Default Page | Security

Security

Protection of Student Data at the College of Central Florida

At the College of Central Florida, we consider safeguarding students' data to be essential for maintaining their privacy and ensuring data security. The college implements comprehensive procedures and robust security measures that comply with relevant federal and state regulations to ensure the protection of personal and financial information.

Secure Authentication Practices

The college employs a robust authentication system that requires each student to have a unique username and a strong, confidential password. Students must select complex passwords and are required to change them regularly to minimize unauthorized access risks. Password sharing and the use of generic or default passwords are strictly prohibited to ensure personal accountability and security.

Password Creation Guidelines

Passwords should contain at least 15 characters, using a mix of uppercase letters (A-Z), lowercase letters (a-z), numbers (0-9), and symbols (!, @, #, $, etc.).
Avoid easily guessable passwords (names, dates, common words).
Use passphrases to make passwords easier to remember and more secure. Example: "I LOVE coming to CF! 37" is a very strong, but easy-to-remember password.
Never use the same password for more than one account. If one were to get compromised, consider them all compromised!
It is recommended that you change your password every 90 days, or at least once a year.
Consider using a password manager (like LastPass or 1Password) to securely store and generate strong passwords without needing to remember them all.

Two-Factor Authentication (2FA)

To further protect student information, the college utilizes two-factor authentication (2FA). This process significantly enhances security by requiring two distinct forms of verification: something the student knows (password) and something the student possesses (a code delivered via a secondary device). This measure dramatically reduces the risk of unauthorized access, even if passwords are compromised.

Incident Reporting Procedures

Students must immediately report any suspected data breaches, unauthorized access, or suspicious activities to the Information Security Manager or the Help Desk at (352) 854-2322, Ext. 1378, or via email at ithelp@cf.edu.

Consequences of Misuse

Intentional misuse of credentials, unauthorized data access, or violations of security policies may lead to disciplinary action, including suspension, expulsion, or legal consequences.

Adherence to Legal Requirements

The college rigorously adheres to various regulatory requirements, including but not limited to:

Family Educational Rights and Privacy Act (FERPA): Protects the privacy of student education records, requiring explicit consent for disclosure of personally identifiable information. Students have the right to review their records, request amendments, and control the disclosure of information.
Gramm-Leach-Bliley Act (GLBA): Mandates the protection of student financial information through comprehensive data security protocols, including secure storage, access controls, encryption during transmission and at rest, and robust disaster recovery plans.
Payment Card Industry Data Security Standard (PCI-DSS): Ensures secure handling and protection of credit card information through stringent standards, including encryption, secure storage, controlled access, and regular monitoring for potential security breaches.

Student Rights and Data Protection

Students possess specific rights regarding their personal data, including:

The right to inspect and review their educational records.
The right to request amendments to records believed to be inaccurate, misleading, or otherwise in violation of the student’s privacy rights.
The right to consent or deny disclosure of personally identifiable information contained within their education records, except under specific circumstances defined by law.
The right to file a complaint concerning alleged failures by the educational agency or institution to comply with regulations.

Protective Measures and Responsibilities

The college employs multiple protective measures, such as:

Data Classification and Access Control: All student data is classified based on sensitivity (Confidential, Internal/Private, Public), and access is granted strictly on a need-to-know basis.
Secure Data Handling: The use of encrypted transmission protocols, secure storage environments, and restricted physical and digital access ensures data confidentiality and integrity.
Data Loss Prevention (DLP): The college implements proactive measures to prevent unauthorized data disclosure, including the use of automated monitoring systems, data discovery tools, and employee training.

Additional Security Best Practices

Secure your mobile devices with PIN codes or biometrics.
Use secure Wi-Fi connections and avoid public unsecured networks.
Be vigilant against phishing attempts—never share personal information through unsolicited emails or links.
Maintain safe browsing habits and keep your devices up to date with the latest security patches.

Annual Review and Updates

The college conducts periodic reviews and updates of our policies and associated procedures to ensure compliance with evolving laws and emerging threats. Students and staff should review policies and procedures regularly to ensure their understanding and remain in compliance.

Emergency Response Plan Summary

In the event of a cybersecurity incident affecting student data, the college will promptly activate its incident response plan, including immediate investigation, containment measures, notification of affected individuals, and remediation actions.

Should an incident affect you, a representative will contact you to keep you informed of your rights and how we are managing the situation.

Questions?

For additional guidance or support regarding privacy and security-related concerns, please contact the Information Security Manager or Help Desk directly.

MFA Action required

Multi-Factor Authentication will help keep your account secure!

The College of Central Florida IT Department is adding more security for your online credentials. We need you to register for Multi-Factor Authentication before you can implement this new requirement.


	Click here to register for MFA

After you register, you will have a two-step verification process with a range of easy verification options such as phone call, text message or mobile app notification to access your online data or applications.

Thanks!

College of Central Florida IT Department

College of Central Florida Information Technology Department

Microsoft Authenticator setup


		Setup Microsoft Authenticator app authentication
		Use the Microsoft Authenticator app to receive notifications on your smartphone or tablet to verify your identity when prompted for Multi-Factor Authentication. Step 1. Download and install the Microsoft Authenticator app. Visit the Apple app store or Google play store on your device and install the Microsoft Authenticator app. Alternatively, visit aka.ms/authapp and download the Microsoft Authenticator app. Step 2. Add your account to the app. On your desktop, visit https://aka.ms/mysecurityinfo . Select Add Method > Authenticator app. Follow the wizard experience to setup the app. Scan the QR Code in the app and test the push notification flow as part of this process. For more information, see this guidance. Step 3. Change default sign-in settings to the Authenticator app. To ensure that you are prompted to sign-in using push notifications: Visit https://aka.ms/mysecurityinfo . Select Default sign-in method > Change> Authenticator – notification option. Congratulations! You are now setup with the Microsoft Authenticator app and can receive push notifications for multifactor authentication verification. Thanks, College of Central Florida IT Department
		This message was sent from an unmonitored email address. Please do not reply to this message. If you need immediate IT help, please call 352-854-2322, ext. 1378.