IT Security FAQ

Click on any question below to view the answer, or email your own questions to cybersecurity@ufv.ca

What is information security?

Information security is the practice of protecting information and systems from unauthorized disclosure, modification, and destruction. It encompasses the security of all IT resources, including both University information and the IT devices that access, process, store, or transmit it.

University data is any data for which UFV is accountable. Included is any data relevant to the administration (student and employee records, financial data) and day-to-day function (teaching, research, and service) of the University.

Systems/IT Devices are any electronic device (desktop or laptop computer, phone, tablet, etc.) used to access, process, store, or transmit University information, and that uses the University's IT infrastructure, including the University network. 

 

What is sensitive data? Why does it matter, and how can I protect it?

Proper data management is the responsibility of every University employee; you are responsible for any University information to which you have access. Properly managing the data in your care will help protect you, the University, and the community from data-related theft and harm. Improper data management can lead to identity theft, reputational harm, lawsuits, and extremely expensive damages. The goal of data management is to appropriately manage these risks without impairing University operations.

 

How do I know whether I have sensitive data?

Sensitive data is any data that could compromise integrity or confidentiality. For example, academic or financial records, address and contact information, or files relating to medical concerns. It must be protected from unauthorized access to safeguard the privacy and security of our students, staff, faculty, alumni, and UFV as an organization. In many cases, sensitive data is hidden in larger data sets or files. 

 

Manage data safely

It's easy to get in the habit of incorporating safe data management into your workplace routine. Knowing what kinds of data you use, as well as how and where you use them, is the first step. Once you determine what data you have and where it's stored, you can protect it by archiving, encrypting, or erasing it as appropriate.

For sensitive University information:

  • If you still need the information, but don't need to store it only on your device (and want to access it anywhere), store it on your home drive or department network drive.
  • If you need the information and it must be stored locally on your device, encrypt it.
  • If you no longer need the information, erase it from your device.

You can apply the same principles to your personal information. If you don't need to store records like old tax returns, bank statements, or other records on your computer or other devices, you can store them on an encrypted flash drive or external hard drive and then securely delete them from your device. You should also encrypt any files that you choose to keep on your device (and encrypt the device itself with whole disk encryption).

How do SPAM and phishing impact me/UFV?

SPAM, phishing, and other scam messages come with real risk and impact. 

Risks:

  1. Leakage of sensitive information - Phishers will disguise themselves as known individuals of victims (e.g. senior management) or trustworthy institutions (e.g. banks) to lure victims to give out their sensitive information such as account names, passwords, and identity information. Phishers may further use this sensitive information for malicious purposes (e.g., identity theft) or sell them to third parties.
  2. Malware infections - Links or attachments in phishing emails or phishing websites may contain malware (e.g. key-logger, ransomware, and cryptocurrency mining malware). If users click these links or open these attachments, their devices may get infected, which may lead to data leakage, data loss, or other financial loss.

Impacts:

  1. Financial loss - With the sensitive information obtained from victims, phishers can carry out transactions (such as transferring your money to their accounts). Business operations can be disrupted due to the time needed to respond to incidents or fix an infected device. 
  2. Reputational loss - Phishers can further make use of information obtained from victims to send blackmail, intimidate victims’ contacts or even perform illegal activities (e.g. stealing confidential data), causing legal and liability problems. As for an organization being attacked, it may suffer reputation damage to its brand, and its clients may move their business elsewhere due to losing trust in the organization in safeguarding their data.
  3. Intellectual property theft - Intellectual property, including the products of faculty, staff, and student research and scholarship, is crucial to our community. With the information obtained from victims, phishing attacks can lead to theft of intellectual property which can represent millions in research and development costs.

 

How can I protect my UFV student or employee email account?

Choosing a strong and secure password is the first step in securing your accounts. Secure passwords have the following characteristics:

  • Can't be easily guessed
  • Is not common
  • Does not contain your name, address, username, email, or other personal details about yourself/your family
  • Is only known by you

View our tips for creating strong passwords here. Consider using a password manager to keep your passwords safe.

Never click links or download attachments from emails that look suspicious. To learn more about how to identify suspicious emails, click here

For more information on protecting yourself and your devices, click here

 

Frequently Asked Questions


I received a weird email/message/phone call, what do I do?

We are here to help if you receive something that you are not sure about. 

Report suspicious email and other communications to phishreport@ufv.ca. If it was an email, please forward the original email you received with your report so that we can investigate the source.

For all other general inquiries, please contact cybersecurity@ufv.ca


I think I have a virus/malware on my device. What do I do?

Students:

If you are a student who is registered for the current running semester, our Student Device Support program offers virus and malware removal. For more information on the program (where to go, what you need), click here

If you are not currently registered, you can take advantage of this program when you are. You can also refer to our tips and guidance on protecting your devices

Faculty & Staff:

For UFV provided devices such as UFV phones, workstations, and laptops, contact the IT Service Desk for assistance with virus and malware detection and removal. You can log in to create your ticket, email at itservicedesk@ufv.ca or phone at 604-864-4610 (toll-free: 1-888-504-7441, ext. 4610). Be ready to provide your workstation ID. 

For personal device support, please refer to our tips and guidance on protecting your devices.


I'm confused by some of the words and terminology on these pages. What resources are there available?

We have a glossary of common IT Security terms here. There is also a guide on the different kinds of viruses and malware here

If you would like clarification or additional information about any of these topics or terms, please don't hesitate to ask us. Email us at cybersecurity@ufv.ca.


 

Details

Article ID: 528
Created
Thu 5/14/20 10:54 AM
Modified
Mon 7/6/20 10:12 AM