Top 10 Cybersecurity Tips

Safeguard your digital world and protect your personal information. 
Learn the top 10 recommended tips for staying safe from cyber threats.

Required training

1)

Take the Cybersecurity, Privacy Awareness and Research Security Training

  • All faculty and staff are required to complete annual Introduction to Cybersecurity and Privacy Awareness courses.
  • Faculty and staff who perform and/or support research are required to complete additional annual Introduction to Research Security and Cybersecurity for Researchers courses. 
  • Students have access to a Privacy and Cybersecurity Awareness course on D2L.

2)

Backup your data regularly and encrypt the backups

  • Ensure you have at least two copies of your data (better yet three!) in separate locations in case of a disaster or ransomware incident.  
  • Create a Data Management Plan for all your research data. 
  • Always encrypt your backups.

3)

Password Best Practices

  • Use (and don’t reuse) strong passwords across devices, servers, software or applications.
  • Do not hardcode your passwords into software, even if it's encrypted.
  • Do not email or share your passwords.
  • Use Strong Authentication, such as Multi-Factor Authentication, whenever possible.
  • Change factory or default passwords on all devices.
  • Configure your mobile devices with a secure PINs/password to gain access.
  • Where possible turn on the vendor device encryption for your computers, mobile devices and peripherals.

Up-to-date devices

4)

Update/Patch your devices, applications and operating systems

Stop threat actors from exploiting known vulnerabilities by always applying updates and patches from vendors for your devices, applications and operating systems (Microsoft Windows, Apple macOS, Linux).

Turn on automatic updates wherever possible. 

Updates from vendors are not limited to operating systems, but also include updates for storage devices, external hard drives, TVs, etc. 

Subscribe to get notifications about common products that require updating.


5)

Be aware of who is accessing your systems

Regularly review what accounts are active on your operating systems, applications, and devices. If you don’t recognize the account, or if they have not logged in for a long time, disable or remove them. 

Use UCalgary approved remote access services (VPNs) to gain access to your servers or devices on campus. 

6)

Think Privacy

Be informed about the UCalgary Information Security Data Classification Standard

If you are working with Level 3: Confidential or Level 4: Restricted data: 


Phishing

7)

Be aware of Phishing emails and text messages

Threat actors use email or texting to trick, convince, or command you to click a malicious link. 

  • Use the “Report" function in Outlook to flag and report suspected phishing emails. Learn more here.

Email Encryption is also available for emailing sensitive information to external addresses.

If you are sending bulk emails to try to avoid including clickable links to external sources. Learn more here. 


8)

 Be Cybersafe while travelling

UCalgary has cybersecurity information and travel policies to help protect UCalgary researchers, faculty and staff while travelling for business. This information highlights potential risks and offers solutions for protecting your devices while abroad. This includes offering a loaner device program and cyber tips for staying safe while travelling

9)

Follow Other Security Best Practices

  • Know when your devices, applications and operating systems reach the end of their support life.
  • Only turn on the services that you need. Threat actors will use default services to access your system if you don’t configure them properly. If you don’t use them, turn them off.
  • Only install trusted applications from a trusted source. 
  • Use antivirus and anti-malware software to protect your operating systems.
  • Ensure your firewall is turned on.

Digital Identity

10)

Be More Secure - Use UCalgary IT Services

Using UCalgary IT services is your best protection against cyber threat actors. UCalgary IT offers a variety of services to support research and academic requirements.

You can also learn more about Research Computing Services or email them at support@hpc.ucalgary.ca.

Always report cyber incidents to UCalgary IT: If you have any cybersecurity concerns, contact IT through UService or with a ServiceNow ticket.