Security Matters

Back to top  |  Take the quiz in Microsoft Forms

Did you miss Trivia Week 3? Play now: securitymatters.utoronto.ca/trivia-week-3

The recent shift to remote working during the COVID-19 pandemic has also caused a spike in malicious online targeting. Practising safe cyber security is more important than ever. To help inspire and assist others in using caution while working online, Information Technology Services (ITS) teams across the tri-campus shared their tips and habits about how to practise cyber security while working remotely.

We asked: “How are you, personally, and your team collectively practicing cyber security while you work remotely?” This is what we heard back…

Tip #1:

I work on a desktop device that is not used by any other member of my family.

Tip #2:

The device I work on is patched and updated to the most recent operating system.

Tip #3:

I use the UTORvpn service when connecting to sensitive University of Toronto (U of T) services.

Tip #4:

I use the UTORMFA service and do not set the ‘remember’ option.

Tip #5:

I run a regular backup of my remote device.

Tip #6:

I do not download sensitive information to my remote device; instead I work on documents stored in O365.

Tip #7:

Our team uses O365 services to share documentation. Also, we use send.utoronto.ca to share sensitive docs with non-U of T destinations.

Tip #8:

I use a webcam cover on my devices when not using video.

Tip #9:

Be careful when sharing URLs to webinars and meetings with external parties. Use guest functions properly.

Tip #10:

I recommend using the Canadian Internet Registration Authority (CIRA) Canadian Shield, a free DNS firewall service that provides online privacy and security.

 

For more tips and resources, visit the Remote Security Matters page.

Microsoft (MS) Teams users should be weary of an impersonation phishing attack that is currently circulating. The attack mimics message notifications from the popular communication platform in order to steal Office 365 credentials from unsuspecting users.

The phishing email is usually sent from the display name, “There’s new activity in Teams,” which gives the appearance of a legitimate automated notification from the MS Teams platform. The email falsely notifies the recipient that they have unread messages and prompts them to respond by clicking on the “Reply in Teams” button embedded in the email.

The user is then taken to a fake Microsoft login page where they are prompted to enter their credentials before being able to view the message. These fake Microsoft login pages are said to be well-crafted and therefore very convincing to the end user. Some have even been reported to contain the name “microsftteams” in the URL.

Users can protect themselves from this attack by:

• Not clicking on link/button in the email if you are unsure. Instead, go directly to the MS Teams app, or log into Teams via your web browser, to read any messages. If the message in the app or browser does not replicate the message notification received by email, then it is highly likely the email was a phishing attempt.
• Ensuring multi-factor authentication (MFA) is set up for their Office 365 account; for University of Toronto faculty and staff, this is UTORMFA. For more information on how to set up UTORMFA, please visit: https://isea.utoronto.ca/services/utormfa/.

If you suspect you have received a phishing email like the one described here, please report it to report.phishing@utoronto.ca.

The University of Toronto (U of T) community has access to a variety of resources and educational materials on the topic of cyber security. Staff, faculty and students are encouraged to use these resources to help spread awareness and educate themselves on cyber security best practices for their workspace (at home or in the office), classroom or academic space.

Interested parties can access this collection of digital materials on the Security Matters Resource page to download quick facts, tip sheets, PowerPoint templates and other shareable, printable materials. Included in this collection are Cyber Security Awareness Month (CSAM) 2020 resources from U of T and the Ministry of Government and Consumer Services.

The growing resource collection covers fundamental cyber security best practices such as:

• Best practices for keeping your devices secure
• Safe account and password management
• Phishing and identity theft awareness
• Managing your digital footprint
• Setting up your social media privacy settings
• Maintaining a secure digital and physical workspace
• Securing your data while travelling

Browse through the defined sections in the navigation tab for specific resources:

For more information on how you can incorporate these resources into your personal and work life, find us at securitymatters.utoronto.ca.

Back to top  |  Take the quiz in Microsoft Forms

Did you miss Trivia Week 2? Play now: securitymatters.utoronto.ca/trivia-week-2

If you have ever banked or shopped online, you may already be familiar with MFA — or two-factor authentication (2FA). MFA is a security enhancement that requires two different credentials before granting users access to an account (i.e., your password paired with a code sent to your mobile phone).

Now, a new MFA service — called UTORMFA — is available to University of Toronto (U of T) faculty, researchers, librarians and staff across the tri-campus community. It offers an extra layer of protection to accounts and data as well as enhances the institution’s overall cyber security posture. (See full list of benefits below).

In the context of U of T, MFA is currently in use in the form of an eToken to access HR and financial systems.

How to self-enrol in UTORMFA
U of T faculty, researchers, librarians and staff across the tri-campus community are invited to self-enroll in UTORMFA. For instructions, visit: enroll.utormfa.utoronto.ca/enroll.

Play UTORMFA BINGO!
Test your campus security skills/knowledge and learn more about how UTORMFA can protect your accounts by playing the new UTORMFA BINGO game! When you complete a line, you are entered for a chance to win one of five $50 Amazon gift cards. Play now!*
*This contest is now closed.

UTORMFA benefits
Overall, UTORMFA benefits include:

• Extra security against weak/compromised passwords: In the event that an account(s) is compromised (i.e., hackers gain access to login credentials), UTORMFA will ensure attackers won’t be able to complete the second login step, preventing unauthorized access to account(s).
• Protection against cyber-attack financial losses: According to IBM Security’s 2020 Cost of a Data Breach Report, data breach incidents cost companies $3.86 million per breach on average.
• Potential for future technical innovations: Looking ahead, strengthening the University’s overall security posture will also result in more flexible implementations of new business processes and infrastructure solutions for the future

 

Take a look at the MFA infographic.

For more information, visit the UTORMFA website.

Back to top  |  Take the quiz in Microsoft Forms

Did you miss Trivia Week 1? Play now: securitymatters.utoronto.ca/trivia-week-1

Working from home — or WFH as it’s become known — is the new reality for many in the University of Toronto (U of T) tri-campus community. According to data collected in March 2020, 99 per cent of Information Technology Services (ITS) staff were successfully WFH.

Since March, the ITS team has worked tirelessly to provide support and solutions to the entire University community to ensure WFH is accessible, comfortable and successful for everyone.

Here is a list of resources that can assist with your WFH technical needs while navigating this time as a mobile workforce.

ITS Preparedness page

The ITS preparedness page is your one-stop shop for technical FAQs related to WFH. It is organized in well-defined sections such as “phone” and “internet connectivity.” Find answers on how and when to secure virtual private network (VPN) to accessing remote desktop protocol (RDP) and everything in between. It also offers links to ITS news, best practise checklists, security resources and network usage graphs.

Remote Security Matters

The Information Security team recently launched a new page on the Security Matters website called Remote Security Matters. Review this page for information on how to create a “cyber secure home” and protect yourself from WFH-specific risks. Be sure to check back regularly as this page is continuously updated.

Video conferencing options

Trying to figure out the best platform for your meeting, conference or event? The Academic & Collaborative Technologies (ACT) team has put together a comprehensive list of U of T-supported webinar and video conferencing solutions. Visit: enterprise video-conferencing and video meeting resources.

Microsoft Teams

It’s no surprise that Microsoft Teams usage has skyrocketed at U of T this year. Staff and faculty are using the platform to chat, host meetings, share documents and more. Stay up-to-date on the latest updates and features, including the increase in meeting capacity, new grid and together mode. Learn more by visiting Enterprise Applications and Solutions Integration (EASI).

Ongoing Connect+Learn sessions

Hosted every month by EASI, Connect+Learn sessions provide staff and faculty with training on common technologies and applications, such as Teams, OneDrive, SharePoint and VPNs. Each session features a brief 15-minute presentation followed by a question and answer discussion. To learn more and subscribe to the Connect+Learn newsletter, visit: https://easi.its.utoronto.ca/connect-learn/.

SharePoint Online

SharePoint Online is a cloud-based platform that enables groups to collaborate, share and publish documents or web content using a variety of template options — perfect for working remotely! Find out more about how SharePoint Online can help to streamline your current work experience. Read more by visiting Enterprise Applications and Solutions Integration (EASI).

New ITS employees

Launched this year, a new ITS Recruitment and Orientation SharePoint site was created to help employees, including managers, joining ITS ease into their roles. It offers resources and information related to the University’s ITS organizational structure, processes, services and more. Read more on the ITS website.

Back to top

Take the quiz in Microsoft Forms

As part of Cyber Security Awareness Month (CSAM) 2020, the Information Security team is hosting a virtual panel discussion, open to University of Toronto (U of T) staff and faculty.

This webinar is an opportunity to meet and hear from Information Security team members who are working on important and innovative initiatives within Information Technology Services (ITS). Panelists will discuss their roles, provide updates on Information Security programs and explain how their collective efforts are impacting cyber security at U of T.

There will also be a Q&A period where attendees will have an opportunity to chat with the panelists and ask follow-up questions.

Panelists include:

• Carl Chan, senior security information & events monitoring administration
• Jason Chong, network security specialist
• Brittani Holder, security analyst
• Ashley Langille, information privacy analyst
• Robin Wilcoxen, information risk program coordinator
• Matt Wilks, senior identity & access management architect

The panel will be moderated by Rishi Arora, business process & information technology analyst, at U of T Mississauga. Additionally, attendees will have an opportunity to hear from the new Associate Director, Information Security, Deyves Fonseca.

Event information

Date: Oct. 21, 2020
Time: 11:00 a.m. – 12:00 p.m.
Location: Microsoft Teams
Register: https://its.eve.utoronto.ca/home/events/967