Oct. 2, 2019
October is Cybersecurity Awareness Month
Imagine 90 strangers used your toothbrush last week. Sharing your online account is as invasive as sharing your toothbrush. On average, 90 malware attacks are launched against UCalgary accounts each week.
Now, imagine you saw an email from your boss, or AVP, or even our president asking you to click on a link to complete a task on their behalf. You are busy, you know them, and click — you have been phished. Your data could be encrypted, your confidential information accessed and changed, and even your identity stolen.
It happens in the blink of an eye. Cybercriminals are very smart. They practise social engineering — preying on your emotions to act quickly and without rational review.
October is Cybersecurity Month throughout the world, and UCalgary IT Security wants to help you become cybersecure, at home and at UCalgary.
Cybersecurity begins with you
“The world is so digitally driven that if you do not take care of your own digital identity others can and will assume it. Almost everything is online today — banking, taxes, passports. You need to protect yourself,” says Sean Murray, lead, IT security operations.
Many in our UCalgary community think that at UCalgary we are fully protected. And from a technology standpoint, that is correct. UCalgary IT Security has systems and protocols, running upgrades, patches and installations to help ensure our trusted and known devices like desktops, laptops and smartphones are, technically, as secure as possible.
Yet, attacks happen and they are often because of human error. Paige Hong, analyst, IT security operations, explains: “People have a different relationship to cybersecurity than they do to their physical security. But we have to realize we need to learn how to protect ourselves because the majority of incidents start from a simple user mistake.”
Recent statistics from Kasperksy Lab, for example, state, “90 per cent of corporate data breaches in the cloud happen due to social engineering attacks which target customers' employees and not because of problems caused by their cloud providers,” as reported in TechRadar.
Murray adds, “Online, everything is exposed to everything else. That doesn’t happen in the physical world. If I show up to my friend’s bank saying I am my friend, the bank will definitely know I am not, and take action. Yet if I know how to access my friend’s bank digitally, everything is fine. There is a level of trust digitally that is not warranted.”
One simple way for everyone to be further protected is through multi-factor authentication (MFA), a two-step authentication process that adds an extra layer of security to your UCalgary account.
MFA works because the MFA password resets regularly. “If you were phished, the criminals may get your password and you may not even know it until you are impacted. With MFA, a second password, or verification code, is sent to your phone or laptop, and you will not be able to logon until this code is entered correctly. The criminals can not access that second password because it automatically changes so frequently,” Hong says.
Murray adds, “MFA is free, unobtrusive and is simply requested through the IT Support Centre, who can support you through the quick and easy setup.” All the information you need is in the MFA Getting Started article, and your Office 365, mail, calendar, OneDrive, and UCalgary sensitive and personal information will be protected.
Managing cybersecurity is a learning curve, but in the end it is your work, your personal information and your data that you are protecting. “We do our best to protect you, but it is also your responsibility to protect yourself,” says Hong.
“It is a matter of establishing good practices all the time,” Murray adds, “thinking and acting to keep yourself cybersecure so often that the practice simply becomes built in.”