Skip to main content

Concordia’s new Information Security Policy makes data safety an institutional priority

Online phishing training is mandatory for all faculty and staff
January 25, 2021
By S. Baker

All it takes is one crack to expose an entire institution to a cybersecurity threat. It can come in the form of a deactivated security feature or even an individual click on a malicious link. The result can have serious impacts on our information, work, finances and personal lives.

Cybersecurity threats are increasing in both frequency and sophistication on a global scale and educational institutions are not immune. In fact, as many continue to work remotely due to the COVID-19 pandemic, universities have become targets for cybercriminals, with many falling victim to cyberattacks in 2020.

What does this mean for Concordia?

“Information security must continue to be a top priority,” says Concordia President Graham Carr. “We must all work to ensure that Concordia remains safe from cyberattacks. We need to be vigilant and aware, and have the knowledge necessary to protect ourselves because the consequences can be dire.”

Concordia’s new Information Security Policy and mandatory training

Recently adopted by the Board of Governors, Concordia has created an Information Security Policy and Cybersecurity program. The goal is to better protect institutional data and information and personal information such as social insurance numbers, home addresses, student academic standing, and research data among other types of sensitive data.

As part of this new policy, all faculty and staff — including senior leadership — must complete a short online phishing training before March 1.

The 20-minute session can be completed as part of the workday from any computer by signing on to the MyConcordia portal. After clicking on the Cyber Awareness Training link located in the left-hand menu, users will be redirected to the secure MediaPro site and prompted to re-enter their Concordia netname and password. No new credentials are required.

The goal? To raise community awareness about cybersecurity and help people assess their knowledge level while filling in the blanks. The interactive training provides examples of threats and indicates how users can protect themselves — both as a university member and in personal life.

Looking forward

“Globally, people are becoming more attentive to these issues,” notes Alex Aragona, Concordia’s executive director of application portfolio management and chief information security officer. “We know that it’s no longer just big, international corporations that get hacked, phished or saddled with ransomware.”

Every month, Concordia’s Instructional and Information Technology Services blocks a significant number of malicious emails and intrusion attempts. That may be reassuring, but it’s not enough to put Aragona’s mind at rest.

As an additional layer of security, beginning in late 2020, select faculty and staff began adopting a new two-step sign-in process called multi-factor authentication for email access and Microsoft 365 collaboration tools such as Teams. All faculty and staff are expected to be gradually onboarded by summer.

Additionally, further details related to the new Policy on Data Governance will also be unveiled in 2021, including a data classification standard that will guide the university in identifying measures and controls to protect its data. 

“Though we keep adding to our already strong systems, the best defences against cyberattacks are individual awareness and safe digital practices,” Aragona says. “Digital security is everyone’s responsibility. It goes beyond Concordia into the personal lives of each one of us.”

Find out more about Concordia’s new
Information Security Policy and Cybersecurity program.




Back to top

© Concordia University