Staff Resources


As a member of the University of Toronto’s administrative staff you keep the university going. In doing this, you are responsible for the personal data of thousands of students and staff. Learn how to protect the university’s privacy and data with our custom-made educational content.

Your Work Space

Maintaining a secure digital and physical work space is an integral part of keeping your data secure.

Working Off-Site Security Considerations

What you need to know

Clean Desk Is Best

At the end of your work day, put away any files that may contain confidential data in a locked cabinet. Your desk should always be clear of any documents, USBs or hard drives. They belong behind a locked door or secured within a cabinet when you are not present.

Mobile Work Spaces

When working remotely or in public, remain vigilant and do not to leave your devices and documents unattended. Protect your private information by avoiding public WiFi connections and concealing your screen from shoulder surfers.

Carrying Data on USBs and Mobile Devices

If working off-site, follow the security requirements for confidential information. All information that is not officially designated as public is considered confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information, etc. To protect this information, it is important to keep this data on encrypted devices, and ensure their physical safety by locking them away when possible and never leaving them unattended.

Your Hardware and Software

If you are managing your own devices and computers, ensuring your hardware and software is up to date is critical to keeping them secure. Hardware and software updates do not only address known operational bugs, but also patch security gaps identified by the vendor. Users who have managed desktops at U of T will have their hardware and software upgraded on regular basis by their support team.


Safe Account & Password Management

Proper account and password management is the key to your online security.

Learn more about safe password practices

What you need to know

Keep Passwords Strong

The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

Use More Than One

Avoid using the same password for all of your accounts. Try to diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

Never Share Your Password

The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

Your Digital Footprint

Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.

Self-Serve Password Reset

Did you know that U of T offers a self-serve password reset tool for your UTORid account? Once registered, you can reset your password via SMS or alternate email.

Register Today!

Managing Your UTORid Account & Password

This is where you can sign-up for the self-serve password reset tool, change your password, review your spam filters and more.

Go to the UTORid Account page


Phishing & Identity Theft

A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.

Learn more about phishing here

The Anatomy of a Phishing Email

What you need to know

Same trick, different types

Phishing attacks can take many forms, including fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

They Always Seem Urgent!

These messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information because they haven’t had the time to question their actions.

They Are Unexpected

The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

Easily Spoofed

The message claims to be from the University but the sender’s email, upon further inspection, is incorrect or odd.

Bad Grammar and Spelling

Phishing messages often contain multipel spelling and gammatical errors. Did you spot them here?

Anatomy of a Phishing Email

You can become an expert in identifying phishing and spam emails. Check out the Anatomy of a Phishing Email and never be fooled again!


Securing Your Data While Travelling

Whether you are travelling between campuses, office and home, or tranversing the world, the data you carry with you needs to stay secure.

Watch a video: Travel Security in 2 Minutes
Working Offsite Security Considerations

What you need to know

Encryption

“Encryption” is just a fancy way of saying “securing your data really well!” Learn the basics around encryption, including how to use it and when to use it.

Securing Devices

Ensure all your devices are password protected. Do not leave your devices on your desk when you are not in your office or away from your work space. Encrypt portable hard drives and USB sticks which contain confidential data.

Data While in Transit

Review “Working Off-Site Security Considerations” before travelling with data. Take a moment to consider if you have authorization to carry the data in question and if it is necessary to carry it with you off-site. If you are required to carry the data, review encryption options for your devices to protect the data.

The Dangers of Free WiFi Services

Free WiFi access points in coffee shops, airports and hotels may seem appealing, but they leave your private information and your devices vulnerable to piggy-backing hackers. Think twice before conducting private business on your devices while connected to a free WiFi connection.