Cybersecurity

Cybersecurity awareness

Computing Services regularly provides information to students, faculty, and staff to help them make safer choices online that will help protect their personal information, data, and networks.

Find out more about steps you can take to increase your cybersecurity in the sections below.

Report an incident

If you become aware of a breach of private data at Mount Allison University, or of a security issue regarding MtA’s computers or networking resources, contact the Computing Services Helpdesk.

  • Submit a help ticket
  • Visit Bennett Building, room 108 at 10 Salem St., Sackville
  • Call (506) 364-2473

Pause – Think before you travel

With the Holiday season approaching, the last thing we think about is Cyber Security while travelling. It is crucial because you are often connecting your device to unfamiliar networks, which can expose you to various cyber security threats. 

What is Travel Cyber Security?

Travel Cyber Security involves protecting your personal data and sensitive information on your device from cyber threats while you are on the move. This includes safeguarding your devices, data, and online activities from potential attacks. 

Security Key Risks

  • Public Wi-Fi Networks: These are often unsecure, making it easy for hackers to intercept your data.
  • Phishing Attacks: Cybercriminals may send deceptive messages to steal your information.
  • Data Breaches: Travel-related services can be targets for data breaches, exposing your personal details.
  • Unsecured Devices: Lost or stolen devices can be accessed if not properly secured.
  • Fake Wi-Fi Spots: Hackers can set up fake networks to capture your data. 

Tips to stay Cyber Safe

  • Use a VPN: Encrypts your internet connection, making it harder for hackers to access your data.
  • Enable Two-Factor Authentication: Adds an extra layer of security to your accounts.
  • Keep Software Updated: Ensures you have the latest security patches.
  • Avoid Public Wi-Fi for Sensitive Transactions: Use mobile data or a secure connection instead.
  • Verify Wi-Fi Networks: Always check with the establishment to ensure you are connecting to the correct network. 


Find out more about...

Travel

Pause – Think before you travel

Security awareness – Travelling for the Holidays

With the holiday season upon us, this could be a busy travel time for many. Let’s take some time to review some key cybersecurity tips to help reduce our vulnerability to cyberattacks related to travel.

  • Make Backups - How often have you heard that someone has lost their device, or had it stolen? It is a good idea to create a backup to another physical device, or better yet, to the cloud.
  • Location sharing – When travelling we often post pictures and locations to our social networks showing where we are. This can be problematic as it can be used to track your location. Criminals use it to break into your home knowing you are not there, or your hotel room. Always be cautious about what you share on social media.
  • Skimmer devices/digital pickpocket - A skimmer device or digital pickpocket is used to copy your credit card information without touching your credit card. These devices can acquire your information in a few seconds, just by hovering near your wallet or pocket. One way to stop these devices is to use a RFID protected wallet or cardholder, which is like creating a protective wall between your credit card and the skimmer device.
  • Public wireless networks - Connecting to public hot spots or wireless networks while travelling can be risky. Often hackers use these public networks to steal your valuable data. If you are connected to a public network, avoid online shopping or accessing sensitive data, like your bank accounts.
  • Public computers - Be cautious when accessing public computers in airports, cafés, hotel lobbies, or other public places as you don’t know their level of security. If you need to use a public computer, clear the cache and browsing history, and delete the temporary files after use. Never allow the browser to remember your credentials. Or you can choose to go incognito when using a browser.

The threat of cybercrime is very real, and that threat continues to increase rapidly. The last thing you want to worry about while travelling over the Holiday season is having your identity stolen or a break-in at home. By following these tips, it can help reduce your risk and travel safely.

Phishing

Phishing — Pause, think before you click!

As we use more and more technology in our daily lives, it increases the opportunities to be attacked. Therefore, protecting our cyber safety is essential. October is widely recognized as Cyber Security Awareness Month — so for this year we thought we should review one of the most common forms of attack, Phishing. In these situations, attackers are typically looking to trick you into giving them information so they can steal your identity, get your password, or take your money.

There are several different types of Phishing, Voice Phishing (Vishing), SMS Phishing (Smishing), Spear Phishing, Whaling, to name just a few.

In all these Phishing attacks, the aim is to steal something from you by deceiving you into giving them things like personal information, passwords, or credit card numbers, etc.

Here is a short video on Phishing. Phishing Explained - YouTube

  • Vishing — Vishing is short for "voice phishing," which involves defrauding people over the phone and enticing them to divulge sensitive information. A scammer can spoof the caller ID to trick you into believing they are legitimate.
  • Smishing — A phishing attack using SMS (texts). A scammer may impersonate someone you know or pose as a service you use (e.g., Internet or mobile provider) to request or offer an update or payment.
  • Whaling — A personalized attack that targets a big “phish” (e.g., a VP, or a top executive). A scammer chooses these targets because of their level of authority and possible access to more sensitive information.
  • Spear Phishing — A personalized attack that targets you specifically. The message may include personal details about you, such as your interests, recent online activities, or purchases.

Something may be phishy if:

  • don’t recognize the sender’s name, email address, or phone number (e.g., very common for spear phishing)
  • the sender makes an urgent request with a deadline
  • you notice a lot of spelling and grammar errors
  • the sender requests your personal or confidential information, or asks you to log in via a provided link
  • the offer sounds too good to be true
  • the call is of poor audio quality

If you realize that you have been phished, or fallen for any of these types of attacks, please change your password immediately and contact our Helpdesk (helpdesk@mta.ca). For more information about Phishing and other cybersecurity threats, please go to mta.ca/cybersecurity

Source: Canadian Centre for Cyber Security


Pause. Think before you click!

Overview

Phishing is a type of attack carried out to steal usernames, passwords, credit card information, Social Insurance Numbers (SIN), and other sensitive data.  Phishing is most often seen in the form of malicious emails pretending to be from credible sources such as MtA technology departments or organizations related to the university.
Attackers can use this information to:

  • Steal money from victims (modify direct deposit information, drain bank accounts).
  • Perform identity theft (run up charges on credit cards, open new accounts).
  • Send spam from compromised email accounts.
  • Use your credentials to access other campus systems, attack other systems, steal University data, and jeopardize the mission of the campus.

The Phish Tank

  • NEVER provide your Password!

Phishing emails targeting campus want your MtA credentials.
Some attackers will set up fake web sites and send emails with an immediate call-to-action that demands you to "update your account information" or "login to confirm ownership of your account".

  • DON'T CLICK on Hidden links!

You may receive an email telling you to "click here" to verify your account. Hover over the link (don't click!), or for a touchscreen, press and hold the link (don't tap!) to reveal the actual URL. (Look in the bottom left corner of the browser window.) Don't click on a link unless it goes to a URL you trust.

  • REJECT if you question the Sender!

You may receive an unexpected e-mail that claims to be from the "Help Desk" or someone you know saying you must click a link to prevent problems with your account.
The only time we will ask you for account information is when you initiate contact with the Helpdesk.  We will only change your password, if you call us, we do not send passwords via e-mail.

  • STOP if it looks Urgent!

If it says it's urgent, don't panic and don't be too quick to click on email links or attachments, even if the message looks urgent and threatening.
If you realize that you have replied to a phishing email, please change your password immediately and contact our Helpdesk.

NEVER click on a link and provide personal information!

Emotional Triggers of phishing

Emotional Triggers of Phishing – Pause, Spot and STOP!

Cyber attackers are constantly innovating ways to trick us into doing things we should not do, such as clicking on malicious links, opening infected attachments, purchasing gift cards or giving up sensitive information.

At Mount Allison University the number of phishing and compromised accounts brought to the attention of CSD (Computing Services Department) since January of this year are:

  • 36 compromised (hacked) email accounts
  • 22 warnings about phishing emails sent from CSD

It is all about emotions

We, as humans, far too often make decisions based on emotions instead of facts. If we know the emotional triggers to look for, we can spot and stop a cyber attacker. Below is a list of the most common triggers used in a phishing attempt. Remember, these hackers may use a combination of these different emotional triggers to make their attempt more believable and more effective:

  • Urgency: Urgency is one of the most common emotional triggers. Bad actors use fear, anxiety, intimidation to rush you into making a mistake.
  • Anger: The use of this emotion can affect us all. They try and use something political, social, or environmental to use the anger emotion to make you do something you should not do.
  • Surprise / Curiosity: Curiosity is evoked by surprise; we need / want to know more. For example; This emotion is used by sending email like “Hey you won a prize,” or “Your package is undelivered, click to learn more.”
  • Trust: Attackers use a name or brand name you trust to convince you into taking some short of action. This is a common one, a message from a bank you know, well know charity, trusted government organization or even a person you know.
  • Empathy /Compassion: Cyber attackers use the compassion emotion to trick you into giving money. They send out millions of fake emails to extort money using this emotional trigger.

If we take the time to better understand these emotional triggers, the University will be far better equipped to Pause, Spot and Stop cyber attackers and make the University cyber safe regardless of emotional triggers they attempt to use.

Resource: SANS OUCH! Newsletter | Emotional Triggers – How Cyber Attackers Trick You

Updating your devices

Don't wait. Update!

Is your computer up to date to protect you from the latest security threats? Don’t wait. Update!

Why do you need to update your computer? In a recent survey across 30 countries, which included 499 responses from the education sector, 44 per cent of the education organizations who responded were hit by ransomware in the last year. The most common method of attack is through outdated operating systems or applications. The best way to protect yourself is to install updates when they become available.

There are three types of updates you should be aware of:

  1. Security and systems updates (critical updates). These need to be your top priority and installed as soon as possible. Why?
    • Critical updates to operating systems (Windows, MacOS, iOS, Android) protect against newly identified security vulnerabilities that hackers can exploit.
    • Updates to device drivers fix known bugs and make devices work better.
  2. Application updates. These also need to be a top priority. Why?
    • They fix security vulnerabilities within the application
    • They fix known bugs within the application..
    • They improve application performance and often provide new features.
  3. Operating system updates. This is upgrading from Windows 10 to Windows 11, or MacOS Big Sur to Monterey for example. A “wait-and-see” approach is usually best with these. A good rule of thumb is to wait on these types of updates for three to six months before upgrading. Sometimes these updates can cause issues with applications already installed on your computer, causing them not to work properly or not to work at all. If you are unsure, please contact the Computing Services Helpdesk (helpdesk@mta.ca). These updates:
    • Fix known non-critical operating system bugs or install a new operating system with the latest enhancements that can lead to increased performance.
    • Provide new operating system security features.

Consequences of not installing updates

Potential consequences of not installing security updates are identity theft, loss of data, or software that is glitchy or doesn’t work.

Every year, malware results in losses of millions of dollars worldwide. One of the primary causes is that users fail to install critical software or operating system updates, allowing malware to exploit loopholes that exist in every software ever developed.

Vulnerabilities can potentially be exploited within hours of them becoming publicly known. Once a critical security update is available, you should plan to install it as soon as you can to protect your system.

Don’t wait. Update — and be safe!

Digital declutter

 

Digital decluttering will help protect your valuable personal data by deleting apps on your devices that you no longer use, ensuring your device is secure and up-to-date, and reviewing privacy and security settings on frequently visited websites.

Follow the steps below to help you digital declutter and protect your valuable personal data:

Keep a clean machine:

  • Ensure all software on internet-connected devices — including PCs, smartphones, tablets, and personal assistants (IoT devices) — are up to date to reduce risk of infection from malware

Lock down your login:

  • Your usernames and passphrase are not enough to protect key accounts like e-mail, banking, and social media. Secure your online accounts and enable the strongest authentication tools available, such as biometrics, security keys, or multi-factor authentication (MFA) such as a unique one-time code through an app on your mobile device.

Declutter your mobile life:

  • Delete unused apps, as they could still store personal information
  • Ensure that apps you use frequently are current

Perform a digital file purge:

  • Perform a thorough review of your online files by cleaning up your e-mail. Save only those e-mails you really need and unsubscribe to e-mail you no longer need/want to receive
  • Backup and/or copy any important data to a secure cloud site, such as your OneDrive, or another computer/drive where it can be safely stored. Also, use a passphrase protect backup drives
  • Note: Always back up your files before getting rid of a device

Take ownership of your online presence:

  • Check the privacy and security settings on websites that you frequently use, as you may not be comfortable with the level of information you are sharing.
  • Limit how you share your information online to secure your personal data
Device replacement

Device Replacement

When replacing your device, it is important to perform a factory reset. Without a plan for destroying your old device, you pose as a target to identity theft. We recommend a factory reset before recycling, donating, reselling or exchanging your device.

How to Reset an Apple iOS:

  • Apple iOS Devices: Settings > General > Transfer or Reset > Erase All Content and Settings

How to Reset and Android:

  • Android Devices: Settings > System > Reset Options > Erase All Data (these options may vary depending on device manufacturer)
Device security

Device Security - Pause… are my devices secure?

Did you know?

When we talk online security, we usually think of our computers and cell phones. But there are many different devices that connect to the internet. The Internet of Things (IoT) refers to a network of physical devices, vehicles, appliances, and other objects that are embedded with sensors, software, and network connectivity. These smart devices can collect and share data, communicate with each other, and perform various tasks autonomously. Welcome to the age of zeros and ones, where security reigns supreme. While this may make life easier, it also increases our risk, and we need to be mindful of this and take precautions.

Here is a list of things to consider:

  • Don’t settle for the defaults — always change default usernames and passwords.
  • Keep your devices up to date — turn on automatic updates when available or update when prompted.
  • Only use what you need — turn off Bluetooth, geolocation, cameras, and microphones when you're not using them and disconnect your smart device from the internet when not needed.
  • If you are able, set up a guest network, then connect your smart devices to it.

Stay safe while gaming

While gaming can be a fun pastime, it also comes with risk. With an ever-increasing number of players, cybercriminals are taking notice. Here is some food for thought:

Keep a low profile - don’t give away personal information like location, gender, or age when chatting and choose a username that doesn’t divulge any personal information.

  • Make sure your games have the latest patches - and not just your games; make sure your device has the latest updates to patch security flaws, enable automatic software updates.
  • Mobile Security - Lock Screen: Set up a PIN, pattern, or biometric lock on your phone.
  • App Permissions - Review app permissions. Only grant necessary access.
  • Multi-Factor Authentication (MFA) - Enable MFA whenever possible.
  • Use a secure network - Connect to the DeviceNet network when using gaming devices at Mount Allison.

Have you acquired a new device?

Here are some things to consider:

  • Configure your device
    • Uninstall apps you won't use.
    • Review app permissions, look for apps asking for access to data not relevant to their function.
    • Turn off location services.
    • Disable other features you won't use.
    • Review Privacy Policies and Terms of Use.

Remember, proactive steps like this help protect your personal information and enhance your overall digital security. Stay safe!

Resources: Secure your devices - Get Cyber Safe

Working from home

With so many people now learning and working remotely it is a good time to review some cybersecurity tips for working and learning from home.

From a cybersecurity standpoint, remote working and learning presents several additional security issues. Unsecured home networks or public networks and weak WiFi passwords are just some of the new vectors that are prone to attacks.

Here are some tips and best practices to help you navigate the transition to remote working and learning.

Tips when working from home

Physical security

The first and most basic tip for remote work is physical security. Offices and classrooms are often fob or key-code protected and monitored by campus security. When you are at home you are responsible for your physical security.

  • Lock your doors

When working from home, be sure to lock your doors to protect any confidential information that may be on your work computer.

  • Keep your devices on you

Don’t leave your laptop or phone in your car if you are stepping out. Leave your devices at home or keep them on your person.

  • Know your thumb drives

If you need to use a thumb drive, make sure you know where it came from. One hacking technique is to leave thumb drives near a target computer. Only use a thumb drive if you know where it came from.

  • Keep your computer secure

Maintain a clean work area and enable a five-minute screen lock.

  • Don’t forget about printed information

Store any paper documents with confidential information on them securely and dispose of by using a shredder or returning them to the office for proper disposal.

Remember your IoT

The Internet of Things (IoT) is a network of internet-connected devices that can collect and share data. Any household object that is connected to the internet in your home is a gateway to your server and needs to be protected.

  • Update your devices

Make sure all your devices have updated software and firmware. Updates often include fixes to vulnerabilities.

  • Change your passwords

Be sure to change the default out-of-the-box passwords of any internet-connected device as well as your router.

  • Be aware of digital assistants

While working from home, mute or shut down any digital assistants (e.g., Alexa, Google Home, etc.) since they could be recording nearby conversations.

Look out for scams

Offices and classrooms have firewalls and phishing prevention as a part of the University’s cybersecurity procedures. There has been an increase in COVID-19 related scams, from phishing to fund raising. Messaging from credible sources are often directly copied, such as alerts from The World Health Organization (WHO) and Health Canada, with malicious links in the message.

  • Never click on unknown links or files

Always double check before clicking or downloading any links or files from an unknown source. This is also true if a colleague sends you an attachment or file you were not expecting. Hover over any links to verify the URL before clicking on them. Pay particular attention to the first part of the URL, which indicates the main website. Better yet, open your browser and navigate directly to the website rather than following e-mail links.

  • Install antivirus software

Be sure you have installed and updated antivirus software on all your devices.

  • Confirm invoices with vendors

Be sure to call the billing department of any company that has sent you an invoice for something you don’t usually pay to verify its authenticity.

  • Update your passwords

Keeping passwords updated and different for each device and account is an important cybersecurity basic. See Mount Allison’s password/passphrase policy.

  • Use multi-factor authentication

Use multi-factor authentication when possible. The combination of a password and a text or e-mail verification greatly increases security.

Identity theft

Identity theft happens when someone uses your personal information without you knowing about it. The risks can be significant. When you do things like log on to a website, enter a contest, sign up for a social network or pay bills through online banking, you're providing a wealth of information that can be stolen.

Aside from the inconvenience of having to cancel and open new accounts, identity theft can lead to more serious consequences:

  • Bills, charges, bad cheques, and taxes.
  • Clearing your name.
  • A damaged reputation if your name isn't cleared.
  • Bad credit rating, which could make finding employment or getting credit difficult.
  • Emotional issues from feeling violated and having to deal with the consequences.

If you do have the misfortune of having your personal information compromised, the best thing you can do after addressing the immediate aftermath is to become as knowledgeable as you can about how to protect yourself in the future.

Online Identity Protection Tips

The easiest way to avoid identity theft? Don't let it happen. Keep these tips in mind at all times to help keep you safe:

  • Before you share personal information, consider carefully what you're putting out there through email and social networking sites.

This could include information like your cell number, address, hometown, workplace, status updates that let people know you're away and other revealing details.

  • If you're asked for your personal information, find out how it will be used and why it's needed.
  • Don't provide any more information than is required.
  • Choose strong passwords. Don't use simple words or favorite names (like your child's name or your mother's maiden name). Try a combination of upper and lower case letters, numbers and symbols.
  • Don't keep your password in your wallet, saved on your computer or on your mobile device.
  • Never use automatic login features that save your username and password. Take the time to re-enter your password each time.
  • If you use webmail, make sure you are using a secure connection, a feature available from all of the major services.
  • Use "2-step verification" to log on to web services, if this feature is available. Services using 2-step verification first ask you for a password and then verify your identity through a separate channel such as by a text message on your phone.
  • Do not reply to or click on links in any e-mail that looks suspicious. Never open an attachment from spam or sender not known to you. Make sure that you are using anti-spyware software and that it is up-to-date.
  • Always be wary of e-mails from financial institutions, Internet service providers, and other organizations asking you to provide personal information online. If in doubt, call the company directly and ask them to verify the e-mail.
Backup files

Having duplicate copies of your most important information saved in a remote location keeps it safe in case anything goes seriously wrong with your computer.
When you think about it there are a number of ways files can be lost unexpectedly:

  • Computer crashes — always happen when you least need it, and can lead to data loss.
  • Virus Infection — aggressive malicious viruses can corrupt files and disable computers.
  • Hard drive failure — hard drives have a finite lifetime and can fail suddenly and without warning. The sudden death of a hard drive can cause the painful loss of months or years’ worth of irreplaceable files and the timing can be catastrophic. If this happens close to a work or college deadline it could be a nightmare scenario.
  • Physical computer damage — your files are more at risk if you use a laptop. Light and portable comes at the price of reduced durability. Laptops are sensitive and are easily damaged if dropped or have drinks spilled over them.
  • Theft — computers are sought after by thieves and cannot always be kept secure while travelling.

A backup is a copy of all your electronic files and folders, saved in one or more separate locations off your computer, tablet, or phone. A backup ensures that if something happens to your device, your information is safe and can be easily restored.

How do I make a backup?

You have three options for making a backup:

  • Back up to an encrypted external hard drive.
  • Back up to an online cloud storage system (Office 365 OneDrive). (Note: You can find instructions on the World Backup Day website)
  • Store your data on a university file-share that embeds secure backup management.
Mobile security

Pause, think before you swipe!

Did you know?

Security breaches can happen when people click on malicious links, install unauthorized apps, use public Wi-Fi, or lose their mobile device.

Smartphone users are three times more likely to click on a phishing link on their devices than on a desktop. Smaller screen sizes that display less information and the multi-tasking approach to smartphone use are partly responsible for this.

Keep your guard up
No peeking - staying safe and private on Wi-Fi

It is tempting to stay in touch with friends and colleagues as you travel by connecting to Wi-Fi networks. However, anyone can create a network and give it a legitimate sounding name, to lure unsuspecting travelers to give up personal information transmitted through the network. This is especially predominant at public cafes, hotel lobbies, and airports.

Only connect by Wi-Fi with trusted, password-protected networks, and turn off settings that automatically search for Wi-Fi networks.

None of their business - securing your mobile device with a Passcode/ PIN / Touch ID

As mobile devices are being used for more transactions and web activity, they are storing more information that is personal, web history, passwords, e-mail, calendars, and contact information than ever before.
Set up your device with a strong password. This will protect your information not only from hackers but also from someone who finds your device if you lose it.

Watch for updates - keeping your device healthy

Updates help keep a piece of software or a system current. Because new threats are being developed all the time, manufacturers will send out fixes and updates to help protect their users from new threats - or just from problems they didn't find when the software was first made. If you don't download and apply the update to fix the problem, you're basically leaving a door open to attack.
Always update the big three:

  • Security software
  • Web browser
  • Operating system

Additional security

  • Do not let your devices out of your sight. Don't leave your mobile device charging in a public conference room while you go for lunch or lend your phone to a stranger who needs to make a call. When downloading an app, take a good look at the permissions and don't click "allow" to everything.
  • Before you click on something, think seriously about where it came from. Viruses and worms can infect your mobile phone from anything you download, from text attachments and Bluetooth transfers.


Mobile security tips

  1. Always update your phone's Operating System (OS) when prompted. These updates are meant to protect your device and information.
  2. Always lock your phone when not in use. Set up Touch ID or Facial Recognition on your device, and back that up with a unique PIN or pattern. Set your phone to lock automatically and consider setting it to erase all data after a number of unsuccessful attempts to unlock. You choose the number. Ten is a common number that allows you to make mistakes when entering but doesn't allow too many attempts by someone who shouldn't be unlocking your phone.
  3. Always back up your smartphone's data. If your mobile device gets lost, stolen, or destroyed, would you feel safe that your contacts, pictures, apps, and email data are secure? Back up to the cloud if possible. If you back up to a computer, ensure the backups are encrypted.
  4. Encrypt your data. Your smartphone holds a lot of data. If it's lost or stolen, your emails, contacts, financial information and more can be at risk. To protect your mobile phone data, you can make sure the data in encrypted. Encrypted data is stored in an unreadable form so it can't be understood.
  5. Most phones have encryption settings you can enable in the security menu. To check if your iOS device is encrypted, go to the settings menu and then click on "Touch ID & Passcode." It will prompt you to enter your lock screen code. Then scroll to the bottom of the page where it should say "Data Protection is enabled."
  6. To encrypt an Android, you must first be sure your device is 80% charged, and unroot your phone before continuing. Once these things are done, go to "Security" and choose "Encrypt Phone." If you don't charge your device, unroot it or interrupt the encryption process, you may lose all your data. Encryption can take an hour or more.
  7. Turn on remote tracking in your mobile device settings. Apple users have Find My iPhone, and Android users can enable Find My Device to see the last known location of the device. Both features allow you to remotely wipe your smartphone's data if it's stolen or can't be retrieved.
  8. Audit your apps to see what information they are accessing. Apple and Google Play scan the apps in their stores every day, but there is no way to identify all flaws. Be cautious about what permissions you grant the apps that you download. Permissions can be set to access location services, camera, microphone, photos, etc.

For location services:

  • If disabling location services altogether will negatively impact your life or business operations, then use them selectively - and with caution.
  • Share your location only with people or institutions that you trust - and disable any options that allow others to share your location.
  • Consider disabling  geo-tagging features , which can add location tags to your posts and interactions on social media.
  • Before downloading, installing, or activating a location-enabled app or signing up for a location-based service, carefully study the paperwork (EULA, permissions, etc.) for suspicious references or outright admissions of dubious use of your personal data.
  1. Do not "Root" your Android or "Jailbreak" your iPhone. This is a process that gives you complete access of your device, but in doing so, removes many of the safeguards that the manufacturers have put in place.
  2. Make sure you're protected when using Bluetooth. Always make sure you recognize the device that you're pairing with and try to keep your connection only as long as it is necessary to do whatever it is that you're trying to do. Turn Bluetooth off if you don't use it regularly.
Online security

Pause, think before you connect!

Online Safety

As internet/computer capabilities grow, your digital footprint expands. Hackers are always on the lookout for personal data they can use to access your credit card and bank information.
Unsafe surfing can also lead to other threats — from embarrassing personal comments or images that, once online, are nearly impossible to erase, to getting mixed up with people you'd rather have had nothing to do with.

Connect safely

Here are some suggestions to make your day-to-day online connection more productive, safe, and secure.

  • Keep your computer up to date

Updates help keep a piece of software or a system current. Because new threats are being developed all the time, manufacturers will send out fixes and updates to help protect their users from new threats — or just from problems they didn't find when the software was first made. If you don't download and apply the update to fix the problem, you're basically leaving a door open to attack.

  • Keep your private information safe

Use a strong, unique password or passphrase for each account, and avoid storing account information on a website. Consider using separate browsers for sensitive logins and general web browsing. To ensure the privacy of personal information online, limit access by going "incognito" and using the browser's private mode. Never use automatic login features that save your username and password. Take the time to re-enter your password each time.

  • Use private networks

Only connect by Wi-Fi with trusted, password-protected networks. When you're on public Wi-Fi, never access anything private. Accessing sports scores? Cool. Accessing your bank account? Not so much — not when the Wi-Fi's owner could be looking over your cyber-shoulder.
If you use a business's Wi-Fi, make sure to ask the owner for the exact name and password of the network. That way you can avoid mistakes and networks playing copycat.
A VPN (Virtual Private Network) is the most secure option to surf on public networks. It is one of the most useful tools to help people keep their information secure when logged on to public networks.

  • Use HTTPS

Make sure a URL includes HTTPS before entering any personal information. If the "S" is missing in a URL, it's probably not safe to use a credit card or share other personal info. This means the connection between the browser and the web server is encrypted, so any data that is submitted to the website will be safe from eavesdropping or tampering. Most browsers also include a padlock symbol at the beginning of the address to indicate the site uses encryption. Don't click on pop-up windows or extraneous ads!

  • Don't talk to strangers

Especially at the beginning of the semester, during tax season, and holiday shopping season. Remember the old advice about not talking to strangers? It goes double on the internet. Anyone can pretend to be someone else and a message from an exciting new friend, or even one that appears to come from a friend, could actually be a trick. Walk away, don't engage.

Online shopping

How to be a Cyber Smart Holiday Shopper!

We all know that the holidays can be hectic – with exams, buying gifts online, travelling, and more. It is also a busy time for cybercriminals who are looking to take advantage of you. By understanding the cyber threats linked to online holiday shopping, safeguard yourself and your personal information to enhance your cybersecurity knowledge.

Pause. Think before you pay!

Beware of these 7 common online shopping cyber security risks.

  • Phishing: Deceptive emails and websites impersonate legitimate retailers to steal personal and financial information. 
  • Malware: Malicious software can be downloaded from fake shopping websites or through email attachments, compromising security. 
  • Update Your Software: Keep your operating system, browser, and other software up to date to protect against security vulnerabilities. 
  • Shop Secure Sites Only: Ensure the website you are shopping on is secure. Look for "https://" in the URL and a padlock symbol in the browser's address bar. 
  • Outsmart Email Scams: Be cautious of unsolicited emails, especially those that ask for personal or financial information. 
  • Fake Reviews and Scams: Counterfeit products and fake reviews may lure shoppers into making fraudulent purchases or revealing personal information. 
  • Be Smart About Shopping Apps: Only download shopping apps from reputable sources like the Apple App Store or Google Play Store.

Remain alert for indicators of potential threats. If a deal seems too good to be true, it probably isn’t. By adhering to these recommendations, you can improve your cybersecurity awareness and safeguard yourself while shopping online. Additional measures include using strong and unique passwords and enabling two-factor authentication. 

For more information, watch the Holiday shopping tips video.


We all know that the holidays can be hectic — with exams, buying gifts online, travelling, and more. It is also a busy time for cybercriminals who are looking to take advantage of you. By understanding the cyber threats linked to online holiday shopping, safeguard yourself and your personal information to enhance your cybersecurity knowledge.

Pause. Think before you pay!

Beware of these 7 common online shopping cyber security risks.

  • Phishing: Deceptive emails and websites impersonate legitimate retailers to steal personal and financial information.
     
  • Malware: Malicious software can be downloaded from fake shopping websites or through email attachments, compromising security.
     
  • Data Breaches: Online retailers may suffer breaches, exposing customer information like payment details and personal data.
     
  • Account Compromise: Weak passwords or reused passwords can lead to unauthorized access to shopping accounts.
     
  • Payment Card Fraud: Cybercriminals can intercept or steal credit card information during online transactions.
     
  • Fake Reviews and Scams: Counterfeit products and fake reviews may lure shoppers into making fraudulent purchases or revealing personal information.
     
  • Identity Theft: Stolen personal information can be used to commit identity theft, leading to financial and legal consequences. 

To protect yourself from these risks, it is important to:

  • use strong, unique passwords
  • enable two-factor authentication
  • shop from reputable websites
  • use secure and private networks
  • stay vigilant for signs of potential threats 

Online Shopping - Pause, think before you pay!

We all know that the holidays can be hectic – with exams, buying gifts online, making travel arrangements and more. It is also a busy time for cybercriminals who are looking to take advantage of you. Let’s fight back by practicing some Holiday Shopping tips to help you protect yourself and your personal information from being exploited.

Here are some safe tips for shopping online.

  • Use secure Wi-Fi and disable auto connect. Using public Wi-fi to shop online at a coffee shop is convenient but can pose a great risk to you. Other users on the network can see what you see and send, including your credit card details. Don’t make purchases while connected to public Wi-Fi.
  • Resist the urge - Be wary of offers too good to be true, no matter how tempting they maybe. Buy from trusted and established online retailers and avoid the websites of retailers you’ve never heard of.
  • Shop securely - Make sure you are shopping on a site that uses SSL protection. The easiest way to check this is to look for the “Https” is on the URL. If it has just http then it is not secure, you should avoid these retails sites.
  • Monitor your bank accounts – Check your online financial accounts regularly for unusual spending or transactions that you don’t recognize. Also, you can take advantage of text or email alert services that many financial institutions now offer.
  • Make the password long and strong – when setting up various accounts on retail sites, make sure you protect yourself by making you passwords long and strong, use multifactor authentication when available. Use different password for each account.
  • Ensure your operating and security systems are up to date – Protect yourself by having the latest security patches installed which can protect you against known vulnerabilities on your devices.
  • Always think twice before clicking on links or opening attachments - Even if links appear to be from people you know, legitimate organizations, your favorite retailers, or even your bank, as messages can easily be faked. Use known, trusted URLs like your bookmarked sites instead of clicking on links. And only open known, expected attachments. You can also initiate contact via a separate method (new email, txt or phone call) using trusted contact info to verify the request. When in doubt, throw it out!

Here is a short video on the various Holiday shopping tips


Pause, think before you pay!

The 12 Cyber Security Tips of the 2020 Holiday Shopping Season

With holiday shopping already in full swing and the impacts of the COVID-19 pandemic making people rely more on online shopping, a useful gift for you is these 12 Cybersecurity Tips. Don’t let a cyber-grinch ruin your holidays!

#1 Be Skeptical

Cybersecurity online during the holiday season starts with being skeptical. According to McAfee, “It’s beginning to look a lot like the holiday season — and with the holidays comes various opportunities for cyber-scrooges to exploit this. While users prepare for the festivities, cyber-criminals look for opportunities to scam holiday shoppers with various tricks.” That’s why it is necessary to be skeptical rather than trusting.

Use common sense when shopping online:

  • If a deal seems too good to be true, assume it is a scam.
  • If you think an e-mail is fake, it probably is.

#2 Watch Out for Seasonal Scams

Unfortunately, the cyber-scrooges have found ways to exploit the goodness in people’s hearts during the holiday season. E-mail phishing scams are especially rampant during the holidays.

For this reason, a cybersecurity mindset is necessary when opening any and all e-mails this holiday season. Cyber-criminals often send fake holiday e-cards with links that are malicious and steal personal information. McAfee also reports, “Since many people do a lot of their holiday shopping online, users should also beware of shipping notification scams, as respondents […] have fallen victim to these scams throughout this year.”

This seasonal scam is a threat this year due to the amount of online shopping and higher number of shipping delays. 
Sadly, charity donation scams are also an issue during the holiday season.
Cybersecurity tip: if the e-mail has typos, grammar errors, or the company logo looks different, assume it is a phishing e-mail.

#3 Shop Only on Sites You Know

There are currently 7.1 million online retailers in the world and more than 8 in 10 Canadians  shopped  online  in 2018. Not all of these online retailers are trustworthy.

That’s why it is important to shop only at sites you know, such as the official online stores for in-store retailers you frequent.

If you see a gift item advertised as significantly lower at an unknown online retailer, research to make sure it is a safe site before purchasing.

#4 Use a Credit Card 

When shopping online, always use a credit card instead of a debit card.

It is better to have your credit card compromised than for a cyber-criminal to drain your checking account. Plus, credit cards offer fraud protection.

#5 Keep Software Updated

Set computer and mobile devices to update automatically. In addition to installing software updates that make devices work better, these updates also make devices more secure and protect users from cyber-criminals.

#6 Don’t Autosave Info

Yes, it is convenient to have the stores where you shop save your personal credit card information, but it is riskier. If you store your credit card information via autosave, hackers can access that information.  Protecting yourself against cyber-crimes is worth the little bit of extra time it takes to re-enter your credit card information each time you want to make a purchase.

Bonus — it’s harder to make impulse purchases when you have to enter your credit card information!

#7 Avoid Shopping Online using Public Wi-Fi

Public Wi-Fi sounds like a good idea, but cyber-criminals can also take advantage of it.

Cybersecurity online during the holiday season means avoiding public Wi-Fi for this very reason.

If you must use public Wi-Fi, use a VPN. The National Cyber Security Alliance explains, “A VPN is a service that encrypts all of a device’s internet traffic and routes it through an intermediary server in a location of the user’s choosing."

The encryption part of a VPN is like what you get when you visit an HTTPS site. Anyone who happens to intercept internet traffic between the smartphone or laptop and the VPN server won’t be able to decipher its contents, including public Wi-Fi hackers.

#8 Use Strong Passwords and Multi-Factor Authentication

One of the most effective ways to practice cybersecurity is to use strong passwords and multi-factor authentication. When creating strong passwords, use a combination of letters, numbers, and symbols. Also, avoid these common password mistakes:

  • Using personal information, such as a pet’s name or anniversary
  • Using your user ID as your password
  • Using simple number sequences, such as 12345
  • Recycling your password and using it for multiple websites
  • Not changing your passwords frequently
  • Sharing passwords

For more information see our setting up passwords/pass phrases page.
With multi-factor authentication, the user must enter additional proof of ID to gain access.

For example, you are required to both login with a password as well as provide a one-time verification code sent via text message.  While a cyber-scrooge may have your password, unless he has access to your cell phone, he won’t have a way to receive the one-time verification code.  

#9 Go Directly to the Source

Treat emails or pop-ups as suspicious unless you can verify them. In tip #2 above, we discussed the potential for shipping notification scams. If you receive an e-mail from a shipping company such as UPS, go to the UPS website or contact customer service to verify rather than clicking any links inside the e-mail. This would be the same for e-mails you receive about deals online. Don’t click on the link. Find another way to verify if it is real.

#10 Check Your Statements

Stay on top of cybersecurity online during the holiday season by routinely checking your credit card and bank statements. If you notice any discrepancies or purchases you have not made, contact your credit card company immediately. 

#11 Never Give Your Personal Info Out Online

Never (ever) give out your personal information online. For example, if you receive an e-mail or text message requesting personal information, such as your credit card number, it is likely a scam.

#12 Pay Attention to the URL 

One way to practice cybersecurity online during the 2020 holiday season is to pay attention to the URL. The URL is the website address, such as https://www.amazon.ca/

A website’s URL can tell you if it is a secure or not. Secure websites should use https. The “s” means secure.  Additionally, the padlock icon appears to the left of the website address on secure online retailers.   If you don’t see the “s” or the padlock, the site is not secure.
Cybersecurity tip — if you receive an e-mail with links, hover over the link to see the URL where you would be taken if you clicked it. 


More tips to keep your online shopping cybersafe:

Click here to watch the video.

Ransomware attacks

Pause…..think about the consequences!

Ransomware continues to be a major threat. Usually delivered through phishing e-mails, industry experts say the magnitude of the problem is only growing. As a result, it’s now more a matter of when, not if, you will be affected by ransomware.

One recent study by Sophos, a respected IT security company, clearly illustrates how far-reaching this problem is. Over one-third — 37 per cent — of the 5,400 organizations surveyed by Sophos were hit by ransomware last year.

Some of Sophos (2021) key findings

  • 44 per cent of educational organizations surveyed were hit by ransomware
  • Education was the hardest hit sector (tied with retail) of 14 sectors surveyed
  • 58 per cent of those who were hit had data encrypted
  • 35 per cent of organizations with encrypted data paid the ransom
  • Of those who paid, only 68 per cent of their data was accessible after paying ransom
    • 32 per cent got half or less
    • 11 per cent got all their data back

To view the full report, The State of Ransomware 2021, visit https://secure2.sophos.com/en-us/content/state-of-ransomware.aspx and click on “Get the report now”.

Why organizations should expect to be hit by ransomware

  • Ransomware attacks are getting increasingly hard to stop due to their sophistication
  • Ramsomware-as-a-Service is now available and inexpensive
  • Ransomware is so prevalent it is almost inevitable we will get hit
  • Other organizations in our industry have been targeted
  • It is difficult for users to recognize the more sophisticated phishing e-mails

The cost of ransomware

  • Ransom payments vary greatly. Of the 357 respondents who reported that their organization paid the ransom, 282 shared the exact amount paid: an average of US$170,404
  • Whether you pay ransom or not there are also substantial costs to the organization to remediate an attack for things like IT forensics, legal fees, costs due to business interruption and more. These usually add up to well over $1 million — the average across all sectors was US$1.85 million.

Why is this information important? Because anyone can be a target of ransomware!

There are several initiatives underway to help build Mount Allison's resilience to this kind of event. You can do your part by being cyber aware and on the look out for things like phishing e-mails. For more information on how to help protect yourself and Mount Allison see the cyber tips on this page.

Securing a mobile device

The increased use of mobile technologies allows access to and use of sensitive university data from almost any location. To protect this data, the university must ensure that appropriate safeguards are in place and maintained.

Computing Services reminds you to store sensitive information on your portable computer for only as long as it is required and to remove the data when it is no longer needed.

What you can do to minimize your risk:

  • Ensure the firewall and antivirus software (currently ESET Endpoint Security) is installed and enabled.
  • Keep your operating system and software up to date.
  • Only install software from official places like the Apple App Store, Google Play and Microsoft Store.
  • Set up your device with a strong password. This will protect your information not only from hackers but from someone who finds your device if you lose it.
  • Only connect by Wi-Fi with trusted, password-protected networks, and turn off settings that automatically search for Wi-Fi networks.
  • When downloading an app take a good look at the permissions and don’t click “allow” to everything.
  • Before you click on something think seriously about where it came from. Viruses and worms can infect your mobile phone from anything you download, from text attachments and Bluetooth transfers.

Travelling

Unfortunately, cyber-based threats can significantly increase when you are travelling and devices can easily be compromised or stolen. When you travel, protect yourself by being cyber aware.

You can connect your cellphone, smart phone, laptop or tablet to the Internet at wireless access points, sometimes free of charge, at coffee shops, in hotels or at airports during your travels. These highly unsecure networks are accessible to everyone.

Protect your equipment

Protecting the physical security of your devices is just as important as protecting yourself through digital measures. Laptops and smartphones are popular targets for thieves since they are relatively small and can yield a high profit. A thief can transfer data from your unattended device to a secondary storage device and can upload malicious software to be accessed later.

  • Do not let your devices out of your sight. Don’t leave your phone charging in a public conference room while you go for lunch or lend your phone to a stranger who needs to make a call.
  • Lock up valuable and sensitive electronic equipment when it is not in use.
  • Do not leave valuable or sensitive electronic equipment lying around your hotel room.
  • Do not rely on “good hiding spots” within a hotel room to secure your equipment. This may be the first time you have seen the room but it is not the first time someone else has seen it.
  • When travelling, keep your electronic equipment in your carry-on baggage to avoid potential in-flight loss or damage.
Setting up a password

One of the potentially weakest links in computer security is the individual password. Despite the University's efforts to keep hackers out of your personal files and away from Mount Allison only resources (e.g., e-mail, web files, licensed software), easily-guessed passwords are still a big problem.

Passwords must have a minimum length of 14 characters. Passwords over 19 characters are the gold standard and offer the most protection.

Password requirement guidelines

  • Include characters other than lowercase letters in a password, such as uppercase letters, digits, and punctuation to improve the security of a password.
  • Do not use a word modified slightly with a single number added at the end or with well-known substitutions such as a zero used in place of the letter 'O'. These are easily predictable patterns.
  • Do not use the same password for University systems as is used for personal accounts or other organizations.
  • Do not use words that appear in a dictionary.
  • Do not include your name, the names of family members or pets, or other easily obtainable personal information in a password.
  • Do not use a word spelled backwards.
  • Do not use a combination of characters that someone watching could easily recognize as the password is entered.
  • When changing passwords, the new password should be different from the old one.

Mount Allison now recommends the use of "pass phrases" instead of passwords. Pass phrases are longer, but easier to remember than complex passwords, and if well-chosen can provide better protection against hackers.

A pass phrase is basically just a series of words, which can include spaces that you employ instead of a single pass “word.” Pass phrases should be at least 16 to 25 characters in length (spaces count as characters), but no less. Longer is better because, though pass phrases look simple, the increased length provides so many possible permutations that a standard password-cracking program will not be effective. It is always a good thing to disguise that simplicity by throwing in elements of weirdness, nonsense, or randomness.

Here, for example, are a couple of pass phrase candidates:

  • pepper tofu with mushrooms (26 characters)
  • organic sweet essential oil (27 characters)

Punctuate and capitalize your phrase:

  • Pepper tofu with mushrooms!
  • organic & Sweet Essential oil

Toss in a few numbers or symbols from the top row of the keyboard, plus some deliberately misspelled words, and you'll create an almost un-guessable key to your account:

  • Pepper tofu with 5mushrooms!
  • Organic & Sweet 3ssential oil

Password protection

  • Passwords must not be recorded on paper or online
  • Passwords must not be recorded in a visible location in a workspace (e.g. a sticky note attached to a monitor or keyboard)
  • Passwords must not be shared with anyone
  • Passwords must not be sent by e-mail

Other considerations

Administrator passwords deserve additional attention. Administrator account access should only be granted to those requiring such access to perform their work. Administrator accounts should not be shared.

Social media security

Cyber threats in social networking websites….

A cyber threat is a malicious act that seeks to damage, steal data, or worse. This can be a major disruption in life in general. They can be unintentional or intentional, targeted, non-targeted, and they can come from several sources, for example, hackers, or even contractors working within the organization.

In this segment of cyber security awareness, we will highlight some tips to help you manoeuvre through potential risks in social media.

7 areas to think about

  1. Personal information — Are you providing too much personal information? Birthdate, where you live, pictures and names of your families, schools you went to, etc. This could be scary as could expose you to a home invasion.

  2. Identity theft — Sharing personal information could also expose you to identity theft. Look at your profile and ask yourself if the information you have shared would allow someone to set up a credit card in your name, for example, or otherwise impersonate you. Find out more in this short video: Socially Cautious (youtube.com)

  3. Cat fishing – social media and dating apps are extremely convenient; however, this is a way for someone using a fake identity to trick you into giving them personal information and financial information. For more information, read this Forcepoint blog post: What is Catfishing and How to Avoid Being Catfished (youtube.com)

  4. Unused social media accounts — If you have accounts lying dormant, hackers will break into these accounts and now have all your personal information. If you have unused social media accounts, you might want to consider deleting them and the personal information you have stored there.

  5. Unsecure mobile devices — What happens if you lose your phone? If it is a company phone, could the data on it cause harm to your employer or business? Use strong passwords or biometrics to protect data on your phone.

  6. Malware — social media is one of the biggest gateways for malware — almost everyone has received a message from a friend warning you not to accept a friend request from them as their account has been hacked. Malware can also be hidden in social media ads. Be wary of these.

  7. Understanding and managing your privacy settings – A good idea may be to login into your security settings of your social media apps and adjust accordingly. Discover how to best protect yourself on these apps. Photos that you post on social media may have the location embedded in the photo. Turn off the location settings to protect yourself from identity theft.


Pause, think before you share!

There are many ways information on social networks can be used for purposes other than what you intended. Any time you choose to engage with social networking sites, you are taking certain risks.

Have you thought about your digital footprint? Every day, whether we want to or not, most of us contribute to a growing portrait of who we are online, a portrait that is probably more public than most of us assume. So, no matter what you do online it's important that you know what kind of trail you're leaving, and what the possible effects can be.

What information are you sharing when you use social networks?

The kinds of information you may be sharing on a social network include:

  • Your profile. Most social networks allow users to create detailed online profiles and connect with other users in some way. This may involve users sharing information with other users, such as one's gender, age, familial information, interests, educational background, and employment.
  • Your status. Most social networks also allow users to post status updates in order to communicate with other users quickly. Though there may be privacy settings to restrict access to status updates, these networks are frequently designed to broadcast information quickly and publicly.
  • Your location.  Many social networks are designed to broadcast your real-time location, either as public information or as an update viewable to authorized contacts. This might allow users to "check in" to a local event or business or share one's location with contacts within their network.
  • Shared content. Many social networks encourage users to share content, such as music, photographs, videos, and links to other webpages.

All of this reveals information about you, including contextual information you may not even be aware of. By sharing this information online, you may be providing enough information to allow advertisers to track you or hackers to take advantage of your online identity.

It is important to be aware of the information you are providing and to be conscious of the choices you can make to protect your privacy.

How may your social networking information be used and shared?

Publicly available information. Every social network allows you to post some information that is completely publicly accessible, from your username to individual posts to your entire account.

Anyone, including strangers, can view whatever is posted as "public." However, there may be other data that you share publicly without realizing it and there are less obvious ways your information may be treated as public without your permission, including:

  • Certain information may be publicly visible by default. In some situations, user information must remain public (frequently such information includes your account name). 
  • A social network can change its privacy policy at any time without a user's permission. Content that was posted with restrictive privacy settings may become visible when a privacy policy is altered.
  • Approved contacts (people on your "friends" list or people that "follow" you) may copy and repost information — including photos or personal information — without a user's permission, potentially bypassing privacy settings.
  • Third-party applications that have been granted access may be able to view information that a user or a user's contacts post privately.

Social networks themselves do not necessarily guarantee the security of the information that has been uploaded to a profile, even when those posts are set to be private. While security flaws and breaches are usually quickly fixed, there is potential for taking advantage of leaked information.

Advertising. Your own publicly posted content isn't the only way you can be tracked. Advertisers are very interested in the information that can be gathered by tracking your online activity.

This may include:

  • Tracking which websites a user has viewed.
  • Storing information associated with specific websites (such as items in a shopping cart).
  • Analyzing aggregated data for marketing purposes.

Behavioral advertising is the term used to describe the practice of tailoring advertisements to an individual's personal interests.

Social networks that provide their services without user fees make a profit by selling advertising. This is often done through behavioral advertising, also known as targeting. This practice is appealing to marketers because targeted advertisements are more likely to result in a purchase by a viewer than comparable non-targeted advertisements. They are valuable to social networks as they can be sold at a higher price than regular ads.

Third-party applications are programs that interact with a social network without actually being part of that social network.

These applications take many forms, but some typical and popular forms include games that you may play with contacts, online polls or quizzes, or third-party interfaces with the social network.

To make these applications useful, social networks may allow developers automatic access to public information of users, and may even access some private information, when a user grants the application permission.

You may inadvertently grant an application access to your profile without realizing the extent of the permissions being granted.

Some facts to keep in mind when considering using third-party applications:

  • Most social networks do not take responsibility for the third-party applications that interact with their sites.
  • They may not be guaranteed to be secure.
  • They may gain access to more information than is necessary to perform their functions.
  • They may contain malware designed to attack the user's device.
  • Third-party developers may report users' actions back to the social networking platform.
  • A social network may have agreements with certain websites and applications that allow them access to public information of all users of the social network.

Government and law enforcement officials can monitor social networks for valuable information.
Law enforcement agencies can and do monitor social networks for illegal activity. During an investigation, law enforcement will often turn to a suspect's social network profiles to glean any information they can.

Though each social network has adopted its own procedures for dealing with requests from law enforcement agencies, it's important to keep in mind that the degree to which these sites co-operate, or don't co-operate, with law enforcement may not be fully explained in the privacy policy.

Employment. Potential employers are generally permitted to use whatever information they can gather about an applicant in making a hiring decision. Although there are legal risks, including possible violation of anti-discrimination laws, employers are increasingly turning to social media to inform their decisions.

It is important to know what information can be seen by non-contacts and to consider what kind of conclusions might be drawn from it.


Protect your online identity

Keep your full name and address to yourself — This same advice also applies to posting your children or grandchildren's full names. Avoid being one of them. Everyone in your trusted circle should know the children's names anyway, so the information is redundant.

Think twice about posting revealing photos and videos — Even if you don't realize it, you may be revealing too much in what appears to be a harmless photo. Photos and videos can also reveal a lot of information unintentionally. Photos and videos can reveal people's identities very easily.

It's important that you have the consent of the subject(s) of any photo or video that you post. Also ask your friends to be considerate of your reputation-being tagged in a compromising photo can be just as damaging to your reputation as if you had posted that photo yourself. Many cameras will embed hidden data (metadata tags), that reveal the date, time, and location of the photo; camera type; etc. Photo and video sharing sites may publish this information when you upload content to their sites.

Turn off your location — This type of information can leave you vulnerable, including to identity fraud or theft. Think carefully before you decide to tell the world exactly where you are or where you've been.

Understand and manage your privacy settings — Find out how to adjust your privacy settings and customize them so that information is shared only in the ways you want it to be. Review and update these settings regularly, since social media sites can change their settings.

Think long term and manage your digital footprint — Don't post anything you wouldn't want everyone to see. Think carefully about the content you want to post online before you post it.

Would you want a potential employer to see those compromising photos? Make no mistake about it — the web is listening every time you use it! It's important that you understand what you're leaving behind when you visit a website.

Close unused accounts and delete your data — Close accounts you don't use anymore and ask the company to delete your data. If you just deactivate the account, your data may remain on the company's servers.

Using a password manager

A password manager relieves the burden of thinking up and memorizing unique, complex logins — the hallmark of a secure password. It allows you to safely share those logins with others when necessary. Password managers are apps for your phone, browser, and desktop that let you remember just one password to unlock your unique passwords for every other site and service. You can download the app and then use it to generate and save new, unique passwords.

  • You do not have to remember all of your passwords.
  • You can have a unique and complex password for each account.
  • You have the option of using Autofill on forms or passwords.

Here are the most popular password managers:

LastPass comes in two different versions – free and premium. Both can generate and store a limitless number of account logins in a secure vault secured by a master password, employ multi-factor authentication, and will even complete online forms for you automatically.

The premium version also syncs across multiple devices, stores passwords for desktop programs, and lets you share secured folders with other people, with customizable permissions.

Dashlane is LastPass's closest competitor, and like LastPass it's completely worth checking out. It features one-click password generation, world-class security, ease of use and the ability to store notes for future reference.

It’s not just a Windows desktop program either, there are browser plugins and mobile versions, and similar to LastPass there's a premium version of Dashlane that includes unlimited sharing and syncing.

Keychain Access is an OS X app that stores your passwords and account information and reduces the number of passwords you have to remember and manage.

When you access a website, e-mail account, network server, or other password-protected item, you may be given the option to remember or save the password. If you choose to save the password, it’s saved in your keychain so you don’t have to remember or type your password every time.

Important: To ensure that passwords and other data stored in your keychain are secure, make sure to set up a login password for your computer.

October is Cybersecurity Awareness Month

This month is a reminder to stay vigilant and protect ourselves from cyber threats. With online activity at an all-time high, safeguarding your data is more important than ever. Computing Services regularly provides information to students, faculty, and staff to help them make safer choices online that will help protect their personal information, data, and networks. 

As we use more and more technology in our daily lives, it increases the opportunities for a cyber-attack. 

How to keep your personal data and devices safe:

Use Multi-Factor Authentication (MFA) – MFA is an additional layer of security that is added to the login process. As part of the University’s efforts to increase cyber security and to protect both institutional and user information online, MFA is required for all Microsoft 365 user accounts. We encourage you to use MFA on other websites and accounts to add an extra layer of protection to your personal information.

Keep your devices and software updated – Always update your devices and apps. Security patches are often included in these updates to fix vulnerabilities. 

Watch out for phishing – Don’t click on links or attachments from unfamiliar emails or messages. Phishing attacks are one of the most common ways hackers gain access to your data.

What to do if you suspect your device has been hacked

University Devices

  1. Disconnect from the network by turning off wifi.  
  2. Contact the CSD Helpdesk immediately to report the issue. They will guide you on the next steps. 
  3. Avoid Using the Device until CSD gives the all-clear. This can prevent further damage or data loss. 

Personal Device

  1. Start by changing your passwords, especially for critical accounts like email, banking, and any accounts linked to the hacked device.
  2. Run Antivirus/Malware Scans: Use reputable antivirus or anti-malware software to scan your device and remove any malicious files.
  3. Keep an eye on your accounts and emails for any unauthorized activity.
  4. Report anything suspicious to the respective platform or service.
  5. If the hack seems severe, a factory reset can remove any deeply embedded malware, but ensure your data is backed up safely before doing so.

Staying cyber-aware is everyone’s responsibility.  

If you become aware of a breach of private data, or a security issue on the University’s computers or networking resources contact CSD Helpdesk: 

  • Submit a help ticket
  • Visit Bennett Building, room 108 at 10 Salem St., Sackville
  • Call (506) 364-2473

It is important to practice good security habits to keep both your personal and university data safe! 

Additional cybersecurity tips
  • Keep your operating system and software up to date.
  • Avoid clicking on links or opening attachments or emails from people you don't know or companies you don't do business with.
  • Do not visit unknown web sites.
  • Only install software from official places like the Apple App Store, Google Play and Microsoft Store.
  • Back up all your files. If your computer is infected with ransomware, recovery may be impossible.
  • Test backups regularly, at least once a month, to ensure data can be restored.
  • If you get a ransomware warning on your computer, please disconnect your computer from the network, by unplugging the cable or disconnecting from Wi-Fi network and contact Computing Services Helpdesk right away.
  • Be mindful of what you are posting on social media.
  • Be careful what you post to social media. It never really goes away.
  • Do not upload anything you wouldn’t want everyone to see.
  • Do not upload or share sensitive information.
  • Never share your password with coworkers, family, friends or strangers – even if it is just for convenience.
  • Have a good password policy of creating long, unique password for each of your accounts.
  • Never use default passwords, and do not use the same password across multiple systems.
  • Be extra cautious when connecting to ‘public Wi-Fi’ such as at café’s/restaurants. They may not be secure.
  • Manage your privacy, iOS or Android.
  • Enable a Pin or Passcode on your mobile device, iOS or Android.
  • Keep your mobile device up to date, iOS or Android.
  • Keep your apps up to date, iOS or Android.
  • Do not open or respond to unknown or unexpected text messages or email.
  • Do not leave your mobile device unattended.
  • Secure your home wireless with a strong password.
Additional resources