Top 10 Cybersecurity Tips
Take cyber awareness training
Education and awareness are key to staying Cybersafe
UCalgary offers the following cyber security courses:
- Privacy Training: FOIP General Awareness
- Cyber Awareness Training
- Software development training: OWASP top 10: LinkedIn Learning
- Students have access to a Privacy and Cybersecurity Awareness course on D2L: How to register
Backup your data regularly and encrypt the backups
- Ensure you have at least two copies of your data (better yet three!) in separate locations in case of a disaster or ransomware incident.
- Create a Data Management Plan for all your research data.
- Always encrypt your backups
Password Best Practices
- Use (and don’t reuse) strong passwords across devices, servers, software or applications
- Do not hardcode your passwords into software, even if it's encrypted
- Do not email or share your passwords.
- Use Strong Authentication, such as Multi-Factor Authentication, whenever possible
- Change factory or default passwords on all devices.
- Configure your mobile devices with a secure PINs/password to gain access
- Where possible turn on the vendor device encryption for your computers, mobile devices and peripherals
Update/Patch your devices, applications and operating systems
Stop threat actors from exploiting known vulnerabilities by always applying updates and patches from vendors for your devices, applications and operating systems (Microsoft Windows, Apple MAC OS, Linux).
Turn on automatic updates wherever possible.
Updates from vendors are not limited to operating systems, but also include updates for storage devices, external hard drives, TVs, etc.
Subscribe to get notifications about common products that require updating.
Be aware of who is accessing your systems
Regularly review what accounts are active on your operating systems and devices. If you don’t recognize the account, or if they have not logged in for a long time, disable or remove them.
Use UCalgary approved remote access services (VPNs) to gain access to your servers or devices on campus.
Be informed about the UCalgary Information Security Data Classification Standard
If you are working with Level 3: Confidential or Level 4: Restricted data:
- Engage IT or Research Computing Services for support
- Contact Privacy/FOIP office for support
- Check out FOIP's Privacy FAQ page
Be aware of Phishing emails and text messages
Threat actors use email or texting to trick, convince, or command you to click a malicious link.
Take our cyber phishing training: Cyber Security IT - Introduction to Phishing course on Enterprise Learning Management and learn more about how to spot and report these malicious messages.
Report phishing emails:
- Add the malicious email as an attachment
- Send it to email@example.com
- Use the “Report Message” button in Outlook to flag it
Email Encryption is also available for emailing sensitive information to external addresses.
If you are sending bulk emails to try to avoid including clickable links to external sources. Learn more here.
Be Cybersafe while travelling
UCalgary has cybersecurity information and travel policies to help protect UCalgary researchers, faculty and staff while travelling for business. This information highlights potential risks and offers solutions for protecting your devices while abroad. This includes offering a loaner device program and cyber tips for staying safe while travelling.
Follow Other Security Best Practices
- Know when your devices, applications and operating systems reach the end of their support life.
- Only turn on the services that you need. Threat actors will use default services to access your system if you don’t configure them properly. If you don’t use them, turn them off.
- Only install trusted applications from a trusted source.
- Use antivirus and anti-malware software to protect your operating systems
- Ensure your firewall is turned on
Be More Secure - Use IT Services
Using Central IT services is your best protection against cyber threat actors. UCalgary IT offers a variety of services to support research and academic requirements.
You can also learn more about Research Computing Services or email them at firstname.lastname@example.org
Always report cyber incidents to Central IT: If you have any cybersecurity concerns, contact IT through UService or with a ServiceNow ticket.