IT Security

Cybersecurity Awareness

Cybersecurity Lock Logo - Awareness, protect yourself.

*** Learn more on reporting a Phishing attack *** 

Whether working from home, on campus, or simply working on the same network as one of our community members, your use of technology plays an important role in the cybersecurity health of Mohawk College and the greater community.

Computers, laptops, smart phones and the internet are amazing resources, but they must be used safely, securely, and responsibly.

Below you will find helpful resources on keeping yourself, your friends and family, and the campus community a cybersafe place.

 


Cybersecurity Advice on Campus and at Home

 

Keep a Clean Machine

Keep all software up to date:  Having the latest software, web browsers, and operating system is a simple way to keep your device protected.  Cybercriminals look for out of date software that has design flaws known as vulnerabilities - the older the software, the more vulnerable you are.

Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates and install them as recommended

Use Reputable Anti-malware: Viruses and malware have changed lots over the years and continue to change daily. It is recommended that you use a commercially available anti-malware tool to defend against viruses, malware, and other online threats.

Protect all devices that connect to the Internet: Computers, laptops, and smartphones all require up to date software and should have some form of anti-malware protection.

Use trusted software: Only install software that is known and reputable. Installing shady software found on the internet is never a good idea. Cybercriminals can embed malicious code and access your devices if they control the distribution of software.

Plug and scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.

Protect Your Personal Information and Accounts

Secure your accounts: Whether it's your bank account, e-mail account, or social media account they all contain sensitive information about you at minimum. Make sure you don't sign up for services you don't need and close accounts when they are no longer used. 

Own your online presence: Only use services when you are comfortable with the privacy and security settings they provide. Review the default settings, and restrict who can access your information on the platform.

Know and Alert yourself if your account is exposed: Knowing when your account has been posted to Darknet for cybercriminals to use is a key way to protect yourself - and it doesn't have to be complicated.  Check out the free services provided by https://haveibeenpwned.com/ to check out where your accounts have been compromised and sign up for alerts.

Make passwords long and strong: Create passwords that have a long length and use any combination of characters. Experts now recommend passphrases. For example, pick 4 words at random and combine them: wrenchlasagnajumpflame - This password is easy to remember, and would take 11 trillion years for a cybercriminal to guess. Checkout https://howsecureismypassword.net/ and try making some sample passwords - Never type your own password into a tool like this.

Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.

Use a password manager: Everyone can forget a password, use a reputable password manager such as Lastpass, Bitwarden, 1Password, or others.

Enable Multi-Factor Authentication: Where available turn on multi-factor authentication which can use anything from a text message to your phone, a token or biometric information like your fingerprint to provide enhanced account security. Stolen or exposed passwords won't be enough for cybercriminals to access your accounts.  Visit https://twofactorauth.org/ to find out what websites support Multi-Factor Authentication.

E-mail Security and Phishing Scams

Have you ever received an e-mail with a random link? Or an E-mail from a company asking you to reset your password to an account with a specific website address? Have you ever been urgently asked to open an attached document?

These are likely phishing messages. Phishing messages are messages specifically crafted to look and feel like a real company that you already know and trust – but they are not legitimate e-mails. They are typically sent by a cybercriminal trying to gain access to your accounts, company, or steal your personal information and gain access to your bank accounts.

Some of the more common phishing scams are as follows:

  • You're asked to validate your account by following a link;
  • You're told there's a problem with your current account;
  • You're threatened with action (i.e. closing your account) if you don't respond;
  • Job Offers that appear too good to be true like mystery shopping;
  • Requests to purchase gift cards;

 

What can you do if you are suspicious about a message: If you think the message might be real, use a different contact method to reach out to the person or company by getting their contact information anywhere else but from the e-mail.  If you require assistance validating if a College sent or received e-mail is real contact our Helpdesk at 905 575 2199, or helpdesk [at] mohawkcollege.ca.

When in doubt, Throw it out!: Don't fall victim to these scams.  If you think the message might be real, use a different contact method to reach out to the person or company by getting their contact information anywhere else but from the e-mail.

Your Home and Cybersecurity

Click here to watch a short video on how to secure your home.

Protect your Wi-Fi: Ensure that a password is configured on your Wi-Fi and that you use the strongest encryption settings. Never share your Wi-Fi passwords with people that you don't trust, or devices that aren't properly protected.

Secure your router: Your home router that controls the connections in your home has a username and password. Change this from the default values.

Secure your devices: Make sure you password protect your devices so that visitors cannot just use your technology freely potentially accessing sensitive information or visiting inappropriate or dangerous websites.

Learning and Working Remotely

The way you connect to our systems and use information when offsite can affect the security of our infrastructure and potentially impact the privacy rights of our community members.

For a quick course on working remotely click here: Working From Home Course

   Here are some simple tips to ensure your use of technology is safe while working remotely

  • Keep all software up to date;
  • Use reputable commercial anti-malware and ensure it is up to date;
  • Only use trusted and secure Wi-Fi, your Wi-Fi must be password protected with a strong password;
  • Backup work to College servers or solutions at regular intervals;
  • Use Mohawk College sanctioned storage such as Microsoft OneDrive, Home Drives, or file shares.

 

   Here are some tips to ensure you handle data appropriately while working remotely

  • Do not transfer, save, or store sensitive information outside of Mohawk College systems, computers, or laptops;
  • Sensitive printed documents or written information should be destroyed appropriately;
  • Be able to identify sensitive information and be cautious while using it;
  • Consult with your instructor, manager, or supervisor if you are unsure of acceptable use and classification of data and how you handle or use that data.

  

    Using a VPN

Using a VPN (Virtual Private Network) creates a protected tunnel between your workstation and the VPN service provider. This protects all the contents such as sensitive information in your network traffic on the way to the provider.  If you are connected to a public network (Coffee shop, airport, hotel, conference, etc) it is a good practice to use a VPN service.

Back It Up - Or Risk Loosing It

Know what is valuable to you: Your school work or projects are important and take time and care to get right.  Your family photos, home movies, music collection, and other digital documents you've collected over the years are important - know where they are.

Have a backup plan: A hard drive that becomes corrupt or a cybercriminal succesfully deploys ransomware to your device or home - it can all be lost.  Make sure you back up your files regularly and that backup doesn't remain attached to your device at all times.  Research cloud services that promote solutions with ransomware protection, or rotate disconnected USB drives. It's best to have a backup stored offsite to protect against theft or fire.

Test your plan: Backup plans that don't work can be very upsetting. Make sure to go through some tests to make sure the files are of good integrity and working as expected.

Be a Good Online Citizen

Safer for me, and more secure for all: What you do online has the potential to affect everyone – at home, at work, and around the world. Practicing good online habits benefits the global digital community.

Be polite at all times: Don't participate in any online hate speech, cyberbullying, or senseless keyboard fighting.  Everyone has the freedom to think and speak, if you feel that something is highly inappropriate report that to the service provider. 

Social Networks

Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post.

Have your classmates, friends and family follow these tips to safely enjoy social networking:

  • Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
  • Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online.
  • Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness, and mastery of the environment.
  • Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking.
  • Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know you trust) more synched up with your daily life.
  • Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them. Respect those differences.
  • Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.

 

 

 

Help the authorities fight cyber crime: Report stolen finances or identities and other cybercrime to your campus Helpdesk at 905-575-2199 or helpdesk [at] mohawkcollege.ca

For more great cybersecurity resources visit the following sites: