Contact Us
Incident Response
The College maintains a formal Incident Response program aligned with recognized cybersecurity frameworks and standards. Technology incidents and suspected security events are identified and escalated promptly, assigned clear ownership, and classified based on institutional impact. The response process emphasizes coordinated investigation, consistent communication, documented resolution, and post-incident review to support operational continuity, risk management, and continuous improvement of the College’s cybersecurity posture.
Breach Response Plan
The College maintains a formal Breach Response and Notification process to ensure suspected or confirmed data breaches are handled in a controlled, compliant, and coordinated manner. Potential breaches are escalated immediately, prioritized for containment and investigation, and evaluated by senior leadership to determine impact and notification requirements. All breach communications are centrally authorized, legally informed, and issued in accordance with applicable regulatory obligations. Post-incident documentation and review are required to strengthen safeguards and support continuous improvement of the College’s information security program.
Disaster Recovery
The College maintains a Disaster Recovery program to support continuity of critical systems and services in the event of a disruption. This includes documented recovery strategies, system prioritization, and periodic testing to ensure the College can restore essential operations within defined timeframes.
New Employee Security & Compliance Requirements
All new College employees are required to complete mandatory onboarding and compliance activities to support security and operational standards. These include cybersecurity awareness training through KnowBe4, implementation of multi-factor authentication (MFA) and strong password practices, required HR training via Percipio, and participation in New Hire Orientation and the First Year Experience (FYE) program. The FYE program consists of six structured sessions over the first year, introducing employees to College departments, services, and functions.
Email Security
The College employs layered email security controls to reduce phishing, malware, unauthorized messaging, and mass-email abuse. These controls include external email identification, scanning of embedded content, integrated phishing reporting through the KnowBe4 Phish Alert Button, and regular phishing simulations to reinforce user awareness. The College also utilizes Microsoft 365 Defender protections, including Safe Links, Safe Attachments, spam filtering, and mass-email detection. To further limit the impact of compromised accounts, user email sending limits are enforced to prevent large-scale spam or phishing blasts and to support early detection and containment of email-based threats.
Multi-Factor Authentication (MFA)
The College requires multi-factor authentication (MFA for all students and employees accessing College systems to strengthen identity verification and reduce the risk of unauthorized access. MFA uses a combination of something a user knows (such as a password) and something a user has (such as a registered device or authentication application). The College’s MFA implementation includes push notifications for real-time login approval and automated account protection controls, including smart lock mechanisms that temporarily restrict access after repeated failed authentication attempts. These safeguards help detect suspicious activity, limit credential-based attacks, and protect College systems and data.
KnowBe4 Cybersecurity Program
The College utilizes KnowBe4 as its primary cybersecurity awareness and training platform. This includes annual cybersecurity training for all employees, regular phishing simulations, and targeted remedial training for individuals who do not successfully identify simulated phishing attempts. This program supports continuous improvement and shared responsibility for cybersecurity across the College.
https://www.youtube.com/@KnowBe4/videos
Annual Penetration Testing
The College conducts annual third-party penetration testing to assess the security of College systems and identify potential vulnerabilities. Results are reviewed by internal IT leadership and used to guide remediation efforts and strengthen the College’s overall security posture.
Board-Level Cybersecurity Oversight
Each year, the College provides a cybersecurity posture report to the College Board of Directors. This report summarizes cybersecurity risks, controls, training efforts, and improvement initiatives, ensuring leadership oversight and alignment with strategic, regulatory, and insurance requirements.