Digital security at UM and beyond

It seems that everywhere you turn, there is news of a new scam or fraud.

Whether it’s phishing scams, fake job postings, phony calls from family asking for money, or fake requests from large organizations aiming to trick you into revealing credit card or banking information, learning how to protect yourself is vital.

Critical thinking can be your best defense.

Stay informed

“The best mindset these days is one of skepticism,” says David Treble, Manager of Information Security and Compliance with IST.

In his job he comes upon many different scams that people may encounter at work or at home.

They usually take place through email or a phone call. Most of us are familiar with scams that try to trick us into giving up our passwords, but more recently MFA (Multi Factor Authentication) codes are also being targeted, he says.

“We have also seen a rise in fake job postings which typically lead to a phony job offer,” says Treble. “Then the scammer will ask the ‘new employee’ to cash a cheque or transfer money to a third party and the check will bounce.”

Another type of popular fraud is called a “business email compromise”. These scams involve “phony invoices the scammer hopes will be paid, fake emails from a boss or superior asking to purchase gift cards and attempts by bad actors to change payroll deposit information to a different bank account,” he says.

People can be targeted with these scams in their personal lives too.

These variations include phony calls from family or grandchildren asking for money, fake requests from large organizations like Revenue Canada, PayPal, or Amazon, or fake notifications of a fine from law enforcement. Then there are the fake requests for payment for a package delivery from Canada Post or other courier services.

Scammers rely on several factors when working:

• People are naturally trusting,
• People want to help others or not get in trouble with law enforcement or their boss,
• If something sounds urgent, people don’t want to miss out, or lose access to accounts.

“All these things are expected by scammers and they tailor their tactics to prey on these traits,” says Treble.

In the end, it’s a numbers game, and scammers rely on coincidence.

Take a supposed text from Canada Post about payment for a package, as an example. “Thousands of packages are mailed each day, and the scammers know that if they contact 10,000 people there are going to be dozens who had just mailed something and will think the text is real,” says Treble. “Scammers only need to be right once to win.”

Look out for red flags

Treble recommends treating any requests for payment or financial transactions that come through email, phone call or text message as suspicious, until you verify it by contacting the organization through a known number listed on their website or other legitimate correspondence you have.

“Do not call the phone number that is provided to you through that first contact,” he says. “A scammer will just provide you a fake number that is part of the scam.”

“If it is someone claiming to be a friend or family member, consider calling another family member, call that person back on a number you know is their own, and ignore the caller’s plea for urgency, secrecy or pressure to do something quickly,” he says.

“Especially if they tell you that this is a secret, or they try to tell you they are embarrassed and don’t want anyone to know, these are all red flags that the call may be a scam.”

Treble also says that calls from your bank, Revenue Canada or the police should be verified first. “It may sound extreme, but everyone receives constant scam calls or texts regularly, so let unknown numbers go to voice mail. Even if it is a number you recognize, be cautious as call display numbers can be forged.”

Keeping information secure

Judy Dandurand, Access and Privacy Officer, says that treating information appropriately has a significant role to play in keeping data secure too.

“Employees should only have access to information that is required to do their jobs,” she says. “Open access to information poses a significant security risk.”

It’s also important to know what information you have in your unit, as “many privacy breaches are a result of employees not knowing what information they are responsible for in their holdings,” says Dandurand. She also says to only keep information for as long as there is a legitimate business need. The Access and Privacy Office can help provide guidelines on how long to store information.

Even how you share your documents at work can have an impact on security. “When emailing confidential documents, consider sending via a link to OneDrive. This will strengthen your security as only individuals who have permission to open a document can,” says Dandurand.

If your work is in the realm of research, Noël Galuschik from the Office of Research Security, has some additional tips.

In her role as Research Officer, Cannabis and Research Security, she says it’s important for researchers to consider the following:

• Who has access?
• What do they have access to?
• How long do they have access to it?

“I encourage everyone (PIs to summer students) to have a baseline level of cybersecurity awareness. The Government of Canada has a short course titled Cyber Security for Researchers available to anyone to take,” says Galuschik. “Encrypting computers, laptops and storage solutions are great ways to keep data secure and minimize risks.”

If researchers have questions, the Office of Research Security Intranet page and the IST Information Security and Compliance site provide further information.

Social media and data security

Dandurand says she often sees behaviours that people do in their personal lives that raise concerns about privacy, and therefore security.

People often share too much information on social media, she says, without recognizing the potential consequences.

“Less is best! Limit the information you provide on social media sites – you never know how others will use that information,” she says.

“Sharing sensitive information of friends, family or especially children with no thought to how it may impact them,” is not advised says Dandurand. “Your information may result in another person’s privacy being breached or you may be targeted and exploited by criminals for a fraudulent purpose.”

“Check your privacy settings on social media platforms and web browsers to control how and with whom your information is being shared.”

She also recommends caution when doing online or social media quizzes. “Don’t share the name of your first-grade teacher, your first pet, your first car on any Facebook survey or contest. These questions are commonly used to change forgotten passwords.”

Quick tips for digital security

So, what can you do to protect yourself?

• Treat requests for account, financial or personal information with extreme caution.
• Create unique and complex passwords for different accounts.
• Be careful with what you share on social media or with strangers.
• Check your bank statements and PayPal accounts regularly for suspicious charges.
• Review recent logins monthly if your account has that feature.
• Use Multi-Factor Authentication if it is available.
• Stay informed on common scams.
• Check your privacy settings regularly to ensure you know what information is being collected and who it may be shared with.
• Don’t be afraid to ask why personal information is being requested and how it will be used.

In addition to information from IST and the Access and Privacy Office, the Canadian Centre for Cyber Security and the Insurance Bureau of Canada have excellent resources for learning more about how to stay safe. The federal government’s Get Cyber Safe public awareness campaign also has tips on protecting yourself online.

The university is currently making ongoing efforts in support of its digital strategy and this article highlights how everyone has a role to play in digital security. Faculty and staff who are interested in engaging in discussions about digital best practices, technology and trends are invited to join the Digital Community of Practice.   

UM Today Staff