To request a modification or enhancement to OnBase, please use the System Modification/Enhancement form. In your request, please provide detailed information about the changes you desire. You may also upload any supporting documentation. OnBase includes: OneRecord Document Management OnBase Workflows

To request a Team be created in Microsoft Teams, please use the Creation form. In your request, please provide detailed information about the changes you desire. You may also upload any supporting documentation.

Asset Disposal Processes Equipment/Furniture Disposal (Excludes electronics and vehicles) Electronics Disposal (Includes TVs, monitors, video equipment, and computer hardware) Vehicle Disposal Equipment/Furniture Disposal (Excludes electronics and vehicles) Complete and sign a property disposal form, which requires approval from the department Budget Unit Leader. Send the signed, approved, and FULLY COMPLETED form to: District Office 700 Carnegie Ave. Cleveland, OH 44115 ATTN: Jillian DeLong Incomplete forms will be returned! Once the form has been received, Asset Management will contact the requester to direct disposition in one of four ways: Trash: The requestor will enter a requisition with Plant Operations to recycle (if possible) or dispose of the item(s) according to approved college disposal policies. Move to temporary hold: The requestor will enter a requisition with Plant Operations to move the item(s) to temporary onsite holding area until pickup can be arranged. Redistribution: The item(s) will be moved to central storage and made available to other areas within the college for 30 days. The requestor will have the option to arrange pickup, and Asset Management will coordinate. Sale: After 30 days, the item(s) will be sold at auction or surplus sale. The requesting department will be responsible for any moving costs; if necessary, contact Asset Management to request a moving quote. The requesting department will also have the option to arrange the move themselves. Electronics Disposal (Includes TVs, monitors, video equipment, and computer hardware) Complete and sign a property disposal form, which requires approval from the department Budget Unit Leader. For computer hardware, if the disposal is not initiated directly by ITS, Asset Management will route the form to ITS. No computers should be removed from service or treated as surplus without ITS removing the hard drives and/or using the College's certified electronics recycler (which follows the Department of Defense destruction procedure). All other electronic equipment can be removed directly from the location, if at least one pallet (minimum of 10 units) is to be removed. Individual units must be moved to temporary onsite holding area after entering a requisition with Plant Operations. Once the form has been received, Asset Management will contact the requester to direct disposition in one of three ways: Onsite pickup: Asset Management will arrange for the disposal of electronics with an approved electronics vendor or recycler. Items should NOT be thrown into a dumpster! Redistribution: The electronics will be moved to central storage and made available to other areas within the college for 30 days. Sale: After 30 days, the electronics will be sold at auction or surplus sale. If not sold, the item(s) will be sent to an approved electronics recycler. ITS User Services disposal process User Services will contact Asset Management to confirm the location (Campus/Building & Room Number) of the surplus equipment. User Services manages several secure storage areas in the College where surplus hardware can be held. Asset Management will confirm that the equipment has been moved into the location in the College's inventory system. Asset Management will schedule pickup with the College's certified electronics recycler, and User Services will be onsite to provide access to the vendor during pickup. Once the item(s) are picked up, the recycler will provide Certificate(s) of Destruction (CODs) to Asset Management, and they will confirm the item(s) are no longer listed in the College's inventory system. Vehicle Disposal Complete and sign a property disposal form, which requires approval from the department Budget Unit Leader. Send the signed, approved, and FULLY COMPLETED form to: District Office 700 Carnegie Ave. Cleveland, OH 44115 ATTN: Jillian DeLong Incomplete forms will be returned! Once the form has been received, Asset Management will contact the requester to direct disposition in one of two ways: Redistribution: Another college department will claim and pick up the vehicle(s) from the current user. Sale: After 30 days, the vehicle(s) will be sold at auction or surplus sale.

Employee Network Logins Employee Network Logins are provided for faculty, staff, and some temporary employees. Employee logins grant access to College computers, my Tri-C space, email, storage, wireless networks, and many other resources. Password rules: Must not be a password you previously used Password may be changed after 7 days Password must be 8 or more characters Password must contain 3 of the 4 character types (uppercase, lowercase, number, symbol) Must not use common/weak passwords and password roots (words associated with Tri-C): “P@ssword1”, Qwertyuiop1!”, “Stomp”, ”Fall”, “Metro”, and similarly common conventions or patterns will not be allowed Review the tips in the attached Personal Password Management from Tri-C's Office of Safe and Secure Computing. Account Lockout Policy: Five invalid login attempts within 15 minutes will lock your my Tri-C space account for a duration of 60 minutes. Call the Help Desk at 216-987-4357 to have your account enabled. Change your password: You can change your my Tri-C space password by clicking the Change Your Password link on the login page. It must be at least 10 days since you last changed your password. What is my computer username? Your computer username, also known as the network login, is usually the first character of your first name, plus the first six characters of your last name. If this does not work, you can sign in to a College computer with your email address as the username. To see your assign network login username, click on the Windows button after logging into a College computer, type “account”, and click on Manage Your Account. Your network login username is the part after “CCC_NETWORK\”. Why am I prompted for a personal email address when I login to my Tri-C space ? If you need to reset your password to my Tri-C space, the personal email address provides a secure address to send the password reset information to. It also identifies you as an authentic user. When will the Help Desk ask me for personal information? When resetting your password, to verify your identity, you will be asked: Your date of birth The last four digits of your social security number An additional two security questions. They may ask for your address, phone number, emergency contact information, or the bank where your paychecks are deposited if you are an employee. (Do not be alarmed by the banking question. The Help Desk does not have access to your account information. The only information available to them is the name of the banking institution.)

What is Webex? Webex is an online meeting solution that can be used to communicate via audio, video, chat, and document sharing. Information Technology Services (ITS) provides Webex to all faculty and staff to create their own online meetings, to which anyone can be invited. Who is Eligible to use Webex? All faculty and staff can host meetings up to 40 minutes by default, or longer with a Webex Advanced Host License. Anyone can join a meeting if invited or if they receive the details for the meeting, with or without a Webex account. How do I get started with Webex? On a College computer: Launch the Webex app and sign in with your College email address. On a personal computer: Download the Webex app from https://tri-c.webex.com. Scroll down without logging in and use the Download button. Once you've opened the app, sign in with your College email address. In your web browser: Sign into https://tri-c.webex.com with your College email address to join Webex Meetings from any computer. Please see Get started with Webex App for more information on using the app. How do I request a Webex Advanced Host License? To host meetings longer than 40 minutes or record to your Webex cloud account, you need to request a Webex Advanced Host License. You can request an Advanced Host License by completing an Hardware / Software request form in the Freshservice support portal. Please note that you will need to sign into your Microsoft account. On the support portal, click the "Request a service" card. Choose the "Information Technology Services" category from the left-side menu. Click the "Hardware / Software" service request card. Select "Software" from the "Hardware or Software?" dropdown menu. Select "Activate Software License for User Account(s)" from the "Activate License or Install?" dropdown menu. Select "Webex Advanced Host License" from the "Software License Requested" dropdown menu. Complete the "Intended Use" field appropriately. Select your name and email from the "User Account(s)" dropdown menu. Click the "Place Request" and "Confirm" buttons in the bottom-right corner of the form to submit. Please note that Webex cloud data will be automatically deleted after a certain period of time. Recorded meeting data (recordings, transcripts, reports, attendance, etc.) are automatically deleted 3 years (1095 days) after creation. Webex app messages, files, and whiteboards are deleted one year (365 days) after creation. How do I get help with Webex? Webex provides excellent support directly to meeting schedulers and participants. Try searching the Webex Help Center for your topic first. If you still needed assistance: Contact Technical Support (Available 24 hours a day, 7 days a week, for Current Customers Only) Phone: 1-866-229-3239 For support with Webex within Brightspace, please visit the Online Learning Webex page. To request additional features in Webex, such as Webinars, Events, and Auto-captioning, or other advanced questions, please email webex@tri-c.edu. Is training available for Webex? For basic documentation and information, please visit the links below. Please note that the Webex interface is updated by Webex frequently, so static documentation may differ from your current experience. For customized training options, please email webex@tri-c.edu. Hosting Webex Meetings Frequently Answered Questions What is the Recommended Hardware for Webex? If you already have a USB headset, webcam, orother audio/video device that works with your computer, it is likely compatible with Webex. At Tri-C, most Webex meetings will require the use of computer audio over the internet, or Voice-Over-IP (VoIP). VoIP works with: Any computer with a microphone, and audio output through speakers or headphones Webcams usually have a microphone USB headsets with a microphone are recommended for the best experience with a computer Any mobile device for which you can install the Webex mobile app Mobile devices use their internal microphones, but can also be used with headphones and headphones with microphones For purchasing devices for College computers specifically for use with Webex, please email webex@tri-c.edu and an ITS representative will contact you to discuss.

Banner Login Issues - Tips to Resolve Overview: If you are experiencing login issues with Banner or receiving the error message below, we recommend the following steps to help resolve or reduce the issue. If you are using Microsoft Edge: 1. Open Edge and CLEAR Browser Cache. 2. Make sure Profile Sync is TURNED OFF. Click on the small three dots on the upper right corner of the page. Click on Settings. By Default, you're on the profile tab. Click on Sync. Click Turn Off Sync. 3. Make sure Block third-party cookies is not enabled. Click on the small three dots on the upper right corner of the page. Click on Settings. Click Cookies and site permissions from the menu on the left. Click Manage and delete cookies and site data. Turn off Block third-party cookies. 4. If the issue persists after completing steps 1, 2 & 3, try another browser or contact helpdesk@tri-c.edu (216-987-4357) for additional assistance. If you are using Chrome: 1. Open Chrome and CLEAR Browser Cache. 2. Make sure Profile Sync is TURNED OFF. At the top right, click Profile. Click Sync is On. Click Turn Off. 3. If the issue persists after completing steps 1 & 2, try another browser or contact helpdesk@tri-c.edu (216-987-4357) for additional assistance. To help reduce the number of times you get logged out of Banner, we also recommend closing my Tri-C space when you are actively working in a Banner session. Document Information Date Author Changes 02/14/2025 Cindy Shick - Original document created. 3/6/2025 Cindy Shick - Added Block third-party cookie instructions for Edge

Announcement Request Guidelines for my Tri-C space. Purpose: To establish standard guidelines for publishing my Tri-C space announcement requests. All announcement requests must be submitted via the designated Service Request form. Announcement and link label must not exceed current character limits. For announcement requests exceeding limitations, a page may be created within my Tri-C space which can be linked to the announcement. Announcements should be posted for the minimum required duration, not to exceed 14 days unless an approved extension is granted. Extensions may be granted on a case by case basis and are subject for review and approval by ITS Leadership. My Tri-C space announcements are not intended for college-wide events, including but not limited to, athletic events or club activities. For college-wide events, contact Integrated Communications Department (ICD), to update the Tri-C event calendar and card for such events. Announcements should target specific roles (eg. Student, Employee, Finance, etc.) when possible. If announcement is intended for a more specific audience, please contact the appropriate department to explore email campaigns or other options. Multi-stage announcement campaigns involve a series of individual announcements, each with a distinct and non-concurrent run time. Minimum of three announcements to be considered a campaign. The length of each announcement must fall within the prescribed duration guidelines. Document Information Date Author Changes 02/13/2025 Cindy Shick - Original document created.

Common Message-Related Scams Scammers try to trick us all the time, often through electronic messages such as email and text messages. Learn about these common scam tactics and how to avoid them. Common Email Scams Gift Card Scam In this scenario, you are asked to buy gift cards, often from someone impersonating a figure of authority. Scammers do their research to choose figures personal to you — for example, your boss or someone higher in your organization. They come up with a cover story, asking you to buy gift cards, take a photo of the codes, and send it to them, promising to repay quickly. These scam messages could be SMS text messages or emails. If you are ever asked over an electronic communication to buy or pay with gift cards, it is probably a scam. Photo and Video Extortion One common extortion message is scripted like this: They claim to have hacked your account or device. They try to convince you by providing “proof” in the form of a previously leaked password from an external service you may have signed up for using your email or spoofing a message to make it look like it originated from your account. They then ask you to pay in cryptocurrency, such as bitcoin, to delete embarrassing videos “they took of you with your webcam” instead of sharing them with your friends and coworkers. In reality, they have no such video and did not hack you in any way. They are hoping you will just pay without questioning them. You can safely delete these. Fake Purchase of Services or Products You may receive an email notification for a product or service you did not buy. Or you may receive an email with an “automatic renewal” for a service. These emails only have a phone number to call and no web links. If you call, they will ask you for information and to connect your computer to a remote support service where they can see and control it. This can lead to malware, identity theft and fraudulent charges. Business Email Compromise Scammers will impersonate employees and vendors, attempting to get bank deposit information changed for billing or payroll. Always verify these emails with a known contact at your organization before changing bank information. Scammers will set up look-alike domains and email addresses to impersonate others as well. If the real vendor contact was validcontact@vendor.com, the attacker might use validcontact@vendor.net and ask for the payments to be sent to the new bank. It can be difficult to notice the tiny difference. Checking with a known contact is vital to ensure these scams are reliably caught. Thread Hijacking Scammers will use an existing email chain that they managed to obtain and insert themselves into the conversation, injecting malicious attachments or links or asking for harmful changes, such as new banking information. This tactic is designed to trick you into letting your guard down by showing you something familiar. Grand Piano Giveaway Scammers claim to be giving away expensive name-brand pianos. If you agree to accept it, the scammer will ask you for money to cover the moving costs from a location outside of your area. They will keep the money and give you nothing in return. Common SMS Text Messaging Scams Most email phishing tactics also apply to SMS text messages and other messaging apps. However, mobile usage complicates things in some additional ways: You might know a person’s email but not their cell phone number. If a text message you receive claims to be from someone you know, you might be more likely to believe it than an email. Be wary of messages from unknown numbers, regardless of who the sender claims to be. If you did give that person your phone number and receive a text from an unrecognized phone number claiming to be them, chances are the sender is not who they claim to be. Scammers will research and impersonate people you know and work with, often those in positions of authority. Using SMS has the advantage of operating outside of email system protections and may be more likely to catch you off guard. Your phone will be less protected than your work systems. Phone and cellular networks are not tied to workplace protections. They cannot filter, monitor or protect your device, network connections, text messages or other messaging apps. QR Codes QR codes are those blocky barcode-like images that direct your device to a web location. They are nothing more than links to a website with the main exception being you generally have no idea where it will lead you to. This makes it very convenient for attackers to trick you into going to a malicious website without having the benefit of web filtering that a Tri-C managed computer would have. QR Codes in Email Sending QR codes via email is a way to bypass email filtering as typically email protections do not have the ability to effectively examine QR codes. It also benefits the attacker by moving the attack to a mobile phone which usually has less protection and is more difficult to see the full website. There is NO REASON a QR code should be in an email! Since a QR code only functions as a link, using a regular clickable link is both more convenient and easier to determine where it leads. Always assume a QR code in email is phishing! QR Code Replacement This technique involves placing a replacement QR code sticker over a business’s legitimate QR code. The replacement QR codes leads to a malicious website that will attempt to phish you or install malware on your device. QR Code Tips Cyberattacks are designed to catch you off guard and trigger you to scan impulsively. Does a QR code make sense in the context in which you are using it? Is it somewhere you would only expect a mobile device to be used? When possible, navigate to a website instead of using QR codes. Typically, when you scan a QR code, you can see a small part of the destination website. Ensure it matches where you are expecting to navigate to. Be cautious before entering any sensitive information on a website from a QR code. Instead, navigate directly to the official website. Malicious Mobile Device Apps It is not recommended to install apps from outside of your device’s official app store. Doing so puts you at much greater risk of encountering malicious apps. However, even the app stores themselves are not perfect at preventing malicious apps. Here are some ways you can protect against malicious mobile apps that could have made it to the app store: Before installing any apps, do a safety check: Are the reviews positive? Are there many downloads? Do the permissions the app requires make sense? Make sure you have a lock screen configured that requires a passcode, thumbprint, or face recognition to unlock. This helps protect your phone, data, and accounts against unauthorized access. Delete apps you no longer use. This reduces your attack surface. Web Browsing Poisoned search results lead to malware/credential theft Sometimes top search engine results for software downloads, document templates, and other things can lead to websites with malware instead of the expected program or document. If you search for and download software, before you launch the software installer, scan it using the VirusTotal service which will check it with 70+ different antivirus engines. Only use VirusTotal to scan non-sensitive things, like software downloads; do not use it to scan anything that should not be public, as submitted files are made available to others. Other poisoned search results can lead to fake websites that will capture your login credentials. Check the URL (address bar) after you arrive at a website to ensure it is the website you were expecting before entering any information. When possible, navigate directly to a frequent website instead of searching for it. Bookmark known good sites you frequent to avoid this. “Malvertising” AKA Malicious Advertisements Hijacked or paid malicious advertisements can direct you to malicious sites to install malware, steal login credentials, or other perform other unsavory action. This is a variant of the above “poisoned search results” and can be avoided in the same ways. Lately, “Sponsored” search results (the first result, a paid advertisement) for common software have led to malware. In addition to the above suggestions, you can also avoid clicking sponsored results as you know it is an advertisement and the actual website is further obscured. “Antivirus” Scareware These are websites that have a full-screen pop-up telling you that “Your PC is infected! Call us at phone number ***-***-****”. There is often even audio to alarm you further as well as images/videos depicting antivirus scanning and malware activity. If you call, they will ask you for payment, information, and ask you to connect from your computer to a remote support service where they can see and control your computer. This can lead to malware, identity theft, and fraudulent charges. I am not aware of any Antivirus that will pop-up and ask you to call a number for assistance in this manner. Should you come across this scam, you can just close the window and/or reboot your computer to make this go away. Browser Update/Additional Software Required Should you receive a notice you need to update your web browser to view the content, close your browser. This is a scam that leads to malware. Malicious Downloaded Documents A downloaded document should not contain a CAPTCHA (“Are you a robot?”). If it does, it is fake and clicking it will lead to a malicious website. Do not click; Instead, close and delete it! Phone Calls Social Engineering Phone Calls Social engineering involves interacting with individuals from an organization (by phone call for example) and trying to trick them into performing actions that might are harmful to the organization. Some examples goals might include changing information in IT systems (such as banking information), divulging sensitive information, changing passwords, navigating to malicious websites, running malicious code, etc. Hackers have increasingly been using this tactic to achieve their nefarious goals. A group known as “Scattered Spider” have been using social engineering phone calls against various organizations including some in northeast Ohio. You might have recently heard about hacking of the companies Caesars Entertainment and MGM Resorts that resulted in significant downtime due to attacks from this group. Be aware that hackers do not only hide behind computers but might also call, so be on guard and watch out for calls that do not seem right. Caller ID Spoofing Caller ID does not necessarily give you correct information about who is calling. Caller ID can be spoofed to provide an incorrect phone number. You have probably seen this with junk calls appearing to come from a local phone number to make you more likely to answer it. Sophisticated scammers might spoof a known entity’s phone number to impersonate them. One example involves using the caller ID of a local police station, claiming that you need to pay a fine to avoid an arrest warrant. AI voice replication A few seconds of audio recording of a person speaking is sufficient to train to AI to be able to create realistic fake audio that convincingly sounds like that individual speaking. This fake audio can be used to conduct extortion, to impersonate a person in a position of authority to request a wire transfer or other sensitive action, etc. To work around these, contact the individual at a known contact number or have procedures in place for extraordinary circumstances. Callback Phishing - Fake orders with callback phone number Many phishing emails use the theme of fake orders/invoices with a shockingly high price tag. These emails contain no links and have only a phone number to “cancel your order”. When a person is directed to a phone, they might be more likely to let down their guard. Unfortunately, there are some call centers staffed with scammers who will take advantage of you. Most if not all real online orders will have links pointing back to the website and rarely have a phone number. If you are not sure if the email is real, you can always check your credit card transactions to see if a charge really occurred. Fake Tech Support Calls Scammers claiming to be from “Microsoft” or other companies will call, telling you they have detected malware on your computer. They will ask you for payment information and ask you to connect to their remote-control website. This is a scam – Microsoft will not proactively call to help clean-up malware.

You can find the current summary of information security for employees in the attached document.

On-Demand Training for Employees Employees can take on-demand security awareness training modules in COMPASS. Click on the COMPASS card in my Tri-C space, then search for the course code “SECUR” to find all the security awareness training modules. The content is refreshed with new and updated modules annually or more frequently to keep up with current threats.