October - Cyber Security Awareness Month
Cyber Security Awareness Month is an internationally recognized campaign held each October to inform the public of the importance of cyber security. This campaign is focused on helping all Canadians be more secure online, by being informed and knowing the simple steps to take to protect themselves, their families, their workplace and their devices. Each week in October a new topic will be posted to highlight different aspects of cyber security. Please check back to become more aware and more secure.
Week 4: October 21-28, 2019
Double Your Login Protection
No matter how long and strong your password is, a breach is always possible. All it takes is for just one of your accounts to be hacked, and your personal information and other accounts can become accessible to cyber criminals.
Enable multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that requires logging in. If MFA is an option, enable it by using a trusted mobile device, such as your smartphone, an authenticator app, or a secure token—a small physical device that can hook onto your key ring. This way, even if cyber criminals guess your password, they're still out of luck!
To find out how to turn on MFA for many application, visit https://www.telesign.com/turnon2fa/tutorials/.
Week 3: October 14-20, 2019
A common misconception when it comes to cyber security is that you have to be an expert with an array of sophisticated tools at your disposal in order to protect yourself from cyber threats. The reality is that everyone is capable of adopting simple behaviours that can protect them from the most common cyber threats. In some cases, you may already be aware of these behaviours, but you either underestimate their importance or you choose to ignore them because they are inconvenient. You may also be confused due to the overwhelming amount of security advice you receive on a day to day basis.
For individuals, your personal behaviour online are just that – personal. How you manage your accounts, or what level of security you choose to implement is your choice. But at the very least, it should be an informed choice. The Canadian Centre for Cyber Security `developed the following steps, because they are simple to put into practice, yet when implemented as a set they are very effective.
- Practice good password etiquette
- Accept updates to your mobile devices, computers, and applications
- Secure your social media and email accounts
- Be on guard for phishing (and spear-phishing) messages
- Store your data securely and know your back-up procedures
Please review the week 3 infographic for interesting facts and statistics.
Week 2: October 7-13, 2019
As Canadians put more of their information online, they become increasingly attractive targets for cyber threat actors. Canadians’ exposure to cyber threats increases with the growing number of Internet-connected devices, such as televisions, home appliances, thermostats, and cars. As an individual, you may be the victim of cyber fraud and extortion attempts from cybercriminals. Actors can use cyber tools and social engineering to extort money or information from Canadian individuals and businesses. You may have heard of these techniques or you may have already been the victim of a cyber incident. Some of the most commonly used tools are adware, ransomware, denial of service, password cracking, pharming, phishing and malware. The good news is that even as the range of tools and techniques at the disposal of cyber threat actors continue to increase, the different tools and techniques at the disposal of businesses, organizations and everyday Canadians can protect against even the most sophisticated attempts.
Please review the week 2 infographic for interesting facts and statistics.
Week 1: October 1-6, 2019
How Cyber Threats Work
A cyber threat is an activity intended to compromise the security of an information system (such as a computer network, a website or even a social media page) by altering the availability, integrity, or confidentiality of a system or the information it contains. These activities take place in the online space. Cyber threat actors are simply individuals or organizations, they may have different motivations, skill sets or capabilities but often the end result is often the same. In general, they seek to demonstrate their capabilities, cause harm to an organization or individual or profit from online activities. Cyber threat actors aim to take advantage of vulnerabilities, low cyber security awareness, and technological developments to gain unauthorized access to information systems in order to access or otherwise affect victims’ data, devices, systems, and networks. Sometimes, even sophisticated actors use less sophisticated and readily available tools and techniques because they meet their needs and require little effort on their part. Understanding how cyber threats work is the first step in protecting yourself and your organization from their activities.
Please review the week 1 infographic for interesting facts and statistics.
Computer Virus FAQ Sheet
Antivirus Software Requirements for Personal Laptops
Total Security Virus Removal
MS Removal Tool and Variants
Other valuable virus tips
Preventing Spyware, Adware, Viruses and Other Internet Nasties
What to Do If You Have A Computer Virus
World Map of Virus Threat level
E-mail Fraud / Phishing
What is Phishing?
Phishing is a general term for e-mails, text messages and websites fabricated and sent by criminals and designed to look like they come from well-known and trusted businesses, financial institutions and government agencies in an attempt to collect personal, financial and sensitive information. It's also known as brand spoofing.
Below are resources from the web to educate yourself and understand how to deal with phishing emails.
RCMP - What Is Phishing?
How to Avoid Phishing Scams
- When you select 'phishing' you will be asked to report to Microsoft
What is Cyber Bullying
Cyber Bullying Reference Sheet
Lost or Stolen Equipment
** Click here to see a guide on how to prevent laptop theft **
If any school issued equipment is stolen or lost the following actions should be taken
1. Report the incident to campus security
2. If its a school laptop, the police must be notified and an police report generated (with report number)
3. Report the incident to IT Services (fill out Security Loss Incident Report)
Many of the systems at Durham College and UOIT that are required to be accessed from off campus (ie. home, friends house, public library etc.) have web interfaces that make accessing them very simple. By simply using a common web browser like Internet Explorer, Firefox, Google Chrome, etc. you can have access to many of the various systems/applications that you require. Below are some quick links that you can use to access different systems.
For staff and faculty that require access to systems that are not accessible via a web browser, IT Services does provide a VPN service that uses your network credentials (along with a VPN client) to establish a remote connection to our campus network. Below is the VPN form that needs to be filled out prior to access being granted for VPN use. For further clarification, please contact the support desk directly.
VPN Statement of Responsibility and Rules of Conduct
Protecting Confidential Information
Security Best Practices
Keep your firewall turned on at all times
Keep your antivirus software and virus definitions up-to-date
Keep your operating system up-to-date as well as any software you have running on your computer
Install antispyware software and scan regularly
Encrypt files and documents where possible