IT security tips for faculty and staff
As a staff/faculty member at OCAD University, technology is a big part of your job. Being security aware can go a long way in making sure you get the most from the resources available to you.
Here are our top ten security tips:
1. Encrypt Your Device
Your computer could hold an array of personal and financial information not only on yourself, but potentially others. Encryption protects this information in case of loss or theft by “locking” the information with a key only you know.
It is highly recommended that sensitive data (personally identifiable information) is stored on secure OCADU encrypted devices. If you must store sensitive data on any of your portable devices, OCADU IT policy requires the device be encrypted and you must have the approval of your departmental chair. The university offers free full disk centrally supported encryption to any eligible member of the University community. To find out more: Security: How To Secure Your Computer With Encryption
Top Tip: The most secure method is not to store information. If you do not require personal information, do not store it!
2. Password Protect Everything
Password protect all your devices including your computer, laptop, tablet, cell phone etc. On many mobile devices password protecting actually triggers encryption on the device, adding yet another layer of security, making personal information unreadable and unrecoverable by anyone who does not know the password.
For your computer a password adds a basic defense against unauthorized access, but if you are storing sensitive information a password is not enough, and a skilled thief could easily crack your password, and so encryption is recommended.
A good Password is easy for you to remember but hard for someone else to guess. Take full advantage of the complexity and length available, and create the strongest password you can. We now allow 14 character passwords. Did you know that an average PC would take 98 million years to crack a password that long? An 8 character password can be cracked in less than one day. To change your password, go to my.ocadu.ca, click "Change Password" and follow the prompts.
Top Tip: Don’t use the same password on multiple accounts because if one of them gets compromised all your accounts are vulnerable. Treasure especially your OCADU Login Account and password.
3. Don’t Open Unknown Email Attachments or Links
If someone emails you an attachment and you were not expecting it, do not open it, as even a PDF file can hide malware inside.
Never click any unknown links in emails, they may not lead where you think. If in doubt visit the site mentioned directly, by typing out the address you know to be the real address of the site into your browser, and check your account information from there.
The University will never email you to tell you that you require an account upgrade, verification or migration. Faculty and Staff members will never be required to upgrade or verify their account in anyway.
For more information on email scams: Security: Phishing Emails, Blocking Senders and Managing Junk Email
4. Check for HTTPS
If you’re entering personal information into a website (username, password, contact details, financial information etc.) you should check to see that the site has “https” in the address bar. This means the communication with the website is encrypted, meaning anyone snooping cannot see the information you enter. Just as encryption protects the data on your machine, encryption protects the data as you communicate it to the website.
Top Tip: Your browser will also show a padlock icon if the site you are visiting is secure.
5. Malware = Malicious Software
Malware comes in many forms, and can target both computers (Windows and Macs) and mobile devices. In mobile devices, always check the permissions on app downloads to make sure you are not downloading a malicious application. Never jailbreak, sideload or install any applications outside of the App Store.
Make sure to keep your computer updated.
Mac computers also get viruses, and users should be aware that they are not excluded from malicious software attacks. You should keep up to date with OS updates and patches.
If you suspect you are in the midst of a malware attack, immediately shut down your computer and contact the IT Helpdesk (x277) or the Laptop Helpdesk (x444). In addition, if the computer under attack is network wired connected, then unplug the computer from the network if possible. Ensure your computer has been properly assessed and remedied of the malware/compromise before you resume using it.
Top Tip: When you download any exe, dmg, rar or zip file, right click on the file and select “scan for threats” to scan the file with Symantec before opening.
6. Use Anti-Virus Software
Using an Anti-virus will protect your machine from getting infected if you download malware accidentally. Anti-virus software should be considered a last line of defense, and will not protect against poor computer security practices; this is because an anti-virus can only protect against known viruses. Poor passwords, visits to unsecured sites, and scam emails will not be detected by an Anti-virus.
Top Tip: Symantec Anti-Virus is installed on all OCADU procured faculty and staff computers, including Loaner laptops acquired from Laptop Helpdesks. If you are unsure whether your computer has anti-virus software, please contact the IT Helpdesk x277 or the Laptop Helpdesk x444/x2789.
7. Securely Store & Share Data
It’s important to consider where you store your data, especially when it is sensitive data. As a rule of thumb, always save your data on a secure OCADU machine, preferably your personal H Drive (network drive). If you need to transport the data, ensure you use an encrypted, password-protected device to do so (such as an Encrypted USB stick). To find out more about encrypted removable devices, please phone or email the IT Help Desk: x277 or email@example.com.
Top Tip: Do not email sensitive data. You cannot guarantee the recipient checks their email through a secure connection or on a secure device. This also means any machine that is used to access or store emails now contain private information!
8. Sensitive Data: Know The Laws & Policies
Health information, financial information and personally identifiable information are all considered sensitive data, and are regulated by law. As part of your work at OCAD University you may have access to such information, and it is important you know what you are legally expected to do with this information. Including:
- FIPPA: Freedom of Information and Protection of Privacy Act, Ontario legislation governing how to protect and access sensitive data.
- PHIPA: Personal Health Information Protection Act, Ontario legislation governing the disclosure and use of personal health information.
- PIPEDA: Personal Information Protection and Electronic Documents Act.
In addition to the legal requirements, the University also implements policies which relate to protection of such data, and also how to deal with a breach of such data. You should also be familiar with these policies as well as the legal requirements when working on campus. Including: [SP2]
- Acceptable Use Policy: OCADU Policy that defines the acceptable use and the breaches of acceptable use of information technology at OCADU. http://www.ocadu.ca/Assets/pdf_media/ocad/about/policies/7001_Acceptable_Use_Policy.pdf
- Wireless LAN Communications Policy: provides guidelines and direction for wireless communications on the OCADU. http://www.ocadu.ca/Assets/pdf_media/IT+Services/OCAD+Wireless+Networking+Policy.pdf
- Academic Web Technology Policy: Sets forth guidelines for use of Academic Web Technology at OCAD University and outlines the process for complaint reporting and violation resolution. See page 98 of the Faculty Handbook (pdf): http://www.ocadu.ca/Assets/Faculty+Handbook+2013-14.pdf
For more policy information see:
Top Tip: Following secure data storage and transmission practices (such as encrypting, and using central storage like your personal or departmental network drive) can help you to easily comply with FIPPA, PHIPA and PIPEDA.
9. Use Secure Wifi
Using OCADU secure wifi acts the same way as encrypting your machine, or visiting https websites – it creates a secure (encrypted) connection for you meaning your Internet activity is private. By browsing on open or unsecured wifi networks, your data is not encrypted, or protected, and can be easily snooped, and viewed by others on the network.
When off campus, and at conferences, be careful signing on to unsecured (non-password protected) wireless networks, as your data can be potentially viewed by any others on the network.
To find out more about wireless access see:
Top Tip: Change your mobile device’s settings (phone, tablet, laptop) so that it does not automatically sign on to unsecured wireless network, and only turn on wireless when you need access.
10. Always Log Out
Adding password protection and encryption can only go so far to secure your private information, if you do not log out you are allowing others to access your information through your own account. In public places if you do not log out, you are potentially allowing any other person in that area full access to the currently logged in account – without any effort from them.
Top Tip: Closing your browser does not always end your session. To be sure, always log out! If there is no obvious means to log out, close your browser and shut down or restart the computer.