According to a Verizon report, 81% of data breaches are due to compromised passwords.聽 You can have the strictest password policy that stipulates complex passwords and mandatory password changes, but if people are falling for phishing attacks, reusing passwords across multiple platforms, and just not safeguarding their passwords, then there’s a risk.

To protect your password:

• know how to spot a phishing attempt
• create a complex password
• don’t reuse your password (use a to help keep track)
• enable two-factor authentication on sites that offer it

Two-factor authentication is an IT security solution that uses two factors聽to verify identity. These factors include something聽you know (for example your password) and something you have (like a phone). 聽So, if someone gets your password, they will not be able to use it without also having access to your phone.

If your password is compromised and someone attempts to use it, you will receive a notification that someone is attempting to use your password.聽 You simply decline access and then change your password.

Two-factor authentication is becoming the standard in cyber security. Ryerson and Waterloo have implemented it and several American colleges and universities have deployed it to not only staff and faculty, but to students as well. We recently conducted a two-factor authentication Pilot with 156 pilot participants and seven services enabled and are now planning to roll the solution out to all Finance and Admin.

In addition, many sites offer two-factor as an option.聽 Below are links to instructions on how to enable two-factor authentication on popular sites:

For a full list of websites that offer two-factor authentication, please visit

You may have read that the user account information at websites ,听and聽had been compromised (to name a few).

If you have used your 杏吧原创 credentials on sites outside of 杏吧原创, particularly on the above mentioned sites, your account information may have been compromised. (You can check using聽).

ITS recommends that if you must use your 杏吧原创 email address as the login on an external website, that you do not use your 杏吧原创 password. 聽It is also good practice to change your passwords often (ITS recommends every 120 days).

Keep your 杏吧原创 credentials safe by only using them with 杏吧原创 or 杏吧原创 affiliated systems.

IT Security: Our Shared Responsibility

We all have a key role to play in keeping our home computers and personal devices secure online. We also play a big part in keeping our businesses safe from cyber threats. 聽To learn more about Cyber Security Awareness Month, check out the and the websites.

You are responsible for the safety of your own accounts. Here are some tips to help you keep your password safe and secure:

• Never respond to email requests for your password, even if the email appears to come from 杏吧原创. These are phishing attempts in order to steal your information.
• Never share your password with others.
• When creating your password, use a minimum eight characters in length and include upper case, lower case, numbers and special characters.
• Use different passwords for your accounts. For example, do not use your Facebook password for your My杏吧原创One account.
• Change your password at least every 4 to 6 months.

Remember: ITS will NEVER ask you for your password via email.

IT Security: Our Shared Responsibility

We all have a key role to play in keeping our home computers and personal devices secure online. We also play a big part in keeping our businesses safe from cyber threats. 聽To learn more about Cyber Security Awareness Month, check out the 聽and the websites.

If you have used your 杏吧原创 credentials on sites outside of 杏吧原创, particularly on the above mentioned sites, your account information may have been compromised. (You can check using聽).

ITS recommends that if you must use your 杏吧原创 email address as the login on an external website, that you do not use your 杏吧原创 password.

Keep your 杏吧原创 credentials safe by only using them with 杏吧原创 or 杏吧原创 affiliated systems.

If you have any questions, please contact the ITS Service desk at extension 3700.

You are responsible for the safety of your own accounts. Here are some tips to help you keep your password safe and secure:

• Never respond to email requests for your password, even if the email appears to come from 杏吧原创. These are phishing attempts in order to steal your information.
• Never share your password with others.
• When creating your password, use a minimum eight characters in length and include upper case, lower case, numbers and special characters.
• Use different passwords for your accounts. For example, do not use your Facebook password for your My杏吧原创One account.
• Change your password at least every 6 to 12 months.

Remember: ITS will NEVER ask you for your password via email.

For more information on changing your My杏吧原创One password, including a video tutorial on how to do this, visit our .

Here are some tips to help you protect your personal information:

• Limit the amount of personal information you post on social media.
• Do not assume that email is private.
• Limit the amount of personal information (such as SIN, credit card numbers, banking information, drivers license number, etc.) you store on your computer. If your computer is lost or stolen this can be valuable information.
• Log off, lock your screen, or use a password-activated screensavers when stepping away from your computer.

Read more聽from our Information Security group.

Here are our top 10 tips聽to stay safe on social media:

1. Use a strong password. 聽The longer it is, the more secure it will be.
2. Use a different password for each of your social media accounts.
3. Set up your security answers. 聽This option is available for most social media sites.
4. If you have social media apps on your phone, be sure to password protect聽your device.
5. Be selective with friend requests. If you don’t know the person, don’t accept their request. 聽It could be a fake account.
6. Click links with caution. 聽Social media accounts are regularly hacked. 聽Look out for language or content that does not sound like something your friend would post.
7. Be careful about what you share. Don’t reveal sensitive personal information ie: home address, financial information, phone number. 聽The more you post the easier it is to have your identity stolen.
8. Become familiar with the privacy policies of the social media channels you use and customize your privacy settings to control who sees what.
9. Protect your computer by installing antivirus software to safeguard. 聽Also ensure that your browser, operating system, and software are kept up to date.
10. Remember to log off when you’re done.

Did you Know? 杏吧原创.ca is Getting a Refresh!

Four years ago, we redesigned the 杏吧原创.ca home page and it has served us well by bringing in over 100,000 visitors each month.

However, four years is a long time in the digital world and we are happy to say that it鈥檚 time for a fresh new look.聽 Learn more about the carleton.ca refresh…

• Pick a strong password.聽 Online Banking passwords must be unique and complex. It is highly recommended that you change your password every 3 months.
• Choose complex personal identification questions. When setting up your online banking account always choose 2 factor authentication if available as it offers a higher level of security.
• Beware of phishing. 聽ITS will never ask you for your password via email and neither will your bank. 聽If you do receive an email from your bank asking for your password, do not give it to them!
• Login on a secured connection.聽 Do not login to online banking from an unsecured wireless network. 聽Make sure that you are on a trusted secured connection so your user credentials are not vulnerable to being compromised. Always use a good browser with added security like Google Chrome or Mozilla Firefox and always logout before you close your browser or end your session. 聽Always make sure that you are logging into a secured website via 鈥渉ttps鈥�. All banks will always have the encryption lock in the browser showing the level of security.
• Aways log out. 听础濒飞补测蝉.
• Clear your cache.聽If you’re logging into your banking account on a public computer, after you’ve logged out you can聽enhance your security by

from our Information Security team.

Here are three things you should do with your passwords:

1. Keep it strong.
2. Keep it secret.
3. Keep changing it.

For more information on changing your My杏吧原创One password, including a video tutorial on how to change your password, please visit the聽My杏吧原创One information page.

Top 10 tips to protect yourself online

1. Never share your passwords.
   If someone does not have a password to gain access to a resource, they probably were not supposed to have it in the first place.
2. Be careful of what you publish online.
   If you publish information on a social network, note that marketers and others may collect your address, phone number, e-mail address and other information that you provide.聽 When you visit a website where you are asked to register or provide your personal information, be sure to read privacy disclaimers and opt-out of any information sharing agreements.
3. Protect information stored on external media.
   The portability of data in the digital age is both convenient and risky. Data can easily be moved on portable storage devices (e.g. USB drives or portable hard drives); however, these media types are often not protected appropriately. If you must use a USB, store it in a safe place, delete all data before disposing, use only one USB at a time to avoid misplacing the drive and if you must store sensitive data, use a secure USB.
4. Be wary of unsolicited emails.
   Phishing scams attempt to lure Internet users to a 鈥渞ogue鈥� Web site. Often, this involves unsolicited emails asking you to click on a link, go to a web page, and provide your personal information. As a rule of thumb, you should assume that any unsolicited email attempting to gain personal information, or especially trying to convince you to click on a web link to update this information, is from an untrustworthy source.聽 Do not respond to email messages or instant messages (no matter how legitimate they appear) that direct you to visit a web site that you have no relationship with.聽 When in doubt about the legitimacy of an email, contact the organization or individual directly by telephone to verify the legitimacy of these types of messages. Do not respond to their email.
5. Use Instant Messaging and Peer-to-Peer file sharing mindfully.
   Be aware that technologies such as Instant Messaging and Peer-to-Peer file sharing offer new venues to introduce viruses and worms into your system. If you use these services, you may be exposing your system to additional security risks.聽 Trust your instincts.聽 If you receive a strange message from a friend, it may not be from them.聽 It may be that their system has been compromised.
6. Avoid installing free software.
   Many screen savers and games can be downloaded from the Internet. Some of this free software includes additional viruses, spyware, etc. that may be installed without you knowing it.
7. Lock your computer when you walk away.
   For Windows users, be sure to use the 鈥淐trl-Alt-Del鈥� function to prevent someone from using your computer when you step away from your desk.
8. Protect information stored on your computer.
   Store data on your network drive and not on your computer鈥檚 hard drive (e.g. C:drive).
9. Check to make sure that your computer has virus-scanning software installed.
   杏吧原创 University has a campus-wide license agreement with Symantec, which provides anti-virus protection for administrative desktop computers, computers in public labs, computers owned by students living in residence, Exchange e-mail servers, as well as home use protection for faculty and staff.
10. Keep up with software, operating system and security updates.
    When you get a notification to install the latest upgrade, do it.聽 Upgrades often contain patches that address security breaches and additional enhancements to security/functionality.

For more security tips, visit .