Where to Start
It is critical to cover the basics. Most attacks and incidents can be prevented by taking simple steps to protect yourself and your data.
The first and best thing you can do to secure yourself and your data – secure your accounts with Multi Factor Authentication (MFA)
- Introduction to Research Security (Government of Canada training)
- CyberSecurity for Researchers (Government of Canada training)
Create your own personal plan
Have a plan for when things go wrong
Work securely when remote or traveling
- U of T Remote Security Matters Information Page
- Safegaurding your data while traveling tip sheet
- U of T Remote Work Guidelines
For devices, at a minimum:
- Use supported versions of operating systems.
- Patch and update the operating system and software/applications with respect to
- Have fully enabled, automatically updating anti-virus software for Windows computers
- Protect devices with a strong password and/or biometrics.
A Comprehensive Approach
If you are protecting more than yourself and your data, such as a research lab, it is important to implementation protections appropriate to the level of risk.
Cyber Security Framework
- Identify and manage security risk- know what you have, why you have it, and the risk
- Protect using reasonable and appropriate controls that directly mitigate risks
- Detect when things the protections fails
- Respond quickly to minimize impact
- Recover and get back to work
Resources and References
- Government of Canada Research Cyber Security and Policy Statements
- NIST Cyber Security Framework (CSF)
- Trust CI (NSF Center of Excellence) Cybersecurity Framework for Research
- U of T Baseline Information Security Standard (a version appropriate and tuned for research is in development)
- Center for Internet Security Critical Security Controls
Protocols, projects or collaborations with other countries
If you are working with people or data from other countries, you may have other obligations. Here are a few common ones:
- United States Cybersecurity Maturity Model Certification (CMMC)
- European Union: General Data Protection Regulation (GDPR)
Working with Service Providers
It is your responsibility to ensure Service Poviders meet the University standards and any contractual or sponsor obligations.
- Quick start assessment: Higher Education Community Vendor Assessment Toolkit (HECVAT)