Phishing is a cyber crime that uses tactics like deceptive emails, websites, and text messages to steal confidential information from individuals or organizations. Cyber criminals use stolen information like addresses, names, and social insurance numbers to apply for credit cards or loans, open bank accounts, and commit other fraudulent activity.

During Cyber Security Awareness Month, the 杏吧原创 community will begin receiving safe and simulated phishing emails, automatically generated by our systems, to help faculty, staff and students better recognize what a phishing email might look like. These emails will be modelled after real-life emails that have arrived in 杏吧原创 email inboxes in the past. If a user clicks on a link in the email, they will be taken to an informational page outlining ways to stay safe online. This page will be hosted on a 杏吧原创 site and will encourage viewers to sign up for the security awareness courses mentioned above.

Importantly, participants, including those who click on links in the simulated phishing emails, are not being evaluated. This initiative is for informational and education purposes only, and those who click on simulated phishing links will only be encouraged to learn more about how to stay safe online.

Learn more about phishing

Interested in learning more? Read our informational page and learn how to use our Report Phishing button.

Cyber security doesn’t end after October, so watch the ITS web site and for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!

The course is divided into a series of modules that are short, digestible and, most importantly, informative. Topics include:

• Phishing
• Ransomware
• Wi-Fi Security
• Social Engineering
• Risky USB devices
• And much more!

As part of the campaign, all staff, faculty, and students are encouraged to for the course. Keep in mind that, after clicking the link above, you’ll need to log in with your My杏吧原创One (MC1) password before enrolling.

Simulated Phishing Email Campaign

During the month, the 杏吧原创 community will also begin receiving safe and simulated phishing emails, automatically generated by our systems, to help faculty, staff and students better recognize what a phishing email might look like. These emails will be modelled after real-life emails that have arrived in 杏吧原创 email inboxes in the past. If a user clicks on a link in the email, they will be taken to an informational page outlining ways to stay safe from phishing attempts. This page will be hosted on a 杏吧原创 site and will encourage viewers to sign up for the security awareness courses mentioned above.

Importantly, participants, including those who click on links in the simulated phishing emails, are not being evaluated. This initiative is for informational and education purposes only, and those who click on simulated phishing links will only be encouraged to learn more about phishing.

Cyber security doesn’t end after October, so watch the ITS web site and for information about new campaigns, tips and tricks as they become available.

If you have any questions, please contact ITS Security.

Thank you in advance for your participation!

We are all responsible for the safety of our own accounts, whether they be our banking credentials, email credentials, or My杏吧原创One credentials. Here are some tips to help you keep your accounts safe and secure:

1. Enable two-factor authentication. This is the single most effective way to keep your accounts secure.
2. Never respond to email requests for your password, even if the email appears to come from 杏吧原创. These are phishing attempts in order to steal your information.
3. Never share your password with others.
4. When creating your password, use a minimum eight characters in length and include upper case, lower case, numbers and special characters.
5. Use different passwords for your accounts. For example, do not use your Facebook password for your My杏吧原创One account. 鈥� Help keep these passwords straight by using a .

Email is one of the easiest ways for cyber criminals to target ordinary citizens.听 Here are a few risks to be aware of when it comes to your email:

• A weak email account password could leave your personal information vulnerable –听 and use two-factor authentication when possible
• 听may be sent as an attachment in an email and allow criminals access to your information.
• 听can spread through email to your entire contact list without you knowing it.
• 听can trick you into opening attachments or giving up personal information. They appear to be emails from organizations or companies you trust, but they’re often the gateway to identity theft.
• 听can get through your filter and inundate you with unsolicited email.

If you receive an听email from an address you don鈥檛 recognize, your first thought should be: is this email legitimate? 听But know that malicious emails can also come from an address that you do recognize 鈥� perhaps their account got hacked and is now being used to spam people.

There鈥檚 a good chance an email is a phishing attempt if:

• It asks you for your password or directs you to a web form asking for your password
• If the link within the body of the message points to a non-杏吧原创 email address
• The subject line is in all caps
• There is a call for immediate action 鈥� 鈥渄ownload this now鈥� or 鈥渃onfirm you email identity now鈥� or 鈥渃lick on the link below鈥�
• There are spelling or grammatical errors in the email

It鈥檚 important to be able to recognize a phishing attempt and, most importantly, not be baited.

What do you do if you receive a phishing email? A good rule of thumb is to automatically delete anything that looks out of the ordinary or if you’re not quite sure, you can forward it along to the ITS Service Desk.听听

]]> /its/2019/october-is-cyber-security-awareness-month/?utm_source=rss&utm_medium=rss&utm_campaign=october-is-cyber-security-awareness-month Mon, 30 Sep 2019 16:07:32 +0000 /its/?p=26213 It’s almost Cyber Security Awareness Month! Throughout the month of October, we will be talking about the cyber threats we all face online and the simple steps we can take to minimize those risks.

One simple thing you can do today – if you haven’t yet – is to enable two-factor authentication听on your My杏吧原创One account to protect against illicit login attempts.

Cyber security is a shared responsibility. We all have a role to play in keeping our computers and personal devices secure online and keeping 杏吧原创 safe from cyber threats.

Visit our Cyber Security Awareness Month section for notices, tips, and dates for upcoming information sessions.

5 Ways to Recognize a Phishing Attempt

• It asks you for your password or directs you to a web form asking for your password
• If the link within the body of the message points to a non-杏吧原创 email address
• The subject line is in all caps
• There is a call for immediate action 鈥� 鈥渄ownload this now鈥� or 鈥渃onfirm you email identity now鈥� or 鈥渃lick on the link below鈥�
• There are spelling or grammatical errors in the email

If you receive an听email from an address you don鈥檛 recognize, your first thought should be: is this email legitimate? 听But know that malicious emails can also come from an address that you do recognize 鈥� perhaps their account got hacked and is now being used to spam people.

Successful Phishing Campaigns

If successful, phishing scams can have serious repercussions.

Some successful phishing attempts that made the news include the , Hillary Clinton’s campaign manager, and a for which impacted payroll.

Other Risks to your Email

In addition to phishing, here are a few risks to always be aware of when it comes to your email:

• A weak email account password could leave your personal information vulnerable – .
• may be sent as an attachment in an email and allow criminals access to your information.
• can spread through email to your entire contact list without you knowing it.
• can get through your filter and inundate you with unsolicited email.

Email is one of the easiest ways for cyber criminals to target ordinary citizens. So, as with anything in life, if something seems suspicious, go with your instincts.

Taking control of your own cyber security begins with understanding one simple fact: the Internet can be a hazardous place. Protecting yourself can be easy when you make cyber safety a priority and become aware of the most common threats and risks to your online security.

Here are three things you can do to protect yourself when browsing:

Know your Options for Browser and OS Security

• Use the drop down menus on your browser to set your options. Always set your own options for optimum security.
• Keep your browser and OS updated with the newest version. OS manufacturers release regular updates called ‘patches’ or ‘fixes’ to improve security. Enable automatic updates so your device will download and install these fixes as soon as they’re available. Make sure 鈥榓utomatic updates鈥� are turned on.
• Always log out of services and close your browser when you鈥檙e done. This is particularly important when using websites that contain sensitive information.

Use Public Wi-Fi Safely

• Make use of a VPN service, to ensure all your traffic is encrypted.
• Confirm the name of the network before connecting to ensure that you are not trying to connect to a fake access point that was set up by hackers.
• Turn off 鈥榓utomatic connectivity鈥� to prevent your device from automatically reconnecting to rogue networks

Whether you’re banking, connecting with friends, working, or just passing the time, when you’re online you are never alone. Just as you’d watch your back, your family, and your belongings in a busy public place, you need to be equally cautious online.

According to a Verizon report, 81% of data breaches are due to compromised passwords.听 You can have the strictest password policy that stipulates complex passwords and mandatory password changes, but if people are falling for phishing attacks, reusing passwords across multiple platforms, and just not safeguarding their passwords, then there’s a risk.

To protect your password:

• know how to spot a phishing attempt
• create a complex password
• don’t reuse your password (use a to help keep track)
• enable two-factor authentication on sites that offer it

Two-factor authentication is an IT security solution that uses two factors听to verify identity. These factors include something听you know (for example your password) and something you have (like a phone). 听So, if someone gets your password, they will not be able to use it without also having access to your phone.

If your password is compromised and someone attempts to use it, you will receive a notification that someone is attempting to use your password.听 You simply decline access and then change your password.

Two-factor authentication is becoming the standard in cyber security. Ryerson and Waterloo have implemented it and several American colleges and universities have deployed it to not only staff and faculty, but to students as well. We recently conducted a two-factor authentication Pilot with 156 pilot participants and seven services enabled and are now planning to roll the solution out to all Finance and Admin.

In addition, many sites offer two-factor as an option.听 Below are links to instructions on how to enable two-factor authentication on popular sites:

For a full list of websites that offer two-factor authentication, please visit

This month is Cyber Security Awareness Month. This is an internationally recognized campaign focused on helping us all be more secure online. So naturally, this edition is all about cyber security.

Data Breaches

With the ever-growing use of the internet, the importance of cyber security has never been higher:

• 听containing personal and sensitive data were compromised between January 1^st, 2017 and March 20^th, 2018
• 听some sort of data breach
• a single data breach will cost the average company about听
• 听are due to weak passwords and听听the most common forms of attacks still begin with simple phishing emails

The Big Three

Rarely a week passes without news of some data breach that occurred.听 Just last weekend听听and you may recall these massive data breaches:

• 2013 鈥� Yahoo:听听were subjected to a data breach. This information came to light while Yahoo was in negotiations to sell itself to Verizon and this incident ended up knocking $350 million off the sale price.
• 2014 鈥� eBay:听听were impacted in this breach after hackers had access to the company鈥檚 network for 229 days
• 2017 鈥� Equifax: impacted over听听customers and cost the company more than听听making it the most costly hack to date

The Future of Cyber Security

The cyber security industry is in great need of experts. The private, public and governmental sectors are all investing heavily in attracting and retaining cyber security talent; the proof is in the numbers:

• The demand for cyber talent in Canada is increasing by听
• Unfilled cyber security jobs are expected to reach听听鈥� compared to about 1 million in 2016.
• 听is what organizations plan to spend on cybersecurity in 2020 alone
• 杏吧原创 University offers听program options, including a听

Cyber Security: Our Shared Responsibility

We all have a shared responsibility when it comes to protecting our devices, networks, and data. 听Here are some simple things you can do:

• Protect your accounts with strong authentication.听 Create a strong password (try using pass phrases as opposed to words), have separate passwords for every account, and use two-factor authentication wherever possible.
• Beware the phish:听Beware of emails that ask for your password, have a call for immediate action, or offer something that sounds too good to be true.
• Back it up:听Protect your work, music, photos and other digital information by making an electronic copy and storing it safely.

5 Things we Thought you Should Know

1. We鈥檙e moving from Banner 8 to听.
2. Coffee Break with Web Services听took place yesterday,听here鈥檚 a recap.
3. We鈥檝e launched a new weekly video series called听.
4. We鈥檝e completed our two-factor authentication pilot.
5. We have a new president, and听he has a blog.