glass being held to a laptop's keyboard. Source: https://unsplash.com/photos/d9ILr-dbEdg

Frequently Asked Questions (FAQ)

Frequently Asked Questions (FAQ)

Listed below are Frequently Asked Questions (FAQ) for various Information Security services or initiatives. For additional information about any of these items, please contact the LACCD Information Security Team at @email

What is LACCD Information Security Awareness?

LACCD has adopted Board Policy 3720, Computer and Network Use, and associated procedures to assure that all who access District information systems use those resources responsibly.  In support of this policy, the District requires mandatory annual information security awareness for all employees to help you understand your role in protecting the District’s information resources, and to acknowledge your agreement to comply with the District’s Administrative Procedure 3720, Computer and Network Use.   

How do I access the security awareness content? 

1. Log into the Vision Resource Center by clicking "Login Now", and enter your District email address in the form "username@email.laccd.edu." You will be directed to the LACCD Single-Sign-On (SSO) page to complete login.

2. Click on "My Transcript," as shown below.

3. The title is "LACCD|Information Security Awareness 2023-2024". Click "Open Curriculum" to begin. 

4. If you have any issues accessing the content, email infosec@laccd.edu. 

When is it due?

Completion of LACCD Information Security Awareness 2023-2024 must be complete by June 30, 2024. 

  

What is the LACCD Phishing Awareness Campaign?

Malicious attackers on the Internet have become very sophisticated in sending phishing emails to LACCD employees that attempt to gain access to our information systems, or for financial gain. The District is conducting a phishing awareness campaign for all LACCD employees. This campaign is designed to help our employees recognize these phishing attacks so they can protect themselves and our community from harm.

Why Are We Doing This?

Studies have shown that routine simulations of phishing attempts reduce email recipient’s susceptibility to phishing. The goal is to improve everyone’s ability to resist phishing attacks, and in turn, protect your personal information and the personal information of our students and employees. These simulations are also recommended by our auditors and insurers.

How Will the Campaign Work?

The LACCD Information Security Team will periodically send a simulated “phishing” email to your inbox that will contain links that attempt to collect your password or other information. If you do click, no personal information will be collected. You will be notified that you clicked on a potentially dangerous link, and receive tips on how to identify phishing emails in the future.

Will There be Consequences for Clicking on the Simulated “Phishing” Email?

No; the purpose of this campaign is purely educational. You will be notified immediately if you click on a dangerous link, and provided with guidance. Managers will not have access to the simulation results of individual employees. Users who repeatedly click on simulated phishing emails will be offered additional information security training.

What Should I Do if I Recognize the Email as Phishing?

Anytime you receive a message that looks suspicious, or you are unsure whether is legitimate, please forward to  @email for analysis. Otherwise, you can simply delete and disregard the email.

What if I have additional questions?

If you have any questions about the Phishing Awareness Campaign or any other questions about information security, please email @email for assistance. 

What is a Shared Mailbox in Outlook?

A Shared Mailbox allows several individuals to access a common inbox, enabling them to collaborate efficiently. Users with access to the Shared Mailbox can send emails on behalf of it. Any modifications, like reading, categorizing, replying to, or deleting emails, will be instantly visible to all users who have access to the Shared Mailbox. Below are tutorials explaining how to access a shared mailbox and send an email on behalf of the shared mailbox address.

 How to Access A Shared Mailbox in Outlook

STEP 1:

After opening the Outlook desktop app, click on the left pointing arrow on the left side of your screen. 

A close-up screenshot of the top left corner of Outlook for Windows Desktop. A big red arrow was edited into the screenshot and is pointing to the gray arrow icon above the "Inbox" tab.

STEP 2:

You will find your new shared mailbox below your personal district email. Here, you will be able to check your inbox, drafts, sent items, archive, conversation action settings, conversation history, junk email, and the outbox. 

This image is a screenshot of Outlook for Windows desktop displaying the various mailboxes a user has they have access to a shared account.

 

 

Content

How to Send an Email on Behalf of the Shared Mailbox Address

Step 1: 

Click "New Email" to compose a new email.

A screenshot of the top left corner of the Outlook app for Windows Desktop with a red arrow pointing at the "New Email" icon.

Step 2:

Click "Options" tab and select "From" in the "Show Fields" group.

A screenshot of the "Options" pane ribbon in Outlook for Windows.

Step 3:

Lastly, click "From" > "From" and choose the shared mailbox in the global address book to send emails.

 
 

 

What is the District's Multifactor Authentication (MFA) Policy?

All LACCD students, staff and faculty must use Multifactor Authentication (MFA) at all times to access District email and Office365 applications. This means you will have to approve all "sign-ins" to your District email account using a second method after entering your password. You must also use MFA to access SharePoint, OneDrive, and all other Office365 applications. 

Why does the District require MFA?

Attackers on the Internet sometimes use “phishing” techniques that lead you to a fake website and trick you into entering your email address and password. The attackers use this information to attempt to scam people. By requiring MFA, an attacker will not be able to access your email even with your password, making phishing attacks less likely to succeed.

What if I already registered for MFA?

If you have already registered for MFA for District email and Office365 applications, then no further action is required from you.

What do I do if I have not yet registered for MFA?

The first time you log into District email or any other Office365 application, you will be required to register for Multifactor Authentication (MFA) for District email using one of the following two methods:

  • Register to receive text confirmation messages to a mobile device.
  • Install and configure the Microsoft Authenticator application on an iPhone or Android mobile device Instructions for both methods are provided below.

How to Register for MFA Using Text Messaging

  1. From a web browser, visit https://aka.ms/MFASetup. This will take you to Microsoft’s Office365 Sign-In Page. Enter your District email address (username@laccd.edu or username@student.laccd.edu), and click “Next.”

  2. You will be taken to the District’s sign-in page. Enter your password, and click “Sign In.”

  3. You may receive a screen asking if you want to stay logged in after completing the process. Click No.
  4. If you have not already registered for MFA, you will see the screen below that says “More information required.” Click “Next.” If you see a different screen than the one below, you have already registered for MFA, and no further action at this time.
  5. The next screen will ask you if you want to provide security verification with an Authentication phone or Mobile App.
  6. Under “Additional security verification”, select “Authentication phone.” Then select the Country Code of your mobile phone, and enter the phone number. Then click “Next.”
  7. You will be sent a text message to the number you provided. The text message will say “Use verification code XXXXXX for Microsoft Authentication,”, where XXXXXX is a six-digit number. Enter the number provided into the text message in the space provided, and click “Verify.”
  8. If you enter the correct code, the screen will say “Verification Successful.” Click “Done.” If it does not say “Verification Successful”, follow the prompts to try again.
  9. Your registration is now complete. You will be led to a screen where you may select additional authentication methods if you wish. If not, simply close the browser.

How to Register for MFA Using the Microsoft Authenticator App

  1. From a web browser, visit https://aka.ms/MFASetup. This will take you to Microsoft’s Office365 Sign-In Page. Enter your District email address (username@laccd.edu or username@student.laccd.edu), and click “Next.”

  2. You will be taken to the District’s sign-in page. Enter your password, and click “Sign In.”

  3. You may receive a screen asking if you want to stay logged in after completing the process. Click No.
  4. If you have not already registered for MFA, you will see the screen below that says “More information required.” Click “Next.” If you see a different screen than the one below, you have already registered for MFA, and no further action at this time.

     

  5. The next screen will ask you if you want to provide security verification with an Authentication phone or Mobile App. If you wish to receive verifications via a mobile application installed on your iPhone or Android device, select “mobile app,” then click “Set up.”
  6. The instructions to proceed are shown on the screen. Install the Microsoft authenticator app for Windows Phone, Android or iOS on your mobile device. From the app on your mobile device, click the three dots in the top right corner of the screen. Click “add account, “work or school account.”, and “Scan a QR code.” Scan the QR code into your app. If successful, the account will be registered in your authenticator app. Click “Next.”
  7. There are two methods to verify your identity through the Microsoft authenticator app. Select “Receive notifications for verification” and click “Next.”
  8. The authenticator app on your mobile device will send you a pop-up message. Click “Approve.” 
  9. If the authentication is successful, it will send you to a screen asking for a backup mobile phone number to use in case your mobile device cannot be located. This step is optional; if you do not wish to enter a mobile phone number, click “Done.” 
  10. Your registration is now complete. You will be led to a screen where you may select additional authentication methods if you wish. If not, simply close the browser

What do I do if I need assistance?

If you are a student, please contact the student services center at your college for assistance.

LACCD Student Support Services

​​Campus

Email

Support Phone

ELAC

@email

​(323) 792-1221

LACC

@email

​(888) 930-LACC

(323) 766-6240

LAHC

@email

​(424) 367-1604

LAMC

@email

​(818) 722-6752

LAPC

@email

​(818) 464-4410

LASC

@email

(323) 274-1680

LATTC

@email

​(213) 444-7706

LAVC

@email

​(818) 938-8418

WLAC

@email

​(310) 287-7251

 

If you are faculty or staff, please contact the Office of Information Technology helpdesk using the directory below:

 

LACCD Faculty and Staff Technical Support

Campus

Email​

Support Phone

ELAC

elac-tech​support@laccd.edu

213-577-1211

LACC

@email

213-732-1466

LAHC

@email​

​ 213-513-4211

LAMC

lamc​-techsupport@laccd.edu​

​ 213-322-1210

LAPC

@email

​ 213-214-2130

LASC

@email

​ 213-214-1131

LATTC

@email

​ 213-732-1688

LAVC

@email

​ 213-732-1667

WLAC

@email

​ 213-510-2121

What do I do if I do not have a mobile device and/or cannot receive text messages?

If you are a student, contact student support at the email address for your college, provided above.

If you are LACCD faculty or staff, the District has a limited number of hardware token devices available that will send you One-Time Passwords (OTP) to verify your identity. To request an OTP device, complete the form available here and submit to infosec@laccd.edu.

I am a student or adjunct faculty member and I check my LACCD email from my Gmail/Hotmail account. Will that still work after MFA is required?

No. Some email providers, such as Gmail and Hotmail, allow you to configure your mailbox to check other email accounts. This will no longer work once MFA is required. You can set your District email account to forward emails to another account as follows:

  1. Log into your LACCD web mail by visiting https://mymail.laccd.edu, and log in with your LACCD email address and password.
  2. In the top-right corner of the screen, click on the “Gear” icon. 
  3. At the bottom right of the page, click “View all Outlook settings.”
  4. Click Under “Mail”, then “Forwarding,” check “Enable Forwarding.” Enter the email address you wish to forward to, check “Keep a copy of forwarded messages”, and click “Save.”
    Your email will now be forwarded.

What if I have additional questions?

For technical assistance, please refer to the contact information above for students, faculty and staff. If you have any other questions about MFA, please email @email from your District email account.

 

 

 

 

Recently, several California Community Colleges have reported Multifactor Authentication attacks against student email accounts where an attacker:

  1. Sends a student a text (SMS) message saying their account will be cancelled and asks them to confirm they received the text.
  2. Calls the student pretending to be from the college IT department. The attacker then has the student log into their email account while they are on the phone and tell the fake "IT department" the confirmation code for their multifactor authentication. The attacker then uses the information to hijack the student account and use it to attack others.

Your LACCD college IT department will NEVER ask for your Multifactor Authentication Code (MFA). Should you have any questions at any time about a caller that claims they are from an LACCD college IT department, please contact @email

What is Data Loss Prevention (DLP)?

The Office of Information Technology currently uses a feature in LACCD Microsoft 365 system to enhance the protection of sensitive data, specifically data classified as “High-Risk PI” as defined in LACCD Administrative Procedure 3721. This data includes information such as social security numbers, driver's license numbers and passport numbers. The feature is known as Data Loss Prevention (DLP).

Currently, if an LACCD Office365 user (student or employee) attempts to share or store a file containing High-Risk-PI data in a location that does not meet the appropriate security requirements, the DLP feature notifies the information security team to follow up with the employee and assure that the data is appropriately safeguarded.

What is changing with DLP?

The information security team is changing the current DLP system so that it will automatically block access to any data in Office365 it detects as containing High-Risk-PI information. This includes all Office365 applications such as email, OneDrive, and SharePoint. If High-Risk-PI information is detected, the DLP system will prevent the information from being accessed or shared, and the student or employee attempting to share the information will be notified via email.

Why are we making this change?

This feature will help to ensure that sensitive data is not stored in locations that do not meet the appropriate security requirements. It will also reduce the risk of inadvertently sharing sensitive data. Automating deletion of the file also helps the District conform to relevant information security laws and regulatory requirements.

What about “SharePoint PII” Sites?

The District allows operational units to request specific SharePoint sites that are specifically secured to house High-Risk-PI data. These sites have their own DLP policies and are not affected by this change. To request a SharePoint PII site, visit  Microsoft 365 Collaboration Tools.

When does the change take effect?

The change will be implemented on Thursday, September 26th, 2024.

What is the impact of this change on LACCD employees?

LACCD employees that share or store files containing sensitive data in Office365 locations that do not meet the appropriate security requirements will have their email/data automatically blocked.  

What should I do if I believe that a file does not contain sensitive data, but it was identified by the DLP feature as containing sensitive data (a “False Positive”)?

The District has had the current DLP policy in place for a few years, and notes that false positives are extremely rare. However, if the person who creates or sends the file wishes to verify that it does not contain any sensitive data, e-mail @email for assistance.

Do I need to take any action to facilitate this change?

No, the feature will automatically work once it is enabled.

What if I have additional questions about the change in our DLP policy?

Should you have any additional questions after reading this FAQ in its entirety, please contact @email.