Top 10 Cybersecurity Tips

Stay Cybersafe

1)

Take cyber awareness training

Education and awareness are key to staying Cybersafe

UCalgary offers the following cyber security courses: 


2)

Backup your data regularly and encrypt the backups

  • Ensure you have at least two copies of your data (better yet three!) in separate locations in case of a disaster or ransomware incident.  
  • Create a Data Management Plan for all your research data. 
  • Always encrypt your backups

3)

Password Best Practices

  • Use (and don’t reuse) strong passwords across devices, servers, software or applications
  • Do not hardcode your passwords into software, even if it's encrypted
  • Do not email or share your passwords.
  • Use Strong Authentication, such as Multi-Factor Authentication, whenever possible
  • Change factory or default passwords on all devices.
  • Configure your mobile devices with a secure PINs/password to gain access
  • Where possible turn on the vendor device encryption for your computers, mobile devices and peripherals

Up-to-date devices

4)

Update/Patch your devices, applications and operating systems

Stop threat actors from exploiting known vulnerabilities by always applying updates and patches from vendors for your devices, applications and operating systems (Microsoft Windows, Apple MAC OS, Linux).

Turn on automatic updates wherever possible. 

Updates from vendors are not limited to operating systems, but also include updates for storage devices, external hard drives, TVs, etc. 

Subscribe to get notifications about common products that require updating.


5)

Be aware of who is accessing your systems

Regularly review what accounts are active on your operating systems and devices. If you don’t recognize the account, or if they have not logged in for a long time, disable or remove them. 

Use UCalgary approved remote access services (VPNs) to gain access to your servers or devices on campus. 

6)

Think Privacy

Be informed about the UCalgary Information Security Data Classification Standard

If you are working with Level 3: Confidential or Level 4: Restricted data: 


Phishing

7)

Be aware of Phishing emails and text messages

Threat actors use email or texting to trick, convince, or command you to click a malicious link. 

Take our cyber phishing training: Cyber Security IT - Introduction to Phishing course on Enterprise Learning Management and learn more about how to spot and report these malicious messages.

Report phishing emails:

  • Add the malicious email as an attachment
  • Send it to reportphishing@ucalgary.ca
  • Use the “Report Message” button in Outlook to flag it

Email Encryption is also available for emailing sensitive information to external addresses.

If you are sending bulk emails to try to avoid including clickable links to external sources. Learn more here. 


8)

 Be Cybersafe while travelling

UCalgary has cybersecurity information and travel policies to help protect UCalgary researchers, faculty and staff while travelling for business. This information highlights potential risks and offers solutions for protecting your devices while abroad. This includes offering a loaner device program.

9)

Follow Other Security Best Practices

  • Know when your devices, applications and operating systems reach the end of their support life.
  • Only turn on the services that you need. Threat actors will use default services to access your system if you don’t configure them properly. If you don’t use them, turn them off.
  • Only install trusted applications from a trusted source. 
  • Use antivirus and anti-malware software to protect your operating systems
  • Ensure your firewall is turned on

Digital Identity

10)

Be More Secure - Use IT Services

Using Central IT services is your best protection against cyber threat actors. UCalgary IT offers a variety of services to support research and academic requirements.

You can also learn more about Research Computing Services or email them at support@hpc.ucalgary.ca

Always report cyber incidents to Central IT: If you have any cybersecurity concerns, contact IT through UService or with a ServiceNow ticket.