The Importance of Differentiating Retiree Email Accounts - Digital Futures

Every year, faculty staff leave our system as retirees after serving California Community College students and the system. Often, a retiree retains their email account after leaving the college to keep in touch with students and colleagues. However, consistent use of these accounts wanes over time, and credentials used for email access can become compromised through guessing or breaches occurring at third-party services.

By taking over these uncommonly-used retirees’ email accounts, a bad actor gains an assumed level of trust and a foothold into the college that, unlike a standard employee email account, may not be noticed. An account that looks legitimate to current staff and students is perfect for social engineering, gaining further system access, or stealing confidential information!

Our recommendations are as follows:

Consider reviewing your policy as to whether or not you provide a retiree email account. Many people have personal email accounts and won’t have need for a local email account. Is this truly a benefit or something that rarely gets used?
Create a policy to deactivate such accounts after a period of inactivity (90 days is a good benchmark). Unused accounts can add an unnecessary exposure to the college and could be targeted by bad actors. Deactivating reduces this risk. If a retiree decides that they want the account later, it can always be reactivated.
If you choose to provide retiree accounts, the Chancellor’s Office recommends a designated separate email domain, such as name@retiree.college.edu, rather than name@college.edu, to best differentiate them from regular college email accounts.

By differentiating retiree accounts, extra context is provided to the recipients of their emails in the email address itself.

Suppose a differentiated retiree account asks for urgent help with a project or requests confidential information. In that case, it would be noticeable to students and staff that something is strange. However, with retiree accounts that appear to be active college staff, any bad actor with access could be trusted and undetected to cause significant damage to the college.

Canvas Tips and Tricks

New Canvas integration tools can be enabled for instructors to better understand student behavior and facilitate data-driven decisions designed to improve student experiences.

Zoom Security Settings

CCC TechConnect Senior Media Help Desk Specialist Donna Gustafson offers important tips on how to keep Zoom meetings safe.

California Community Colleges Through GIS Mapping Updated

The GIS Map Viewer provides a common repository for the various maps, documents, links, and other tools we are collecting in our ongoing work at the California Community Colleges.

Information Security is an Investment in Equity and Economic Mobility

Immature information technology and security can slow down the whole cycle of student support, imposing delays in student enrollment confirmation or receipt of financial aid and hindering faculty and staff’s ability to reach out to students in need.

Basic Needs Centers Data Collection and Reporting

Starting with the 2022-23 academic year, all community colleges in the state have received funding to create dedicated Basic Needs Centers on their campuses to support students’ access to necessities such as food, housing, childcare, transportation, health care, and technology.

Ensure Your Campus Can Access the Vision Resource Center

Proper equipment ensures users have a positive user experience in the Vision Resource Center and unbarred email access to notifications from the Vision Resource Center communicating updates, news, and more.

Similar Posts

What is Digital Futures?