Cybersecurity Awareness
*** Learn more on reporting a Phishing attack ***
Whether working from home, on campus, or simply working on the same network as one of our community members, your use of technology plays an important role in the cybersecurity health of Mohawk College and the greater community.
Computers, laptops, smart phones and the internet are amazing resources, but they must be used safely, securely, and responsibly.
Below you will find helpful resources on keeping yourself, your friends and family, and the campus community a cybersafe place.
Cybersecurity Advice on Campus and at Home
Keep a Clean Machine
Keep all software up to date: Having the latest software, web browsers, and operating system is a simple way to keep your device protected. Cybercriminals look for out of date software that has design flaws known as vulnerabilities - the older the software, the more vulnerable you are.
Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates and install them as recommended
Use Reputable Anti-malware: Viruses and malware have changed lots over the years and continue to change daily. It is recommended that you use a commercially available anti-malware tool to defend against viruses, malware, and other online threats.
Protect all devices that connect to the Internet: Computers, laptops, and smartphones all require up to date software and should have some form of anti-malware protection.
Use trusted software: Only install software that is known and reputable. Installing shady software found on the internet is never a good idea. Cybercriminals can embed malicious code and access your devices if they control the distribution of software.
Plug and scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them.
Protect Your Personal Information and Accounts
Secure your accounts: Whether it's your bank account, e-mail account, or social media account they all contain sensitive information about you at minimum. Make sure you don't sign up for services you don't need and close accounts when they are no longer used.
Own your online presence: Only use services when you are comfortable with the privacy and security settings they provide. Review the default settings, and restrict who can access your information on the platform.
Know and Alert yourself if your account is exposed: Knowing when your account has been posted to Darknet for cybercriminals to use is a key way to protect yourself - and it doesn't have to be complicated. Check out the free services provided by Have I Been Pwned to check out where your accounts have been compromised and sign up for alerts.
Make passwords long and strong: Create passwords that have a long length and use any combination of characters. Experts now recommend passphrases. For example, pick 4 words at random and combine them: wrenchlasagnajumpflame - This password is easy to remember, and would take 11 trillion years for a cybercriminal to guess. Checkout How Secure Is My Password and try making some sample passwords - Never type your own password into a tool like this.
Unique account, unique password: Separate passwords for every account helps to thwart cybercriminals.
Use a password manager: Everyone can forget a password, use a reputable password manager such as Lastpass, Bitwarden, 1Password, or others.
Enable Multi-Factor Authentication: Where available turn on multi-factor authentication which can use anything from a text message to your phone, a token or biometric information like your fingerprint to provide enhanced account security. Stolen or exposed passwords won't be enough for cybercriminals to access your accounts. Visit Brian Station to find out what websites support Multi-Factor Authentication.
E-mail Security and Phishing Scams
Have you ever received an e-mail with a random link? Or an E-mail from a company asking you to reset your password to an account with a specific website address? Have you ever been urgently asked to open an attached document?
These are likely phishing messages. Phishing messages are messages specifically crafted to look and feel like a real company that you already know and trust – but they are not legitimate e-mails. They are typically sent by a cybercriminal trying to gain access to your accounts, company, or steal your personal information and gain access to your bank accounts.
Some of the more common phishing scams are as follows:
- You're asked to validate your account by following a link;
- You're told there's a problem with your current account;
- You're threatened with action (i.e. closing your account) if you don't respond;
- Job Offers that appear too good to be true like mystery shopping;
- Requests to purchase gift cards;
What can you do if you are suspicious about a message: If you think the message might be real, use a different contact method to reach out to the person or company by getting their contact information anywhere else but from the e-mail. If you require assistance validating if a College sent or received e-mail is real contact the IT Service Desk
When in doubt, Throw it out!: Don't fall victim to these scams. If you think the message might be real, use a different contact method to reach out to the person or company by getting their contact information anywhere else but from the e-mail.
Your Home and Cybersecurity
Watch a short video on how to secure your home
Protect your Wi-Fi: Ensure that a password is configured on your Wi-Fi and that you use the strongest encryption settings. Never share your Wi-Fi passwords with people that you don't trust, or devices that aren't properly protected.
Secure your router: Your home router that controls the connections in your home has a username and password. Change this from the default values.
Secure your devices: Make sure you password protect your devices so that visitors cannot just use your technology freely potentially accessing sensitive information or visiting inappropriate or dangerous websites.
Learning and Working Remotely
The way you connect to our systems and use information when offsite can affect the security of our infrastructure and potentially impact the privacy rights of our community members.
Here are some simple tips to ensure your use of technology is safe while working remotely
- Keep all software up to date;
- Use reputable commercial anti-malware and ensure it is up to date;
- Only use trusted and secure Wi-Fi, your Wi-Fi must be password protected with a strong password;
- Backup work to College servers or solutions at regular intervals;
- Use Mohawk College sanctioned storage such as Microsoft OneDrive, Home Drives, or file shares.
Here are some tips to ensure you handle data appropriately while working remotely
- Do not transfer, save, or store sensitive information outside of Mohawk College systems, computers, or laptops;
- Sensitive printed documents or written information should be destroyed appropriately;
- Be able to identify sensitive information and be cautious while using it;
- Consult with your instructor, manager, or supervisor if you are unsure of acceptable use and classification of data and how you handle or use that data.
Using a VPN
Using a VPN (Virtual Private Network) creates a protected tunnel between your workstation and the VPN service provider. This protects all the contents such as sensitive information in your network traffic on the way to the provider. If you are connected to a public network (Coffee shop, airport, hotel, conference, etc) it is a good practice to use a VPN service.
Back It Up - Or Risk Losing It
Know what is valuable to you: Your schoolwork or projects are important and take time and care to get right. Your family photos, home movies, music collection, and other digital documents you've collected over the years are important - know where they are.
Have a backup plan: A hard drive that becomes corrupt or a cybercriminal successfully deploys ransomware to your device or home - it can all be lost. Make sure you back up your files regularly and that backup doesn't remain attached to your device at all times. Research cloud services that promote solutions with ransomware protection, or rotate disconnected USB drives. It's best to have a backup stored offsite to protect against theft or fire.
Test your plan: Backup plans that don't work can be very upsetting. Make sure to go through some tests to make sure the files are of good integrity and working as expected.
Be a Good Online Citizen
Only say or do online what you would say or do offline.
Everyone has the right to enjoy a positive and respectful learning environment -- online or offline. Take a moment to learn or remind yourself of what appropriate behaviour for interacting with others online looks like:
1. Integrity – You must represent yourself honestly in all communications, assignments, tests, and examinations. You may not use another student’s account or allow anyone else to access your account. Mohawk Students should read the academic honesty policy and acceptable student us of IT resources policy to learn more.
2. Responsibility - You are responsible for your actions and how they impact others. It’s important that before you act or say something, consider how others might interpret your words or actions. At Mohawk, any inappropriate behaviours or messages to students, faculty, or staff via online chat, email or in virtual classrooms will not be tolerated. Be kind.
3. Understanding – It’s important to be understanding of others’ feelings, experiences, intentions, and think about things from another point of view. It’s not always easy to convey meaning through email or online chat environments, and sometimes this can be frustrating. If you are confused or unclear about something, ask for clarification before getting upset.
4. Respect - All interactions must be be respectful. At Mohawk we will not tolerate any behaviours or messages that are offensive, abusive, derogatory, discriminating, bullying, harassing or threatening. If you can’t be respectful, don’t say anything. Alternatively, you can always take a moment to reassess how to respond to the situation.
5. Patience - We all have different ways of communicating and learning online. Every person will approach this differently, so be patient with others and help them feel included by offering support if you can.
At Mohawk, The Student Rights and Responsibilities Office is a resource to support anyone who is impacted or disrupted by inappropriate behaviour -- online or offline. If you are looking for support you can reach out to SRRO [at] mohawkcollege.ca (SRRO[at]mohawkcollege[dot]ca) for supportive resources, consultation and reporting options.
- Brought to you by the Student Rights & Responsibilities Office
Social Networks
Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post.
Have your classmates, friends and family follow these tips to safely enjoy social networking:
- Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
- Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online.
- Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. So show your smarts, thoughtfulness, and mastery of the environment.
- Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking.
- Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know you trust) more synched up with your daily life.
- Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them. Respect those differences.
- Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.
Help the authorities fight cyber crime: Report stolen finances or identities and other cybercrime to the IT Service Desk at 905-575-2199 or through the IT Self-Service Portal.
For more great cybersecurity resources visit the following sites:
- Get Cyber Safe (opens new window) - Government of Canada
- Stay Safe Online (opens new window) - National Cyber Security Alliance
- Stop. Think. Connect (opens new window)