Be aware and stay safe.
Risks are changing rapidly, whether to physical health and safety or to the security of information. New threats to information security are being developed every day to attempt to get around the safeguards we have in place. We've included the top tips for protecting information below; there are no perfect solutions, but following this advice will reduce the risk.
Ensure your computer and mobile devices are kept up-to-date.
When we visit websites or even just connect to the network, our computers and mobile devices are continually exposed to attacks. Perhaps the most important step in keeping your devices safe is to ensure they have the latest security updates and patches installed.
- If you are using devices managed by information technology (IT) staff, please check with them to ensure that updates are being installed regularly.
- If you are responsible for managing your own devices, please check that your operating system (e.g. iOS, Android, macOS, Windows, Linux, etc.) and all software are up-to-date. If you are supported by IT staff, we recommend you ask them to manage your devices for increased security. Otherwise, we recommend configuring systems to automatically check and install security updates.
Safeguard your SFU Computing ID and password.
Some attacks attempt to learn your passwords to gain access to systems. Protecting your SFU Computing ID and password are a key step in protecting University systems and information.
- Enrol your SFU computing account in Multi-Factor Authentication (MFA); MFA will be required for all accounts in 2021.
- Use unique, hard-to-guess passwords for each of your online accounts, including your SFU computing account.
- Use a different password for your central SFU computing account. If you use the same password for other online accounts, we are vulnerable if they have a security breach.
- If you suspect a password may have been compromised, change it immediately and never use it again.
- You may find using a password manager helpful to securely manage the passwords for your online accounts.
- Don't share your SFU passwords with anyone; you are responsible for the activities of your account.
- Lock the screen of your computer and mobile devices when not in use, and keep them safe from physical theft.
Be wary of links and attachments in emails.
Many attacks come through email, often with attached documents or links to websites that attempt to compromise your computer or mobile device.
- Keeping your devices up-to-date can protect them, but it's better still if you don't click on the links or open the attachments.
- Some attacks will attempt to trick you into revealing information such as passwords; for further information including how to report these attacks, see our page on phishing scams.
- Be especially wary of external links and unknown email addresses.
- Check source and destination email addresses before replying; you may not be replying to the person you think you are.
- Secure links (HTTPS) help to protect privacy across the network and offer some assurance if you also check the link carefully, but they are not a guarantee of safety.
- When sharing broad communications with others, avoid including links if possible. If you have to include a link, link to the site directly and use HTTPS.
Follow established financial procedures carefully.
Some attacks target vulnerabilities in our business practices rather than vulnerabilities in technology.
- Be wary of unusual requests, in particular if they are related to purchases.
- Question requests that do not align with standard SFU processes.
Use recommended resources and tools rather than untested services.
Working remotely pressures us to adopt to new ways of working, but untested services may introduce unnecessary risk.
- Untested services may not be secure, or may not be compliant with privacy laws.
- It is better to make gradual changes to adopt existing resources and tools to new ways of working.
Back up your data safely.
Some attacks will attempt to encrypt or delete your data, then request a ransom to return it. If you have a safe backup of your data you will be less vulnerable to this kind of attack, or to another problem making your devices unusable.
- Do not download production data to workstations.
- If you are using devices managed by IT staff, please check with them to ensure that your data is being backed up safely.
- Many non-SFU storage services (e.g. Dropbox, Google Drive, Microsoft OneDrive, Apple iCloud, etc.) may not be compliant with privacy laws.
- SFU Vault is a highly versatile storage service hosted at SFU and may be a safe way to keep a backup of your data. For more information, see our page on SFU Vault.
- If you use an external hard drive, remember to disconnect it when you are not using it and keep it physically safe so that it is not attacked as well.
- Configure your computer, mobile devices, and drives to be safely encrypted. This will protect the data if they are stolen, and will make it easier to dispose of an old device or drive as modern storage is almost impossible to erase securely.