Online Security HygieneCyber hygiene refers to the steps that users of computers and other devices can take to improve their online security and maintain system health. Cyber hygiene means adopting a security-centric mindset and habits that help individuals and organizations mitigate potential online breaches. A fundamental principle of cyber hygiene is that it becomes part of everyday routine.
Email Spear PhishingSpear phishing is a tactic that uses social engineering to tailor emails to individuals or groups based on their line of work, interest, or personal characteristics. Spear phishing emails will be about a subject that is relevant to the recipient and will appear to be sent by a credible source.
How to detect a spear phishing email
Before opening attachments or clicking on links, ensure that:
- You really know who is sending the email and that the tone is consistent for the sender.
- The content is really relevant to your work and not just related to your area of interest.
- The website address or attachment is relevant to the content of the email.
- You use extra caution if the email is from a personal address (@yahoo.ca, @gmail.com) or a suspicious domain.
Social Media Tips
- Use a unique password for every account.
- Ensure all available security and privacy options have been applied on your account.
- Review your account’s website security and privacy policies regularly for changes.
- Be careful when accessing unknown website links or attachments.
- Report any suspected security incidents to the ITS team.
- Use judgement when posting personal information on social media platforms for both privacy and cybersecurity reasons.
- Try using a memorable phrase to create a stronger password using a mix of characters. For example, phrase:
“My jersey number when I played sports was 27!”
- Be wary of your surroundings and always shield your keyboard or keypad when entering your password.
- Use different passwords for work and home accounts.
- Do not write your passwords under a keyboard, on sticky notes next to a computer or save them on the device itself as these are common places to look for passwords.
- If at any time you suspect that your password may have been compromised, act quickly and change it.
- Change passwords after returning from travel.
- Password manager – using strong, complex passwords which you change regularly is an important aspect of internet hygiene. Using a password manager can help you to keep track of multiple passwords.
Mobile SecurityMobile devices are attractive targets that provide unique opportunities for threat actors intent on gathering information. A compromised device has the potential to allow unauthorized access to your network, placing not only your own information at risk, but also that of your organization.
It is important to remember that public organizations are an attractive target for cyber-threat actors.
- Use a PIN or password to access the device and change these passwords regularly.
- Disable features not in use such as GPS, Bluetooth, or Wi-Fi.
- Avoid opening files, clicking links, or calling numbers contained in unsolicited text messages or emails.
- Maintain up-to-date software, including operating systems and applications.
- Do not use “Remember Me” features on websites and mobile applications — always type in your ID and password.
- Encrypt personal or sensitive College data and messages.
- Understand the risks, keep track of your devices, and maintain situational awareness.
- Review and understand the privacy and access requirements of all apps before installing them on mobile devices.
- Delete all information stored on a device prior to discarding it.
- Do important tasks, like online banking on a private or known trusted network.
- Patch and update devices regularly:
Having the latest security software, web browser and operating system are the best defenses against viruses, malware and other online threats. To defend against known risks, turn on automatic updates if that’s an available option.
- Protect internet connected devices:
Use 2-step verification and basic security products, like anti-virus programs on web-enabled devices, to protect from viruses, malware, and unauthorized access.
- WI-FI networks:
Avoid joining public, unknown, or unsecured Wi-Fi networks.
- Back up important data:
Always back up important data on a separate local storage device.
- Act quickly:
If you are notified, become aware or even just suspect your computer is infected notify the ITS team.
Information Security is everybody’s business.
About Cybesecurity Awareness Month: The CSAM is an annual global campaign held in October with the intent being to raise awareness and help Canadians learn about cyber security risks and how to stay secure online. CSAM is held in over 25 countries worldwide.
The CSAM is directed by Get Cyber Safe, a public awareness campaign led by the Communications Security Establishment (CSE) with advice and support from its Canadian Centre for Cyber Security (CCCS).