Blog - Page 4 of 26 - Security MattersSecurity Matters

Four online safety tips for students going back to school

August 29, 2022

A new school year is just around the corner! While this is an exciting time for students, it’s also prime time for malicious actors to take advantage of unsuspecting students.

Review these simple and effective tips to help you stay safe online and protect yourself, your data and the University.

View the image in a higher resolution.

Resources to protect yourself online:

Protect your online accounts.
Safe password practices.
Enrol in UTORMFA.
UTORMFA is the University of Toronto’s multi-factor authentication solution.
Protect yourself against fraud.
Tips for identifying and reporting a phishing attempt.
Protect your devices.
Protect yourself against malware.

Visit the Security Matters website regularly to learn more about online safety tips and resources.

Smishing campaigns target Rogers subscribers

August 16, 2022

Following the nation-wide Rogers outage on July 8, there have been reports of smishing (SMS phishing) campaigns targeting Rogers customers.

CTV News recently reported smishing campaigns asking Rogers customers to click on malicious links to receive a service disruption refund. An example of this is a message that a Twitter user received asking him to click on an unknown link to receive $50 credit.

Rogers has stated that the company doesn’t require any action from its subscribers and will auto-refund a portion of their bill to their account. They have also urged subscribers to forward the suspicious text messages to 7726 (SPAM).

What to do if you receive a suspicious email or text message:

Do not click the link, provide personal information, open the attachment, send SMS or forward the email to your contacts.
Forward the email to report.phishing@utoronto.ca and then delete it from your inbox.
If you already engaged with the email, please contact security.response@utoronto.ca immediately for assistance.
Visit the Security Matters website regularly to stay updated and aware about online safety.

Further resources for online safety:

U of T staff recognized among top women in cyber security

August 11, 2022

Photo by Daria Korenevska

A University of Toronto staff member has been recognized among the Top Women in Cybersecurity Celebration — an initiative that honours the women who have advanced the Canadian security industry. Raphaelle Gauriau, Information Systems Security Manager, SciNet, was nominated by her colleagues for her innovativeness and leadership.

Gauriau has dedicated her career to cyber security operations and compliance projects within various organizations globally, from Canada to France.

“This award is a direct consequence of all the learning experiences the cybersecurity community has provided to me throughout the years,” says Gauriau. “This could not have happened without the help and guidance of all the experts, leaders and friends who went out of their way to empower me as a woman in cybersecurity.”

Currently at U of T’s SciNet supercomputer centre, Gauriau continues to develop cyber security solutions and build strong teams. SciNet provides Canadian researchers with computational resources and expertise necessary to perform their research on scales not previously possible in Canada.

“Congratulations to Raphaelle on this well-deserved award,” says Isaac Straley, Chief Information Security Officer. “The cyber security field needs more diversity, and recognizing talent is an important step in making that happen.”

Secure U of T: New security features to safeguard Office 365 accounts

July 18, 2022

The University of Toronto recently implemented a series of essential protections to secure data and collaboration tools in Office 365 (O365) as part of advanced threat protection, a Secure U (of T) initiative. Efforts followed an accelerated timeline, as heightened security risks due to the current geo-political situation have amplified the need to enhance our security protections.

“These new security features protect O365 users against security threats such as impersonation attempts, malicious attachments and links in emails, documents and more. They also improve our ability to detect and prevent security threats.” said Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

This initiative is a collaboration between Information Security and Enterprise Applications and Solutions Integration.

Visit https://isea.utoronto.ca/services/security-and-privacy-m365/ for more information about the initiative.

Ransomware: An online menace

July 18, 2022

Ransomware is a type of malware that can lock users and organizations out of their data and infrastructure. Attackers then demand payment to return access to and not expose affected data. Ransomware has immense impact on any institution — from shutting down operations to losing years of research.

Ransomware has become one of the biggest cyber threats globally. In fact, a recent report shows that there was a 104 per cent surge in ransomware attacks last year in North America and a 105 per cent increase globally.

Many organizations are losing billions of dollars to these attacks, trying to regain access to their stolen data. According to a study by Telus, almost half of surveyed Canadian organizations that suffered a ransomware attack paid the hackers in hopes of getting their data back, and most of them did not regain access in the end.

How does ransomware affect the University of Toronto?

With the current geopolitical situation, it is likely that ransomware attacks could target the University and cause significant damage to the University and its community.

How can I protect myself and my data from ransomware?

Here are some resources to help you stay secure online and protect your data.

Don’t click any links, download attachments or engage with the sender if you receive a suspicious email. Also, do not forward or share the email with your colleagues and other contacts.
Ensure you set up unique and strong passwords for all your personal and professional accounts. Strong passwords are your first line of defence.
Multi-factor authentication (MFA) adds an additional layer of security to your accounts. It also enables you to work remotely with confidence. Enrol in U of T’s UTORMFA to stay secure online.
Make sure you backup your device and store the data where they are protected from access by others. If you lose your data due to a ransomware attack or a malicious person corrupts your data, your backups are critical for recovery.
Report suspicious emails or computer activity to report.phishing@utoronto.ca and then delete it from your inbox. If you have already clicked on a link or attachment, please contact security.response@utoronto.ca.

If you work with self-managed devices (home computers, laptops, phones, etc.) and access institutional data, ensure you secure your devices by taking the following steps:

Use supported versions of operating systems.
Patch and update the operating system and software/applications regularly (ideally automatically) to correct security vulnerabilities.
Have fully enabled, automatically updating anti-virus software.
Protect devices with a strong password and/or biometrics.

Visit the Ransomware Risk page for more information on to prepare and protect data, devices and users.

Keep visiting the Security Matters website regularly for tips and information on how to stay secure online.

Additional resources about ransomware

Non-appointed staff and faculty enrolment in UTORMFA

July 11, 2022

After a successful automatic enrolment process for appointed staff and faculty, Information Security, part of Information Technology Services is now prioritizing getting non-appointed staff and faculty enrolled in U of T’s multi-factor authentication service, UTORMFA.

All non-appointed staff and faculty are now encouraged to self-enrol in UTORMFA to ensure further protection to your login. Those who have not self-enroled will be automatically enroled in January 2023.

UTORMFA was introduced as part of U of T’s continuing efforts to provide a secure environment for the tri-campus community’s personal and institutional data. More than 93 per cent of appointed faculty and 95 per cent of appointed staff have enroled in UTORMFA so far.

Visit the UTORMFA live enrolment counter for updated enrolment statistics.

Why UTORMFA?

UTORMFA adds an extra layer of security to your login, enabling you to work remotely with confidence. UTORMFA verifies your identity using a second factor (like a mobile device) ensuring that only you can login.

How can I enrol in UTORMFA?

You can self-enrol in UTORMFA by visiting the UTORMFA enrolment and device management portal. Enrolment is quick, easy and it only takes a few minutes.

Note: You will need a smart phone to enrol.

If you face difficulties using UTORMFA, please contact your campus help desk for further assistance:

St. George campus Information Commons help desk: help.desk@utoronto.ca, 416-978-HELP
Mississauga help desk: helpdesk.utm@utoronto.ca, 905-828-5344
Scarborough help desk: helpdesk@utsc.utoronto.ca, 416-287-HELP

Learn more about UTORMFA: https://isea.utoronto.ca/services/utormfa/.

Appointed faculty now enrolled in UTORMFA

June 17, 2022

June 15, 2022 marked the final day of the automatic UTORMFA enrollment process for the University of Toronto’s appointed faculty members, moving us one step closer to a more secure community. To date, 91 per cent of appointed faculty and 95 per cent of appointed staff have enrolled.

UTORMFA is part of U of T’s continuing effort to protect the community, their personal data and the University. It offers an extra layer of protection to accounts and data as well as enhances the institution’s overall information security posture.

“Thank you to everyone who worked so hard to get our community enrolled and to those who have embraced the change toward a safer login experience,” says Isaac Straley, Chief Information Security Officer. “These have been challenging times, and I know it can be frustrating to ask you to change your login experience while still trying to juggle all the other rapid digital transformations. We have already seen positive risk reduction, and I believe it has been worth the effort.”

For up-to-date enrollment stats, visit the UTORMFA live enrollment counter.

Enrollment goals

Information Security will now be shifting their efforts to get students enrolled, with the goal of having University-wide enrollment by February 2023.

Learn more about UTORMFA: https://isea.utoronto.ca/services/utormfa/.

Information security news roundup: Ransomware on the rise in Canada

June 17, 2022

Cyber attacks have increased at an alarming rate with the current geo-political situation being a major contributing factor. The National Cyber Threat Assessment 2020 published by The Centre for Cyber Security suggested a potential increase across Canada in cyber crimes, ransomware and commercial espionage — particularly against businesses, academic institutions and governments to steal intellectual property and proprietary information.

Let’s look back at some interesting information security and ransomware related news in recent months.

Two Canadian Universities hit by cyber attacks

Simon Fraser University and Lakehead University reported that they were hit by cyber attacks in February.  Although the universities did not confirm whether it was a ransomware attack, they advised students and staff to monitor their accounts, change their passwords and enrol in multi-factor authentication (MFA).

Data breaches can result in the loss of personal, institutional and other sensitive information. Learn how to enrol in MFA to add an additional layer of security to your online accounts.

Hackers getting clever with phishing emails

It is often said that hackers stay one step ahead of you by constantly changing their tactics. In a recent blog post by Mount Royal University, it was reported that phishing emails with fake invoices from MasterClass (an online educational platform) were sent to the university community and hackers asked recipients to respond with their credit card information for a refund.

Often, phishing emails are made to look like they are from a legitimate source, which can lead recipients to respond, causing further damage. Check out the Phish Bowl for examples of phishing emails received by members of the University of Toronto (U of T) community to help you identify and report suspicious emails.

Ransomware attacks increasing at an alarming rate in Canada

A recent article published by MaRS explained how ransomware attacks have been increasing in Canada with small businesses losing up to billions to cyber attacks. In fact, a survey done by Canadian Internet Registration Authority (CIRA) also found that nearly 70 per cent of Canadian organizations that experienced ransomware paid the hackers to regain access to their data.

Last year, U of T launched a ransomware awareness campaign called Expect Ransomware to provide the community with resources, tips and tools to protect their accounts and to stay secure online.

Ransomware is a an ongoing and evolving cyber threat. Stay tuned for the Expect Ransomware 2.0 campaign launching soon that will provide you with updated resources, tips and tools to protect yourself and your loved ones online.

Federal government may make reporting cyber attacks mandatory

Public Safety Minister Marco Mendicino has said that the federal government might make it mandatory for Canadian businesses and organizations to report cyber attacks. Mendicino also emphasized that the current geo-political situation has increased the threat of cyber attacks.

Staying safe and secure online can be done through simple but effective steps. Explore the educational resources on the Security Matters website to learn how to stay secure online.

Bonus read: Isaac Straley, U of T’s Chief Information Security Officer has called for a revamp of the national cyber security strategy in an op-ed published in The Hill Times.

[Phish] Vacant position: virtual personal assistant.

May 30, 2022

Details:

Subject: Vacant position: virtual personal assistant.

We have an open position for a Virtual Assistant, that is you work remotely,performing various tasks and office support duties.

COVID-19 considerations:

Job is primarily remote at this stage.

Application question(s):

What experience (personal or professional) of yours do you think best matches this position and why?

Work remotely:

*TO APPLY: Email your name and phone number to {malicious email added here}

NOTE: Send the email message from your PERSONAL EMAIL ADDRESS (gmail, yahoo etc) and we will send you the job details.

If you have received a suspicious email, please report it to report.phishing@utoronto.ca and delete it immediately from your mailbox. Don’t click any links, download attachments or engage with the sender. Please do not forward or share the email with your colleagues and other contacts. Learn more about what to do if you suspect a phishing attempt.

Cyber security in Canada: Time for a new approach

May 15, 2022

Isaac Straley, the University of Toronto’s (U of T) Chief Information Security Officer has called for a revamp of the national cyber security strategy in an op-ed published on May 11 in The Hill Times.

The pandemic and the shift to remote work has added to the challenges faced in information security. Given the recent geo-political events and cyber security-related incidents in Canada, collaborating and working collectively would provide a significant opportunity to secure our digital future.

Straley discussed the importance of a more integrated approach for Canadian organizations to partner with federal and provincial government agencies tasked with improving defences. He mentioned how this should go beyond the sharing of information and include security professionals working together with timely access to resources to mitigate risks.

“The old approach of each organization attempting ‘defence in depth’ doesn’t work anymore. What we really need is ‘defence through partnership,’” said Straley.

Straley provided the Canadian Shared Security Operations Centre (CanSSOC) as an example of creating a shared approach in the Canadian higher education sector to work against cyber attacks. CanSSOC was founded by six Canadian Universities including U of T and now has more than 145 academic institutions participating.

Read the full op-ed in The Hill Times.