Information Security

Data Security

At Maricopa Community Colleges, we prioritize privacy and security. It's about safeguarding information and electronic resources crucial to our institutions—and you. We firmly believe that data protection and cybersecurity is not just the IT department's job; it's a collective responsibility that involves everyone in the Maricopa community.

Each of us must actively participate in ensuring the safety of our digital and physical assets to reduce risks to our organization, staff, faculty, and students. After all, protecting our data is vital, and we're in this together.

Tips for Recognizing Phishing

  • Money offers or other attention-grabbing statements are designed to attract people’s attention immediately. Be wary of offers that seem too good to be true.
  • Be cautious when responding to email messages. Unfortunately, email may appear to come from people we know when it is not. Review the contents carefully and use caution when clicking on links. When in doubt, contact the sender with a separate email to validate the message - do not respond to the email directly. (In the example noted above, the name of the person and the email address don’t match.) 
  • Use your MCCCD email address for MCCCD business purposes only. 
  • Be wary of emails you were not expecting. Delete and purge any suspicious messages.
  • Never share your password with anyone. Legitimate, authorized service and support personnel will not ask for account passwords. As an information security best practice, it is recommended to not reuse the same password with multiple accounts.
  • Never send confidential information such as social security numbers over email.
  • It is always best to err on the side of caution and ask questions. If you have questions, or concerns, or wish to report any suspicious events or activities, please contact District ITS Information Security, at

Sophos Free Antivirus Protection for Home and Work

Since security is our top priority, we want to ensure all our students, faculty, and staff feel safe using their devices. That's why we provide you with free antivirus software from Sophos for up to 10 personally-owned devices to protect you and safeguard our network.

Sophos Home Commercial Edition, our antivirus choice, is packed with cutting-edge features trusted by top Fortune 500 companies, so you know you're getting the best protection. It works on both Windows and Apple computers, so no matter what device you're using, it’s covering you against online threats.

Sophos excels at swiftly detecting and eliminating dangerous malware, securing sensitive information, and defending against ransomware and exploits, so you can surf the web knowing you're in safe hands.

Our goal is to provide a secure digital environment for our community. So, we're offering this powerful antivirus solution to you free of charge, so you can focus on your studies and work without cybersecurity worries. 
*To access Sophos’ free service, you must use your Maricopa Enterprise ID ( Later, you can use your personal email address to register for an account or upgrade your existing account.

Frequently Asked Questions

Yes. Sophos has many helpful videos and playlists available on YouTube dedicated to Sophos Home Commercial Edition. Topics include installation, using and configuring Sophos, and troubleshooting on Windows, Mac OS, Apple iOS, and Android devices.

To access these services, use your Maricopa enterprise ID, Later, you can use your personal email address to register for an account or upgrade your existing account.

Yes. The following terms of use apply to this offer. Other terms may apply—refer to the Maricopa Sophos Home Commercial Edition site for all terms and conditions for this offer:

  • All current students, faculty, and staff may use Sophos Home Commercial Edition on up to 10 personally-owned devices for free
  • A valid, current email address is required
  • The device must be the customer’s personally-owned device, not Maricopa-issued
  • The Sophos Home Commercial Edition license will automatically expire in the event of graduation, separation, retirement, or the end of Maricopa Community Colleges’ enterprise license agreement with Sophos
  • The offer may end at any time, but Maricopa Community Colleges will communicate any changes to this offer

For Sophos to be installed on your Maricopa-issued computer, you must have your computer on and connected to our network using Virtual Private Network (VPN) software if working remotely. Onsite computers will update automatically. Watch for instructions from your college or contact your college help desk for more specific information.

While most of Maricopa's applications, functions, and services can be accessed remotely, some are restricted to the Maricopa network, which requires VPN access. VPN technology enables a secure, encrypted connection​ between your computer and resources on the Maricopa network. Note: VPN access and instructions may vary by location. Contact your local help desk for assistance.

First, you must request VPN access by submitting a ticket through your local help desk because VPN client installation instructions may vary by location. The help desk staff can also answer your questions about using the software and connecting to the network.

After installation, the Sophos software will occasionally display status messages on your computer. On computers running Microsoft Windows 10, you will see the Sophos icon in the notification area on the bottom right-hand area of your screen.

The Sophos icon is typically in the upper right-hand corner on Apple Mac OS computers. However, the location of this notification may vary by the Mac operating system.

No. Sophos provides technical support for Sophos Home Commercial Edition. Sophos support technicians are available Monday through Friday from 8 a.m.–8 p.m. EST. Refer to the Contacting Sophos Home Support website for details.

Also visit the Sophos Home Commercial Edition support website to find answers to commonly asked questions and other online resources.

Yes. Sophos provides technical support for Sophos Home Commercial Edition. Sophos support technicians are available Monday through Friday from 8 a.m.–8 p.m. EST. Refer to the Contacting Sophos Home Support website for details.

Also visit the Sophos Home Commercial Edition support website to find answers to commonly asked questions and other online resources.

Please submit a help desk ticket or contact your college or District support team.

Once you are no longer employed by Maricopa Community Colleges or attending college, you will receive a License Expired notification from Sophos.

Data Classification and Protection

Data holds immense value in today's interconnected world, driving decision-making processes across various domains. As members of the Maricopa Community Colleges system, we are responsible for safeguarding this valuable asset.

Data Classification

Public May be disclosed to anyone.
Internal For internal use only - Default classification.
Confidential Sensitive information.

Public Data

Public data consists of non-sensitive information that can be freely released to anyone. Examples of public data include:

  • Brochures and flyers
  • Public-facing web pages
  • Campus maps
  • Administrative regulations

Internal Data

Internal data is the default classification. It is information intended for use only between employees and trusted partners. Examples of internal data include:

  • Student and employee ID numbers
  • Files containing internal activities
  • Standards and procedures

Confidential Data

Confidential data demands that employees follow proper procedures, as unauthorized access could lead to severe repercussions and expensive reporting obligations. If your work involves dealing with confidential data, you will receive special training in electronic information protection. Moreover, our systems processing this data type employ stringent security measures to safeguard it. Examples of confidential data include:

  • Social Security Number, Driver's License Number, Tax ID, Credit Card Number, Bank Account Number, Patient ID
  • Student, medical, and financial records
  • Grade information
  • Computer passwords

Internal Email confidential data must be encrypted.

Data Handling

Any time you store or share confidential information, it must be appropriately secured and protected to maintain confidentiality and integrity. Refer to the Information Technology Directive on Information Classification and Handling for more detailed information.

Internal confidential data shared through email must be encrypted before sending. This can be done by either storing and sharing the file within Google Drive or using 7zip to encrypt the file.

When handling internal and confidential data, it must be:

  • Protected to prevent its loss, theft, unauthorized access, or disclosure
  • Stored in a closed container (i.e., file cabinet, closed office, etc.) when not in use
  • Kept private and not be posted on any public-facing website

Best Practices at Your Workspace

Protecting sensitive data is our primary focus and involves the help of you, our faculty, and staff members. While our antimalware software defends us from cyber threats, we also take additional precautions to prevent physical compromise of our systems by unauthorized individuals. Combining strong cybersecurity measures with practical physical security ensures the safety of valuable information and the preservation of student privacy.

  • Secure your computer screen: Adopt the habit of locking your computer screen whenever you step away from your desk. You can accomplish this simple yet effective practice by pressing the following keys on your keyboard: CTRL + ALT + DELETE for Windows computers or Command + Control + Q for Macs. This action will take you to a lock screen where you can secure your computer.
  • Restrict access to your computer: Avoid letting other employees access your computer, except when receiving assistance from user support technicians for specific computer-related issues. Maintaining control over who can use your workstation while logged in under your account adds an extra layer of security.
  • Keep your workspace organized: Prioritize the orderliness of your desk area, and make it a point to store any physical documents containing sensitive or confidential data in a locked drawer. Doing so ensures that sensitive information remains protected and inaccessible to unauthorized personnel or visitors.

These measures ensure our work environment is secure and sensitive data remains safe. Each of us plays a crucial role in preserving the confidentiality and integrity of our system. Together, we build a strong defense against security threats, protecting our organization and maintaining the trust of our students. Your efforts truly make a difference!

Data Governance

The Administrative Regulations and IT Directives govern Information Security for Maricopa County Community College District. The program is structured around the NIST Cyber Security Framework.

Administrative Regulations
The Administrative Regulations are the overarching regulations that govern the process by which MCCCD IT Directives are administered. Information technology regulations are located in Section 4, Auxiliary Services. Important technology use resources can be found under 4.4, Technology Resource Standards.

Information Technology Directives
Per Administrative Regulation 4.23, Written Information Security Program, these policies and standards enforce the foundational information security and privacy policies and practices across the District.