As a member of the University of Toronto’s administrative staff you keep the university going. In doing this, you are responsible for the personal data of thousands of students and staff. Learn how to protect the University’s privacy and data with our custom-made educational content.

Your Work Space

Maintaining a secure digital and physical work space is an integral part of keeping your data secure.

Working Off-Site Security Considerations

What You need to know

  • Clean Desk Is Best

    At the end of your work day, put away any files that may contain confidential data in a locked cabinet. Your desk should always be clear of any documents, USBs or hard drives. They belong behind a locked door or cabinet when you are not present.

  • Mobile Work Spaces

    When working remotely or in public, remain vigilant and do not to leave your devices and documents unattended. Protect your private information by avoiding public WiFi connections and concealing your screen from shoulder surfers.

  • Carrying Data on USBs and Mobile Devices

    If working off-site, follow the security requirements for confidential information. All information that is not officially designated as public is considered confidential, including information about identifiable individuals, student records, grades, HR records, non-public financial information, etc. To protect this information, it is important to keep this data on encrypted devices, and ensure their physical safety by locking them away when possible and never leaving them unattended.

  • Your Hardware and Software

    If you are managing your own devices and computers, ensuring your hardware and software is up to date is critical to keeping them secure. Hardware and software updates do not only address known operational bugs, but also patch security gaps identified by the vendor or other users. Users who have managed desktops at U of T will have their hardware and software upgraded on regular basis by their support team.

Safe Account & Password Management

Proper account and password management is the key to your online security.

Learn more about Safe Password Practices

What You need to know

  • Keep Passwords Strong

    The best way to protect your accounts is to always use strong, complex passwords. This means using long passwords or passphrases (up to 32 characters) or shorter, highly complex passwords.

  • Use More Than One

    Avoid using the same password for all of your accounts. Try and diversify your passwords while still making them memorable. Using one password for all accounts increases your chances of being hacked across your entire online digital footprint.

  • Never Share Your Password

    The University does not need to know your password, nor does your bank or any other institution. Your password is your personal key, never share it with anyone, no matter how convincing they sound when they ask for it.

  • Your Digital Footprint

    Keep track of how many accounts you have online and delete old, dormant and unused accounts. Your digital footprint should be well managed and kept up to date. Schedule an annual spring cleaning day for your online house.

  • Self-Serve Password Reset

    Did you know that U of T offers a self-serve password reset tool for your UTORid account? When you register, you can reset your own password if you have forgotten it via SMS or alternate email.

    Register Today!

  • Managing Your UTORid Account & Password

    This is where you can sign-up for the self-serve password reset tool, change your password, and review your spam filters and more.

    Go to the UTORid Account page

Phishing & Identity Theft

A phishing attack is when a cyber criminal attempts to deceive a user into divulging sensitive information.

Phishing Bowl

What You need to know

  • Same trick, different types

    Phishing attacks can take many forms, including fraudulent emails with a general message (often sent en masse), messages that appear to be from your contacts, text messages, phone calls or targeted, high profile scams.

  • They Always Seem Urgent!

    These messages often demand an action take place immediately or within a short time frame. This is a common tactic: when a user is rushed they are more likely to divulge secure information because they haven’t had the time to question their actions.

  • They Are Unexpected

    The message is unprompted. If you weren’t expecting a message from this company or individual, be wary.

  • Easily Spoofed

    The message claims to be from the University but the sender email, upon further inspection, is incorrect or odd.

  • Bad Grammar and Spelling

    Phishing messeges often contain multipel spelling and grammatical errors. Did you spot them here?

  • Anatomy of a Phishing Email

    You can become an expert in identifying phishing and spam emails. Check out the Anatomy of a Phishing Email and never be fooled again!

Securing Your Data While Travelling

Wether you are travelling between campuses, office and home, or transversing the world, the data you carry with you needs to stay secure.

What You need to know

  • Encryption

    “Encryption” is just a fancy way of saying “securing your data really well!” Learn the basics around encryption, how to use it and when to use it.

  • Securing Devices

    Ensure all your devices are password protected. Do not leave your devices on your desk when you are not in your office or away from your work space. Encrypt potable hard drives and USB sticks which contain confidential data.

  • Data While in Transit

    Review “Working Off-Site Security Considerations” before travelling with data. Take a moment to consider if you have authorization to carry the data in question and if it is necessary to carry it with you off-site. If you are required to carry the data, review encryption options for your devices to protect the data.

  • The Dangers of Free WiFi Services

    Free WiFi access points in coffee shops, airports and hotels may seem appealing, but they leave your private information and your devices vulnerable to piggy-backing hackers. Think twice before conducting private business on your devices while connected to a free WiFi connection.