Adopting IT Security best practices can keep you safe while using the Internet. Take steps to minimize risks and to protect not only your personal information but also Douglas College’s data.
Tips for online safety
- Keep your devices updated with the most recent versions of operating systems and antivirus software.
- Keep your devices and Wi-Fi network password-protected.
- Use different passwords/passphrases for different websites.
- Do not share your College Network Access (CNA) credentials and other passwords.
- Do not download from suspicious or unknown sources.
- Do not click links or open attachments without checking whether they are safe. Use VirusTotal, a free antivirus tool, to check the safety of a link. NOTE: VirusTotal does not guarantee a site’s safety – always use your best judgement
- Look for website links beginning with https over http. The “s” at the end of https stands for secure, ensuring data is transmitted through secure channels. NOTE: This does not mean where your data is going to is safe. Always use your judgement when providing personal or financial information online.
- Turn off Wi-Fi, Bluetooth, camera and location services on your mobile when not in use.
- Enable multi-factor authentication for your accounts whenever possible.
- Delete old, unused software applications from your devices.
By following these tips, you can greatly reduce your cybersecurity risks.
Make sure your College password/PIN is at least 10 characters long and uses a combination of at least three of the following:
- lower case letters
- UPPER CASE LETTERS
- 1234567890 (numbers)
- !@#$%^&*()_+=~`. (special characters)
The best option for a strong password is to create a passphrase instead. Passphrases are sequences of words that may contain mixed case letters, numbers and punctuation. They are longer than passwords, but easier to remember because you can associate them with a situation that’s familiar to you, e.g., IamaStarTrekFan->LiveLong&Prosper! or Kierkegaard.in.Denmark.1813 — these examples would take thousands of years to crack!
Take the Password Testto validate the strength of your password or passphrase.
Found USBs can contain viruses and/or malware; when plugged into a device it can give online attackers access to the College network and to your personal information.
If you find a USB on campus, do not plug it in to your devices, instead turn it into campus security. If you see a USB that isn’t yours plugged in to a desktop, remove the USB and restart the computer. Take all found USBs to campus security.
How to protect your confidential information
- Password protect (encrypt) your USB devices
- How to encrypt an external USB drive using BitLocker in Windows
- How to encrypt an external USB drive using Disk Utility in MacOS
Open networks leave your data at risk. Connect only to external Wi-Fi networks you trust; never shop or bank on public networks. If you are studying or visiting a partner institution, Douglas students and employees have access to secure, free Wi-Fi through the Eduroam network.
Phishing is a practice used by cybercriminals to trick internet users into revealing confidential information or installing malicious software. Malicious emails may also attempt to blackmail users into paying the criminals a ransom. An attacker’s email may target groups, for example, the college. The email may appear to be coming from a Douglas College account and contains text that appears to be college related. Hackers want you to click a link or open an email attachment that will give them access to your computer and allow them to steal information. They try to convince you to take action immediately.
To identify a phishing email, look for:
- Poor grammar and spelling, but not always
- Perfect grammar and spelling, but the content of the message seems odd or out of character for the sender to send
- A sender with an external email address claiming to be from an internal address
- Attachments in any format, including visible and invisible images – always ask yourself if you were expecting an email of that nature
- Urgent or threatening language in the email’s subject line, prompting an action from you
The Most-Clicked Email Subject Lines
- Password Check Required Immediately
- Security Alert
- Change of Password Required Immediately
- A Delivery Attempt was made
- Urgent press release to all employees
ATTENTION: Douglas College will never ask for passwords by email. If you receive a phishing email in your College email address, don’t click any links or open any attachments. Instead, send a copy to the CEIT Service Desk to report the phishing attempt.
Spam is the practice of sending unsolicited emails to a large number of recipients who never provided their email addresses to the sender. Some spammers make the “From” field in the email look like it came from your email address to get past spam filters. They want you to click a link to try to sell you products. The best action to take is to delete anything that looks like spam.
Questions? Contact the CEIT Service Desk