Welcome to the Fleming College Cybersecurity awareness page! We’re glad you’ve joined us!
When you come to college, you’re taking on many responsibilities, making your own decisions, and becoming part of the campus community. There is an important role that you can play in our college’s cybersecurity efforts that combines these elements of responsibility, decision-making, and community.
When you’re in college, your computer and mobile devices are primary tools in your educational and social life. Students use the Internet for homework, research, social networking, online shopping and other activities.
The Internet is an amazing tool, but must be used safely and securely.
When you log on to the Fleming College campus network, what you do online could impact not only your computer but other students and the network as well. By combining up-to-date security tools with good judgment, you and your college community are much less likely to encounter a security violation, loss of data, or system problems.
Cybersecurity Advice on Campus and at Home
Table of Contents
Phishing Scams, Malware and Ransomware
Passwords and Securing Your Accounts
Keep your devices Clean
Protect Your Personal Information
For more great cybersecurity resources visit the following sites
Did you know?
Clicking on a malicious link or opening email attachments are the major causes of malicious infections such as ransomware and other viruses.
Phishing messages are messages specifically crafted to look and feel like a real company that you already know and trust – but they are not legitimate e-mails. They are typically sent by a cyber-criminal trying to gain access to your computer, online accounts, company, or steal your personal information and gain access to your bank accounts.
Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information
Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.
Cyber-criminals send millions of messages per day baiting unsuspecting individuals to open attachments in their e-mails. These criminals are improving everyday with creating intricate messages that seem legitimate. In many cases information from social media and public organizational information is used to profile the business and create messages on relevant topics using specific individual’s names. These messages are targeted and are referred to as spear phishing.
What can you do to keep Fleming College and your family safe?
When receiving e-mails with links and attachments always be very careful to trust the message and the attachment before opening the attachment. Things you can do:
- Call the sender of the message on the phone – ask them if they sent you the message.
- Review the 7 red flags of Phishing (see below).
- Submit a suspected phishing email to email@example.com
- Contact the Fleming College IT Helpdesk to inquire their advice.
- If unsure, just remember – When in doubt – Throw it out!
Red Flag #1 – Urgent or Threatening Language
Remember: Real emergencies don’t happen over email or text.
Watch out for: Pressure to respond, Threats of closing account or taking legal action.
Red Flag #2 – Requests for sensitive information
Remember: Anyone asking for personal information over email or text probably shouldn’t be trusted with it, anyway.
Watch out for: Links directing you to login pages, Requests to update account information, Demands for your financial information (even from your bank!).
Red Flag #3 – Anything too good to be true
Remember: Winning a lottery is unlikely. Winning a lottery that you didn’t enter is impossible!
Watch out for: Winnings from contests you never entered, Prizes you have to pay to receive, Inheritance from long-lost relatives, Job offers you didn’t apply for, Gift card offers.
Red Flag #4 – Unexpected emails
Remember: Expect the unexpected, report it and then send it to the trash.
Watch out for: Do you know the sender? Receipts for items you didn’t purchase, Updates on things you didn’t order.
Red Flag #5 – Information mistakes
Remember: Searching for clues in a phishing email or text puts your love of true crime podcasts to good use.
Watch out for: Incorrect (but similar) sender email addresses, links that don’t go to official websites, Spelling or grammar errors (beyond the off typo a legitimate organization would miss).
Red Flag #6 – Suspicious attachments
Remember: Attachments might seem like gifts for your inbox. But just like real gifts, there not always good…
Watch out for: Attachments you didn’t ask for (such as contracts and invoices), Weird file names, Uncommon file types (.docm, xlsm, .pptm, .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .jar).
Red Flag #7 – Unprofessional design
Remember: For some reason, hiring a graphic designer isn’t on a cyber criminal’s priority list.
Watch out for: Incorrect or blurry logos, Image-only emails (no highlightable text), Company emails with little, poor or no formatting.
Did you know?
There are many online resources that store data collected from data breaches and this breach data contains user credentials?
Passwords are like keys to your personal home online. You should do everything you can prevent people from gaining access to your password. Take security precautions, think about the consequences of your actions online and enjoy the Internet with peace of mind. You can also further secure your accounts by using additional authentication methods.
Here are some ways to secure your accounts through better password practices:
- Make your password strong: A strong password is a password that has uppercase and lowercase letters, numbers and symbols. Make sure your password is longer than 16 characters.
- Consider the use of a passphrase: A passphrase is a memorized phrase consisting of a sequence of mixed words with or without spaces. For example, you might create a passphrase by using association techniques, such as scanning a room in your home and creating a passphrase that uses words to describe what you see (e.g. “Closet lamp Bathroom Mug”)
- Change your password regularly: Reset your passwords on systems at least once a year.
- Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
- Multi-Factor Authentication: Multi-Factor or two-Factor authentication (a.k.a MFA or 2FA)greatly strengthens your device and account security. MFA authentication makes accounts more secure by requiring at least two items of authentication such as something you know and something you have, (e.g. a password and a token, a password and a fingerprint) to log in.
- Use a Password Manager: If you feel overwhelmed by the number of passwords that you have, you can use a password manager to generate and track your many passwords.
Did you know?
Having the latest security software, web browser, and operating system is among the best defense against viruses, malware, and online threats.
Consider the following ways to keep your devices clean:
- Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
- Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
- Plug and scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them. If unknown to you, avoid them altogether.
- Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. This allows you to ‘refresh’ your device when needed.
- Disable features you are not using: Smart devices have a ton of features that make your life easier – like microphones, cameras, Bluetooth and even geolocation. These features may seem innocent enough when they’re in use, but they could also make it easier for cyber criminals to steal from or target you.
Did you know?
You can access your Fleming College phone extension to make and receive calls via WebEx?
The way you connect to Fleming resources and use information when offsite can affect the security of our infrastructure and potentially impact the privacy rights of our community members.
Here are some preferred technologies to use while working remotely:
- Use a College provided laptop or workstation if assigned
- Students only: To access College PC’s remotely – Use our LabFind solution
- Staff only: To access College PC’s remotely – Use our Virtual Desktop Environment
- To access your files (H:\ and S:\): Use My Work Drive
- For software available for your home PC: please visit the Home & Lab Use Software Page
- To change your Fleming College password: Use our Self-Serve Password website
To learn about other services and support available, please visit the ITS Information Page
Here are some tips to ensure your home PC is safe while working remotely:
- Ensure that you have up to date anti-virus installed.
- Keep all software up to date, turn on automatic updates.
- Only use trusted and secure Wi-Fi, ensure your home Wi-Fi is protected with a strong password and standard encryption (WPA2 or WPA3).
- Backup your work to College servers or solutions at regular intervals.
- Consider encrypting your hard drive.
Here are some tips to ensure you handle data appropriately while working remotely:
- Learn about Personally Identifiable Information(PII)
- Do not transfer, save, or store sensitive information outside of Fleming College systems, computers, or laptops.
- Sensitive printed documents or written information must be destroyed with a cross-cut paper shredder.
- Be able to identify sensitive information and be cautious while using it.
- Consult with your manager if you are unsure of acceptable use and classification of data and how you handle or use that data.
Did you know?
With social media, Canadians are sharing more personal information online than ever before, which means there’s more for cyber criminals to steal. There’s probably a lot of information about you available online, (Full name, Birthday, Phone number, Work history, Social Insurance Number, Login credentials).
The good news is that if you’ve read this page, you’re well on your way to keeping your personal information private and safe! Here are some highlights to consider:
- Be aware of phishing and malware
- Use Multi-Factor authentication
- Ask questions!
- Follow good account and passwords practices
- Turn on login alerts (social media, banking, etc) and watch for suspicious activity
- Keep your devices up-to-date and protected with anti-virus or threat protection
- Don’t use public wi-fi
- Review privacy and security settings on websites and your devices to your comfort level for information sharing. It’s ok to limit who you share information with.
- Backup Your Data Regularly
- Look for web addresses with https:// which means the site takes extra measures to help secure your information. “http://” is not secure.
- Don’t click on Ads
- Don’t leave a paper trail; shred your old documents
Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post.
Post only about others as you have them post about you. Yes, The Golden Rule applies online as well.
Have your classmates, friends and family follow these tips to safely enjoy social networking:
- Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
- Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online.
- Keep your accounts secure: Use a secure password/passphrase. Change your password regularly. Always use multi-factor authentication if supported. Use unique credentials for unique site.
- Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. Show your smarts, thoughtfulness, and mastery of the environment.
- Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking. Be aware of Geolocations information in photos and posts that give away your location.
- Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know you trust) more synched up with your daily life.
- Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.
- Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.