Why do you need a secure password?
Because as a Concordia student, faculty, or staff, you have accounts on several university systems. Even though these accounts are password-protected, choosing a secure password is the first step to protecting yourself and your information against any kind of security threat.
For example, the MyConcordia portal password has the following criteria:
· Your password must be 12-16 characters in length
· Your password must include at least one lower case letter, one upper case letter, one special character (e.g. !, @, # or %) and one number.
The following are additional password tips for keeping your information safe:
Change your password every three to six months and avoid using repeat passwords. If you wish to change your MyConcordia password now, visit the Password reset page now.
Avoid using dictionary words, names of people, names of places, phone numbers, and birthdates. Information hackers have created software to guess passwords and these are the most commonly guessed. Your username, the word 'Password', or 123456 are also easy targets.
Always keep your password a secret. Don't share it, and don't write it down where it may be found.
If an application prompts you to save your password, select 'no'. Anyone with access to your computer could very easily log into an account as you.
Use a password for your Concordia accounts that is different from your other accounts (i.e. online banking and social media). It is best to choose a different password for each account.
Choose a phrase for creating a password that is easy to remember and has special meaning for you.
What are phishing emails? Phishing emails seek to trick users into providing confidential information such as personal dataorfinancialinformation.Sometrytogetyoutotakethebaitbyofferingdeals orrewardsorpretendingtobeatrustedsourcelikeabank, Concordia, an employerorwell-knownbusiness.Theymayseektolureyouontoafraudulentsiteortoclicklinksorattachments.
What can I do about them?
Hover over a sender’s email address with a cursor. It can reveal inconsistencies with the name of the sender.
Think twice about opening emails with a generic greeting, rather than your name.
Only open emails from trusted senders.
Don’t click on links or attachments unless you’re expecting them.
If you’re contacted by a company with which you don’t do business, consider that the email may be phishing or spam.
Watch for mistakes in titles or content.
Report suspicious emails to the Service Desk and then delete them.
What are viruses?
Viruses or malware are files or bits of code that can have a detrimental effect on your computer. They are often sent via email as an attachment with file types such as .exe, .zip and others.
What can I do about it?
Never open any attachments from unknown sources or even from trusted sources with unknown file extensions. Delete suspicious emails and do not open the attachments.
If you have opened any attachments from this type of email, change your MyConcordia portal password, manually prompt Sophos to scan your computer, and contact the Service Desk at 514-848-2424 ext. 7613 or via webform.
What is spam?
Spam is any unsolicited commercial email. Spammers send out these messages to get you to see their advertising and promote their business or product. They send the messages to thousands of people, slowing down the network and causing headaches for the user. Concordia's email filters can catch and block the majority of spam, but unfortunately, it is not possible to block all spam without also blocking some legitimate emails.
What can I do about it?
Delete or filter unsolicited email, bulk email, or unwanted email without opening or replying to it. Never provide your email address to the sites from which you do not wish to receive mail and never post your email address on public forums.
Every email that you send or receive contains two main parts: the body of the message and the header. The email header (or internet header) is a detailed log showing the path the email took from the sender to the receiver as well as the date, time, and email addresses. For instructions on how to view a message header, visit Retrieving email headers page.
Wi-fi is inherently susceptible to security risks. Be cautious when connecting to public wi-fi or open hotspots.
Make sure that the site to which you are connected is encrypted before you send any personal information or sensitive information when using a hotspot. Websites use Secure Socket Layer (SSL) technology to encrypt the information. A good way to know if this is being used is to look at the url of the webpage you are visiting. Verify that the url has https:// or a padlock symbol to make sure the connection is secure.
Ask for a connection name and other details when connecting to an open wi-fi network.
Consider turning off your wireless connection when it is not being used.
Don't allow your device to connect to wireless networks automatically.
Use VPN connection or enable mobile data connection to access a website that may need you to provide sensitive or personal information.
Protect your devices and data
It is important to ensure that your devices and the data they contain are protected at all times. Here are guidelines and tools to help keep them safe.
Concordia has purchased Sophos Anti-Virus, which is proven to deliver superior and proactive protection to safeguard our university's IT environments. For individual use, Sophos is available for download through your MyConcordia portal.
What is Sophos?
Sophos Anti-Virus is a program that runs in the background of the operating system to protect your computer from malicious software and viruses. There are many ways Sophos helps protect your computer:
Whether you're using your computer to browse the Internet, edit documents, or send email, Sophos will automatically scan all files for viruses before any actions are taken. For example, if you attempt to open a document that contains malicious software, Sophos will prevent it from opening and warn you of the possible threat.
It runs numerous scans for viruses and malicious software throughout the week.
It's controlled and monitored centrally by IITS. As a result, clients receive proper monitoring and their virus definitions remain up-to-date at all times. If any problems occur, they are easy to diagnose and resolved in a timely manner.
How do I install Sophos?
Faculty, staff and students are eligible to download Sophos directly to their personal computer from their MyConcordia portal. Simply follow these steps:
1) Sign into your MyConcordia portal at myconcordia.ca using your netname and password.
2) Select 'Software and applications' from the MyConcordia menu.
3) Select 'Sophos Anti-virus' and choose your computer's operating system from the options provided.
4) Choose the work or home use version of the software.
a) Work use: All personal computers not puchased using Concordia funds.
b) Home use: All computers purchsed through Concordia - including non-standard research computers.
5) Sophos will then provide you with step by step instructions to complete the installation.
Please note: Computers acquired through the Concordia standard computer purchase program will have Sophos installed on them at the time of initial setup by Concordia technicians.
Tips on the Sophos Anti-Virus interface:
Once Sophos has been installed on your computer, you will notice a blue shield in the toolbar.
Right click on the blue shield and select Open Sophos Anti-Virus if you wish to view the main control panel.
When Sophos is not working correctly, the blue shield will turn grey and will display a red X.
Scans will take place automatically, but users may also manually start a scan from within the control panel.
A keylogger is a small piece of hardware that logs every key you press on your keyboard. Once installed, a keylogger can capture usernames, passwords, banking information, and anything else you type.
A keylogger can vary in appearance, but will usually look like a small device connecting your computer’s keyboard cable to the computer.
What can I do about it?
Always do a visual check before using any public computer to ensure a keylogger has not been installed.
What should I do if I find a keylogger?
If you notice something suspicious on a Concordia computer, call Concordia's campus security immediately at 514-848-3717 and wait for the security officer to arrive. Do not move the computer or touch the keylogger, as fingerprints may be collected as part of the investigation.
Make a habit of logging off when you are finished using the computer or a certain website. Never leave programs or websites open for others to access. Lock your screen with a screensaver that requires a password on wakeup or turn off your system at the end of the day.
Unwanted software and free downloads can be harmful to your system. Think carefully before you download or install an unknown software on your computer. It is suggested that you only download software from reputable or trusted websites.
An unpatched device is more likely to be vulnerable and can be exploited or compromised. Therefore, keep your operating system and other software up to date by installing updates and patches regularly as they become available (this also applies to applications on your mobile device). It is recommended that you set up your device for automatic software and operating system updates.
If you have opened any attachments from suspicious email, change your MyConcordia portal password, manually prompt Sophos to scan your computer, and contact the Service Desk at 514-848-2424 ext. 7613 or via webform.
All malicious activity is investigated by the appropriate security team. Depending on the severity of the incident, a response plan is actioned which may include meeting with users to understand certain activities, blocking of suspicious user accounts, devices, ports, etc.