Skip to main content

Concordia ramps up efforts to protect personal, research and institutional data

A quick, convenient, interactive training module will help community members better identify security risks
February 7, 2020
By Sylvie Babarik

Alex Aragona: “Digital security is everyone’s responsibility.” Alex Aragona: “Digital security is everyone’s responsibility.”

Phishing and phone scams are more than annoying. They pose a real and growing threat to our personal information. They also put institutions like universities at risk of having sensitive data, research findings and money stolen or extorted.

As a result, Concordia is making data security an institutional priority. The university is kicking off a cybersecurity awareness campaign, beginning with an online training course for all faculty and staff.

“Currently, we have a strong fence, from a systems point of view,” says Alex Aragona, executive director of application portfolio management and chief information security officer at Concordia.

“Though we keep adding to it, the best defences against cyberattacks are individual awareness and safe digital practices.”

Every month, Instructional and Information Technology Services (IITS) blocks a significant number of malicious emails and intrusion attempts. That may be reassuring, but it’s not enough to put Aragona’s mind at rest.

“Digital security is everyone’s responsibility. It goes beyond Concordia into the personal lives of each one of us,” he says. “We all need to understand the risks associated with phishing and spear phishing and the potential impacts on our information, our work and our finances.”

Is there any way to remain cybersecure?

The landscape of security threats is vast. Media reports have detailed numerous cases of governments, institutions and individuals seeing data compromised through cyber scams. Greater awareness is one of the best defences.

“Globally, people are becoming more attentive to the issues. We know that it’s no longer just big, international corporations that get hacked, phished or saddled with ransomware,” Aragona says.

Finance and personal data may not be the university’s primary activity, but the range of information it collects and develops could still make it susceptible, he adds.

“Because of our size and the broad range of data we house, Concordia could be a target. We need to continue securing both our administrative and research information.”

Concordia is also made up of a range of technology users. Some community members are very tech savvy, while others are less informed about risks.

Furthermore, some may employ older devices with outdated operating systems. That is something that can be exploited by hackers looking for a way into the university network.

What do Concordians need to do to stay safe?

All Concordia staff and faculty are urged to take a new cybersecurity awareness training course developed by MediaPRO. The 20-minute session can be completed from any computer by signing on to the MyConcordia portal. After clicking on the Cyber Awareness Training link located in the left-hand menu, you will be redirected to the secure MediaPro site that will prompt you to re-enter your Concordia netname and password. No new credentials are required.

The course is intended to help people assess their knowledge level and fill in the blanks on issues like data breaches, hacks and ransomware attacks. It provides examples of threats and indicates how you can protect yourself — both as a member of the university and in your personal life.

“Because we have the support of senior university administrators, you can do the training as part of your regular workday. I expect that many supervisors will want to ensure that the information is part of their team’s knowledge set,” Aragona says.

IITS will also be providing tips on safe computing through its Security web pages. Those who don’t find the answers they need there can and should reach out for help.

“Our software barriers are good, but new and more sophisticated attacks could sneak through,” he says. “Therefore, if you are the target of a suspicious email or phone call, please report it. Even if it’s a false positive, we’d like to investigate.”

If you receive a suspicious email, see an odd webpage pop-up or get a call that you think could compromise someone’s security, please contact



Back to top

© Concordia University