Cyber attackers use social engineering: the art of human manipulation...
Cyber attackers use social engineering: the art of human manipulation...

Compliance Matters

Insights from the Office of Compliance, Risk, and Ethics
November 2019

Data Security @MC

A common misconception about cyber attacks is that they rely on highly advanced tools and techniques to break into people’s computers or accounts. This is a myth.
Cyber attackers know that the easiest way to get what they want is to target people, rather than technology. Social engineering is when a cyber attacker pretends to be someone you know or trust—such as your bank, a coworker, or a known vendor—and then uses that trust to get what they want, typically by just asking for it. Phishing emails are a common example. Do your part to keep the College’s information and assets safe: know how to recognize a social engineering attack.

IT Security is here to help MC employees!

When in doubt, report suspicious emails by clicking the Report Phishing button, available both in Outlook and in Office 365 (on the web or mobile device). Reported emails are analyzed by trained IT staff, and, if found to be legitimate, are returned to the user with an explanation. It is always safer to report than to gamble with your account security.

Look for these clues to spot a phishing attack:

Urgency: The message urges you to act quickly before something bad happens. It may threaten that your account is about to expire, or that you may face legal consequences if you don’t act immediately. Beware: the attacker wants to rush you into making a mistake.
Pressure: The message pressures you to bypass or ignore policies or procedures at work. Always follow College procedures.
Curiosity: The message invokes a strong sense of curiosity or promises something that is too good to be true.
Sensitive: The message includes a request for sensitive information, such as a credit card number, password, vendor identification, or any information that you are just not comfortable sharing.
Official: The message says it comes from an official organization, but (1) has poor grammar or spelling, or (2) comes from a personal email address, such as or If you are not sure whether a message is legitimate, call the organization to double check, but use a trusted phone number, such as one from their website—not contact information provided in the email itself.
Impersonation: You receive a message from a friend or co-worker, but the tone or wording does not sound like them. If you are suspicious, phone the sender to verify they sent the message. It is easy for a cyber attacker to create messages that appear to be from someone you know. In some cases, they can take over one of your friend’s accounts and then pretend to be your friend when reaching out to you. Be particularly aware of emails that appear to be from your supervisor, asking you to purchase gift cards: this is a scam.

Take the required Data Security training available through MC Learns.

Data Security@MC training is available now! Staff and faculty must complete this by June 30, 2020, but take the training today and get ahead of the curve. This online training provides tools and knowledge to better protect personal MyMC data and College business data. Broken up into convenient modules, it takes only about 35 minutes to complete. Don’t fall prey to cyber attack: use this opportunity to strengthen your defense (and the College’s defense) to data security threats.

Gratitude: Compliance Week 2019

Employee Jaqueline Queirolo in front of lockdown and Run, Hide, Fight posters
Employee Christine Tracey with EthicsPoint card
A sincere thank you to everyone who joined us in celebrating National Compliance and Ethics Awareness Week November 4-8, 2019! Integrity is central to carrying out the College’s mission. We are thrilled to be surrounded by a community of employees who recognize this truth, and who are engaged in the work of fostering an ethical culture. We are grateful for everyone who participated in the daily compliance puzzles, attended a workshop, or even just read through the ethics messages shared through email.

Enjoy these photos submitted by some of our Compliance Scavenger Hunt participants. You made this week a smashing success!
John Beiter in an emergency stairwell Employee Colleen King with Title 9 resource card Employee Cynthia Mauris with AED and EthicsPoint card
Join Us: Compliance on Campus
Miss out on the in-person activities during Compliance and Ethics Awareness Week earlier this month? Have questions for the Compliance, Risk, and Ethics team? Join us at a campus council meeting near you:
  • Takoma Park/Silver Spring Campus Council – Monday, November 25
  • Rockville Campus Council – Tuesday, December 3
  • Germantown Campus Council – Tuesday, December 3

What Does Respect Look Like?

Here are a few ideas for how you might embody this value in your everyday interactions:
  • Demonstrate punctuality and value others’ time.
  • Acknowledge people.
  • Consider how your words and actions may affect others.
  • Follow up on work assignments in a timely manner.
  • Communicate honestly, but without compromising tact.
Interested in learning more? Check out the College’s new Ethical Expectations Guide. Developed by a workgroup of twelve employees from across the College, this resource offers practical guidance for living out the Code of Ethics while on the job. We invite you to delve into this booklet and make it your own: identify at least one concrete action you can take to help create a thriving ethical culture at MC.

Compliance's door is always open.

Contact us

Q & A:

Supporting the Academic Success of Pregnant and Parenting Students

Q: One of my students has been absent two out of the last four class sessions. I overheard her talking to a classmate recently about being pregnant, but the student hasn’t said anything to me. My department’s policy is that any more than two absences will result in a lower participation grade. What should I do if this student misses class again? May I ask her for a doctor’s note?
A: Title IX requires that students be allowed to take time off of school for pregnancy, childbirth, miscarriage, termination, or recovery from any of these events. Absences must be permitted, without penalty, for as long as the student’s doctor deems it is medically necessary. When the student returns to school, she must be given the opportunity to make up any work missed. Some students may need a few absences for medical appointments, while others may need a longer leave of absence for a high-risk pregnancy or childbirth.
Regardless of department policy, students cannot be penalized for taking this leave. The rule may also apply to a student whose partner is pregnant, at the discretion of the Title IX Coordinator.
Do not ask the student for a doctor’s note. Instead, contact the College’s Title IX Coordinator, Christopher Moy, for guidance about how to proceed. More information can be found on the College’s Title IX webpage.
Subscribe to our email list.