Recently adopted by the Board of Governors, Concordia has created an Information Security Policy and Cybersecurity program. The goal is to better protect institutional data and information and personal information such as social insurance numbers, home addresses, student academic standing, and research data among other types of sensitive data.
As part of this new policy, all faculty and staff — including senior leadership — must complete a short online phishing training before March 1.
The 20-minute session can be completed as part of the workday from any computer by signing on to the MyConcordia portal. After clicking on the Cyber Awareness Training link located in the left-hand menu, users will be redirected to the secure MediaPro site and prompted to re-enter their Concordia netname and password. No new credentials are required.
The goal? To raise community awareness about cybersecurity and help people assess their knowledge level while filling in the blanks. The interactive training provides examples of threats and indicates how users can protect themselves — both as a university member and in personal life.
“Globally, people are becoming more attentive to these issues,” notes Alex Aragona, Concordia’s executive director of application portfolio management and chief information security officer. “We know that it’s no longer just big, international corporations that get hacked, phished or saddled with ransomware.”
Every month, Concordia’s Instructional and Information Technology Services blocks a significant number of malicious emails and intrusion attempts. That may be reassuring, but it’s not enough to put Aragona’s mind at rest.
As an additional layer of security, beginning in late 2020, select faculty and staff began adopting a new two-step sign-in process called multi-factor authentication for email access and Microsoft 365 collaboration tools such as Teams. All faculty and staff are expected to be gradually onboarded by summer.
Additionally, further details related to the new Policy on Data Governance will also be unveiled in 2021, including a data classification standard that will guide the university in identifying measures and controls to protect its data.
“Though we keep adding to our already strong systems, the best defences against cyberattacks are individual awareness and safe digital practices,” Aragona says. “Digital security is everyone’s responsibility. It goes beyond Concordia into the personal lives of each one of us.”