As a member of the University of Toronto’s administrative staff you keep the university going. In doing this, you are responsible for the personal data of thousands of students and staff. Learn how to protect the university’s privacy and data with our custom-made educational content.
Your Work Space
Maintaining a secure digital and physical work space is an integral part of keeping your data secure.
Working Off-Site Security Considerations
What you need to know
Clean Desk Is Best
At the end of your work day, put away any files that may contain confidential data in a locked cabinet. Your desk should always be clear of any documents, USBs or hard drives. They belong behind a locked door or secured within a cabinet when you are not present.
Mobile Work Spaces
When working remotely or in public, remain vigilant and do not to leave your devices and documents unattended. Protect your private information by avoiding public Wi-Fi connections and concealing your screen from shoulder surfers.
Carrying Data on USBs and Mobile Devices
If working off-site, follow the security requirements for confidential information. All information that is not officially designated as public is considered confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information, etc. To protect this information, it is important to keep this data on encrypted devices, and ensure their physical safety by locking them away when possible and never leaving them unattended.
Your Hardware and Software
If you are managing your own devices and computers, ensuring your hardware and software is up to date is critical to keeping them secure. Hardware and software updates do not only address known operational bugs, but also patch security gaps identified by the vendor. Users who have managed desktops at U of T will have their hardware and software upgraded on regular basis by their support team.
Safe Account & Password Management
Proper account and password management is the key to your online security.
Learn more about safe password practices
What you need to know
Keep Passwords Strong
The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.
Use More Than One
Avoid using the same password for all of your accounts. Try to diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.
Never Share Your Password
The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.
Your Digital Footprint
Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.
Self-Serve Password Reset
Did you know that U of T offers a self-serve password reset tool for your UTORid account? Once registered, you can reset your password via SMS or alternate email.
Managing Your UTORid Account & Password
This is where you can sign-up for the self-serve password reset tool, change your password, review your spam filters and more.
Phishing & Identity Theft
A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.
Learn more about phishing here
What you need to know
Same trick, different types
Phishing attacks can take many forms, including fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.
They Always Seem Urgent!
These messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information because they haven’t had the time to question their actions.
They Are Unexpected
The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.
Easily Spoofed
The message claims to be from the University but the sender’s email, upon further inspection, is incorrect or odd.
Bad Grammar and Spelling
Phishing messages often contain multipel spelling and gammatical errors. Did you spot them here?
Anatomy of a Phishing Email
You can become an expert in identifying phishing and spam emails. Check out the Anatomy of a Phishing Email and never be fooled again!
Securing Your Data While Travelling
Whether you are travelling between campuses, office and home, or exploring the world, the data you carry with you needs to stay secure.
Watch a video: Travel Security in 2 Minutes
Working Offsite Security Considerations
What you need to know
Encryption
Encryption is just a fancy way of saying “securing your data really well!” Learn the basics around encryption, including how to use it and when to use it.
Securing Devices
Ensure all your devices are password protected. Do not leave your devices on your desk when you are not in your office or away from your work space. Encrypt portable hard drives and USB sticks which contain confidential data.
Data While in Transit
Review “Working Off-Site Security Considerations” before travelling with data. Take a moment to consider if you have authorization to carry the data in question and if it is necessary to carry it with you off-site. If you are required to carry the data, review encryption options for your devices to protect the data.
The Dangers of Free Wi-Fi Services
Free Wi-Fi access points in coffee shops, airports and hotels may seem appealing, but they leave your private information and your devices vulnerable to piggy-backing hackers. Think twice before conducting private business on your devices while connected to a free Wi-Fi connection.