Facebook logo
Facebook logo Twitter logo Instagram logo Snapchat logo YouTube logo Wordpress logo

IT Security

Adopting IT Security best practices can keep you safe while using the Internet. You’ll be taking steps to protect not only your personal information but also Douglas College’s data. That means there will be less possibility of putting yourself and the College at risk.

 

Tips to be safe online

  • Keep your devices updated with the most recent versions of an operating system and antivirus software.
  • Keep your devices and Wi-Fi network password-protected.
  • Use different passwords/passphrases for different websites.
  • Don’t share your College Network Access (CNA) credentials and other passwords with others.
  • Don't download from suspicious or unknown sources.
  • Don't click links or open attachments without checking whether they're safe. Check the safety of a link before you click on it by using VirusTotal, a free antivirus tool.

    NOTE: VirusTotal does not guarantee a site’s safety – always use your judgement when clicking links and visiting websites.

  • Look for website links beginning with https over http. The “s” at the end of https stands for secure, this ensures your data is transmitted through secure channels.

    NOTE: This does not mean where your data is going to is safe. Always use your judgement when providing personal or financial information online.

  • Connect only to external Wi-Fi networks you trust and never shop or bank on public networks.
  • Turn off Wi-Fi, Bluetooth, camera and location services on your mobile when not in use.
  • Enable multi-factor authentication for your accounts whenever possible.
  • Delete old, unused software applications from your devices.

By following these tips, you can greatly reduce your cybersecurity risks. Keep in mind that these tips don’t guarantee your cybersecurity. Always be cautious and use your judgement when you’re online.

More information can be found on Get Cyber Safe and Tips for Online Safety 2017.

How to protect your confidential information

Passwords

Make sure your password is at least 15 characters long. A strong password uses at least 3 of the following:

  • lower case letters
  • UPPER CASE LETTERS
  • 1234567890 (numbers)
  • !@#$%^&*()_+=~`. (special characters)

The more types of characters you use, the stronger your password. Don’t use dictionary words. Even longer passwords using regular dictionary words can be easy to crack.

Passphrase

Having a strong password is fundamental to protect your information online. But the best option is to create a passphrase instead. Passphrases are sequences of words that may contain mixed case, numbers and punctuation. They’re longer than passwords, but easier to remember because you can associate them with a situation that’s familiar to you, e.g., NeverWent2->Bali! or BeentoGreece.2o04 — these examples would take over 45 thousand years to crack!

Take the Password Test to validate the strength of your password or passphrase.

Phishing

Phishing is a practice used by cybercriminals to trick Internet users into revealing confidential information or installing malicious software. Malicious emails may also attempt to blackmail users into paying the criminals a ransom. In spear-phishing an attacker’s email is specifically targeted at groups, for example, our college. The email may appear to be coming from a Douglas College student or coworker and contains text that appears to be college related. Hackers want you to click a link or open an email attachment that will give them access to your computer and, consequently, the ability to steal information from you or the organization whose network you’re using. Sometimes they just want you to reply to their message to allow them to build their attack platform. They try to convince you to take action immediately. To identify a phishing email, look for:
  • Poor grammar and spelling, but not always
  • Perfect grammar and spelling, but the content of the message seems odd or out of character for the sender to send
  • A sender with an external email address claiming to be from an internal address
  • Attachments in any format, including visible and invisible images – always ask yourself if you were expecting an email of that nature
  • Urgent or threatening language in the email’s subject line, prompting an action from you

The Most-Clicked Email subject Lines

  1. Password Check Required Immediately
  2. Security Alert
  3. Change of Password Required Immediately
  4. A Delivery Attempt was made
  5. Urgent press release to all employees

ATTENTION: Douglas College will never ask for passwords by email. If you receive a phishing email in your College email address, don’t click any links or open any attachments. Instead, send a copy to the CEIT Service Desk to report the phishing attempt.

Spam

Spam is the practice of sending unsolicited emails to a large number of recipients who never provided their email addresses to the sender. Some spammers (people who send spam) make the “From” field in the email look like it came from your email address, so they get past spam filters. They want you to click a link to try to sell you products. Spammers often get paid by the company selling those products based on the number of people clicking the link, and based on email accounts verified as active. Never reply, otherwise you’ll confirm that your account is active. The best attitude is to delete any spam.

Questions? Contact the CEIT Help Desk