IITS reminds Concordians to click with care!
You suspect that an email you just received is phishing but you don’t want to be too hasty about deleting it. It mentions an opportunity that sounds interesting.
You know you’re due to change your password but can’t bear the idea of coming up with another one. You’d rather wait.
You just found a USB key and you’re curious about what’s on it.
Think carefully before you click, ignore or plug in. Your finances, private data and work could all be affected if you fall for a cyberscam. You could even help hackers get into Concordia’s systems and put research and other institutional data at risk.
Cybersecurity awareness campaign
Concordia’s Instructional and Information Technology Services (IITS) has launched a new cybersecurity training module for faculty and staff. The 20-minute online course can even be done during the regular workday. That’s because the university wants to drive home the message that cybersecurity awareness is fundamental, in both our professional and private lives.
IITS also recommends some cybersecurity best practices that everyone should keep in mind:
1. Choose secure passwords and keep them safe!
A secure password is the first step in protecting yourself and your information from cybersecurity threats. Concordia passwords must be:
- at least eight characters long
- include at least one lowercase letter
- include at least one uppercase letter
- contain at least one number.
Good password practices include:
- changing them every six months
- avoiding reusing elements from old passwords
- avoiding names of people, places, things, phone numbers and birthdates
- keeping passwords secret and not writing them down
- clicking “no” if you’re prompted to save your password
- avoiding the word “password” and the sequence 123456
- using different passwords for each of your accounts
When it’s time to change your main Concordia password, go to the MyConcordia password reset page.
2. Don’t take the bait!
Phishing emails seek to trick users into providing confidential information such as personal data or financial information. Some try to get you to take the bait by offering deals or rewards or pretending to be a trusted source like a bank, employer or well-known business. They may seek to lure you on to a fraudulent site or to click links or attachments.
Here are suggestions to avoid falling prey:
- Hover over a sender’s email address with a cursor. It can reveal inconsistencies with the name of the sender.
- Think twice about opening emails with a generic greeting rather than your name.
- Only open emails from trusted senders.
- Don’t click on links or attachments unless you’re expecting them.
- If you’re contacted by a company with which you don’t do business, consider that the email may be phishing or spam.
- Watch for mistakes in titles or content.
- Report suspicious emails to the Service Desk and then delete them.
3. Avoid viruses through good cyber hygiene
Viruses or malware are files or bits of code that can have a detrimental effect on your computer. Here’s how to avoid them:
- Never open attachments from unknown sources.
- Never open unknown file extensions.
- Delete suspicious emails.
- If you think you may have opened a dangerous attachment, change your passwords and contact the Service Desk.
4. Connect with care
Concordia offers students and employees access to an on-campus virtual private network (VPN). When using other forms free public Wi-Fi or open hotspots, make sure that the site to which you are connecting is encrypted before you send any personal or sensitive information.
Websites should use Secure Socket Layer (SSL) technology to encrypt the information. Look for https:// or a padlock symbol in the address bar indicating that the connection is secure.
You can also:
- Consider turning off your wireless connection when you are is not using it.
- Not allow your device to connect to wireless networks automatically.
- Use a VPN like Concordia’s connection or enable your phone’s mobile data to more safely connect to websites.
5. Protect your devices and data
Keep your antivirus program up to date. It runs in the background of operating systems to protect your computer from malicious software and viruses.
Concordia offers its members Sophos Antivirus on campus and for individual use. You can download it through your MyConcordia portal.
6. Keep your software and applications updated
An unpatched device is more likely to be vulnerable and can be exploited or compromised. Therefore, keep your operating system and other software current by installing updates and patches as soon as they become available. This is also true of applications on your mobile devices.
It is recommended that you set up automatic software and operating system updates.
7. Log off, turn off
Make a habit of logging off when you are finished using a computer or website. Never leave programs or websites open for others to access.
On your own computer, lock your screen with a password when you aren’t using it.
8. Beware of free downloads
Unwanted software and free downloads can be harmful to your system. Think carefully before you download or install software on your computer. When you do, make sure it comes from a reputable source.
9. As for that USB key you found…
The only safe thing to do is throw it out! Your curiosity could release malware on your laptop or into a larger system.
Learn more about how to keep yourself and your data safe by visiting the IT Security webpage.