How to stay safe online

August 25, 2022

1. Be aware of the latest risks

New threats to information security are being developed every day to attempt to get around the safeguards we have in place. We've included some of the top tips for protecting information below; there are no perfect solutions, but following this advice will reduce the risk.

2. Keep your computer and mobile devices up-to-date

When we visit websites or even just connect to the network, our computers and mobile devices are continually exposed to attacks. The most important step in keeping your devices safe is to ensure they have the latest security updates and patches installed.

  • If you are using devices managed by IT Services, please check with them to ensure that updates are being installed regularly.
  • If you are responsible for managing your own devices, please check that your operating system (e.g. iOS, Android, macOS, Windows, Linux, etc.) and all software are up-to-date. If you are supported by IT staff, we recommend you ask them to manage your devices for increased security. Otherwise, we recommend configuring systems to automatically check and install security updates. 

3. Safeguard your SFU Computing ID and password

Protecting your SFU Computing ID and password are a key step in protecting University systems and information.

  • Enrol your SFU computing account in Multi-Factor Authentication (MFA); MFA have been required for all accounts since 2021.
  • Use unique, hard-to-guess passwords for each of your online accounts, including your SFU computing account.
  • Use a different password for your central SFU computing account. If you use the same password for other online accounts, the community becomes vulnerable to a security breach.
  • If you suspect a password may have been compromised, change it immediately and never use it again.
  • You may find using a password manager helpful to securely manage the passwords for your online accounts.
  • Don't share your SFU passwords with anyone; you are responsible for the activities of your account.
  • Lock the screen of your computer and mobile devices when not in use, and keep them safe from physical theft.

4. Know how to identify phishing attempts

Many attacks come through email, called email scams or phishing, and can often come with attached documents or links to websites that can compromise your computer or mobile device.

  • Keeping your devices up-to-date can protect from these attempts but it's better if you don't click on the links or open unfamiliar emails or attachments.
  • Some attacks will attempt to trick you into revealing information such as passwords; for further information including how to report these attacks, see our page on phishing scams.
  • Be especially wary of external links and unknown email addresses.
  • Check source and destination email addresses before replying; you may not be replying to the person you think.
  • Secure links (HTTPS) help to protect privacy across the network and offer some assurance if you also check the link carefully, but they are not a guarantee of safety.
  • When sharing broad communications with others, avoid including links if possible. If you have to include a link, link to the site directly and use HTTPS.

5. Follow established financial procedures carefully

Some attacks target vulnerabilities in our business practices rather than vulnerabilities in technology.

  • Be wary of unusual requests, in particular if they are related to purchases.
  • Question requests that do not align with standard SFU processes.

6. Use recommended resources and tools rather than untested services

Working remotely pressures us to adopt to new ways of working, but untested services may introduce unnecessary risk.

  • Untested services may not be secure, or may not be compliant with privacy laws.
  • It is better to make gradual changes to adopt existing resources and tools to new ways of working.

7. Back up your data safely

Some attacks will attempt to encrypt or delete your data, then request a ransom to return it. If you have a safe backup of your data you will be less vulnerable to this kind of attack.

  • Do not download production data to workstations.
  • If you are using devices managed by IT Services, please check with them to ensure that your data is being backed up safely.
  • Many non-SFU storage services (e.g. Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc.) may not be compliant with privacy laws.
  • If you use an external hard drive, remember to disconnect it when you are not using it and keep it physically safe so that it is not attacked as well.
  • Configure your computer, mobile devices, and drives to be safely encrypted. This will protect the data if they are stolen, and will make it easier to dispose of an old device or drive as modern storage is almost impossible to erase securely.

We hope that these these tips have been helpful; for further information, please review the linked web pages or contact us using the Get Help button above.

8. Use SFU VPN to secure your remote connection

SFU's Virtual Private Network (VPN) is a way for faculty and staff to remotely connect to SFU's internal network using a secure (encrypted) and private connection. This service also provides access to SFU systems that are typically inaccessible while working remotely.