Our increasingly online world brings greater risks
Cybersecurity is a serious concern for institutions as well as anyone with any kind of internet presence — which certainly includes all Concordia faculty, staff and students.
And with more people around the world working, shopping, communicating, studying or doing countless other tasks online, the danger from malicious actors has only been amplified.
“We live in a connected world, more so than before. The more our lives go online, the more likely it is that a person will face a cybersecurity threat such as phishing or malware,” says Mike Popoff, chief information security officer at Concordia’s Instructional and Information Technology Services (IITS).
Phishing emails look legitimate but are designed to trick individuals into revealing personal information, such as passwords or credit card numbers. They may include embedded links that can also lead to the installation of malware — software designed to cause damage to a computer, device or system.
One type of malware is ransomware, often spread through phishing emails that contain malicious attachments or through drive-by downloading, which is when a user unknowingly visits an infected website and malware is downloaded and installed without the user’s knowledge.
Ransomware could make the device or system unusable until a ransom is paid.
Online platforms create new challenges
Every month, IITS blocks a significant number of malicious emails and intrusion attempts. However, an increasing reliance on online platforms has brought additional challenges.
“When faculty, staff and students use computers on campus, Concordia’s firewall and desktop tools provide a certain amount of protection. Now, with people using their own PCs or laptops more often, we often don’t know what level of protection is available on their home devices,” Popoff says.
“That’s why it’s so important for users to be hypervigilant. It’s important for people to recognize phishing emails, which usually have a call to action or a link or ask for credentials or personal info.”
The university has also stepped up its cybersecurity efforts over the past few years. Concordia email accounts now have a multi-factor authentication that requires users to enter their username and password plus provide an additional approval, usually through their cellphone.
IT security training is also available to faculty and staff via the KnowBe4 platform and for students with Drip7.
“We also activated Safe Links, which analyzes email links, and deployed SentinalOne, which adds an extra layer of protection against malware,” Popoff reports.
“Even though we’re adding these multiple layers, users still need to be aware. We’re equipping people with as many tools as possible so they can help us identify threats, stop them and alert us.”
Visit the Concordia’s IT Security page to learn valuable information about protecting your identity.