[ Report a Security Incident ]

Alert: Increased Phishing Emails
Phishing emails to staff and students have increased recently. These fraudulent emails ask for personal information in an urgent manner by threatening to disable your account or offering job opportunities. Do not respond to suspicious emails; instead, report them by using PhishForward.

MFA use is mandatory for all students & employees as of May 29, 2023.

Welcome to the Fleming College Cybersecurity awareness page! We’re glad you’ve joined us!

When you come to college, you’re taking on many responsibilities, making your own decisions, and becoming part of the campus community. There is an important role that you can play in our college’s cybersecurity efforts that combines these elements of responsibility, decision-making, and community.

When you’re in college, your computer and mobile devices are primary tools in your educational and social life. Students use the Internet for homework, research, social networking, online shopping and other activities. The Internet is an amazing tool, but must be used safely and securely.

When you log on to the Fleming College campus network, what you do online could impact not only your computer but other students and the network as well. By combining up-to-date security tools with good judgment, you and your college community are much less likely to encounter a security violation, loss of data, or system problems.

The month of October is Cybersecurity Awareness Month (CSAM) and a perfect time to remind everyone about being cyber-safe. In case you missed it, check out our most recent content and newsletters from CSAM 2022.

Cybersecurity Training

Mandatory Staff Training

All Fleming Staff are required to complete mandatory Cybersecurity training. The following courses are delivered via the CIRA/Beauceron training platform with the final quizes and completion tracking being done in Evolve:

CYBER1 – Cybersecurity Awareness – Launched in spring 2022, this training was due for completion by 2022-06-30 for staff employed at the time. The training is also ongoing and required for all new staff hires.
PRIV22 – Privacy & Information Security – Launched in fall 2022, this training is due for completion by 2023-02-28 for all staff.

Staff can review their training status and course completion by:

Go to My Campus > More Applications > Learning and Development > My Training Not Taken, to view all outstanding training.
Go to My Campus > More Applications > Learning and Development > Training Summary, to view all completed courses.
Managers can see the training status of their direct reports within their Evolve Manager Dashboard under Training Not Taken.

All Users (Optional)

LinkedIn Learning – The following LinkedIn Learning course is recommended to anyone looking to increase their cybersecurity awareness of the most common threats you are likely to encounter online. https://www.linkedin.com/learning/cybersecurity-at-work?u=2273370

Cybersecurity Advice on Campus and at Home

Phishing Scams, Malware and Ransomware
Passwords and Securing Your Accounts
Keep your devices Clean
Working Remotely
Protect Your Personal Information
Social Networks
Travelling
For more great cybersecurity resources visit the following sites

Phishing Scams, Malware and Ransomware

Did you know?
Clicking on a malicious link or opening email attachments are the major causes of malicious infections such as ransomware and other viruses.

Phishing messages are messages specifically crafted to look and feel like a real company that you already know and trust – but they are not legitimate e-mails. They are typically sent by a cyber-criminal trying to gain access to your computer, online accounts, company, or steal your personal information and gain access to your bank accounts.

Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information

Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access.

Cyber-criminals send millions of messages per day baiting unsuspecting individuals to open attachments in their e-mails. These criminals are improving everyday with creating intricate messages that seem legitimate. In many cases information from social media and public organizational information is used to profile the business and create messages on relevant topics using specific individual’s names. These messages are targeted and are referred to as spear phishing.

What can you do to keep Fleming College and your family safe?
When receiving e-mails with links and attachments always be very careful to trust the message and the attachment before opening the attachment. Things you can do:

Call the sender of the message on the phone – ask them if they sent you the message.
Review the 7 red flags of Phishing (see below).
Submit a suspected phishing email to phishreport@flemingcollege.ca
Contact the Fleming College IT Helpdesk to inquire their advice.
If unsure, just remember – When in doubt – Throw it out!

The 7 red flags of Phishing
Here are the 7 biggest red flags you should check for when you receive and email or text:

Red Flag #1 – Urgent or Threatening Language
Remember: Real emergencies don’t happen over email or text.
Watch out for: Pressure to respond, Threats of closing account or taking legal action.

Red Flag #2 – Requests for sensitive information
Remember: Anyone asking for personal information over email or text probably shouldn’t be trusted with it, anyway.
Watch out for: Links directing you to login pages, Requests to update account information, Demands for your financial information (even from your bank!).

Red Flag #3 – Anything too good to be true
Remember: Winning a lottery is unlikely. Winning a lottery that you didn’t enter is impossible!
Watch out for: Winnings from contests you never entered, Prizes you have to pay to receive, Inheritance from long-lost relatives, Job offers you didn’t apply for, Gift card offers.

Red Flag #4 – Unexpected emails
Remember: Expect the unexpected, report it and then send it to the trash.
Watch out for: Do you know the sender? Receipts for items you didn’t purchase, Updates on things you didn’t order.

Red Flag #5 – Information mistakes
Remember: Searching for clues in a phishing email or text puts your love of true crime podcasts to good use.
Watch out for: Incorrect (but similar) sender email addresses, links that don’t go to official websites, Spelling or grammar errors (beyond the off typo a legitimate organization would miss).

Red Flag #6 – Suspicious attachments
Remember: Attachments might seem like gifts for your inbox. But just like real gifts, there not always good…
Watch out for: Attachments you didn’t ask for (such as contracts and invoices), Weird file names, Uncommon file types (.docm, xlsm, .pptm, .msi, .bat, .com, .cmd, .hta, .scr, .pif, .reg, .js, .vbs, .wsf, .jar).

Red Flag #7 – Unprofessional design
Remember: For some reason, hiring a graphic designer isn’t on a cyber criminal’s priority list.
Watch out for: Incorrect or blurry logos, Image-only emails (no highlightable text), Company emails with little, poor or no formatting.

Passwords and Securing Your Accounts

Did you know?
There are many online resources that store data collected from data breaches and this breach data contains user credentials?

Passwords are like keys to your personal home online. You should do everything you can prevent people from gaining access to your password. Take security precautions, think about the consequences of your actions online and enjoy the Internet with peace of mind. You can also further secure your accounts by using additional authentication methods.

Here are some ways to secure your accounts through better password practices:

Make your password strong: A strong password is a password that has uppercase and lowercase letters, numbers and symbols. Make sure your password is longer than 16 characters.
Consider the use of a passphrase: A passphrase is a memorized phrase consisting of a sequence of mixed words with or without spaces. For example, you might create a passphrase by using association techniques, such as scanning a room in your home and creating a passphrase that uses words to describe what you see (e.g. “Closet lamp Bathroom Mug”)
Change your password regularly: Reset your passwords on systems at least once a year.
Unique account, unique password: Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
Multi-Factor Authentication: Multi-Factor or two-Factor authentication (a.k.a MFA or 2FA)greatly strengthens your device and account security. MFA authentication makes accounts more secure by requiring at least two items of authentication such as something you know and something you have, (e.g. a password and a token, a password and a fingerprint) to log in.
Use a Password Manager: If you feel overwhelmed by the number of passwords that you have, you can use a password manager to generate and track your many passwords.

Keep your devices Clean

Did you know?
Having the latest security software, web browser, and operating system is among the best defense against viruses, malware, and online threats.

Consider the following ways to keep your devices clean:

Automate software updates: Many software programs will automatically connect and update to defend against known risks. Turn on automatic updates if that’s an available option.
Protect all devices that connect to the Internet: Along with computers, smart phones, gaming systems, and other web-enabled devices also need protection from viruses and malware.
Plug and scan: “USBs” and other external devices can be infected by viruses and malware. Use your security software to scan them. If unknown to you, avoid them altogether.
Back it up: Protect your valuable work, music, photos, and other digital information by making an electronic copy and storing it safely. This allows you to ‘refresh’ your device when needed.
Disable features you are not using: Smart devices have a ton of features that make your life easier – like microphones, cameras, Bluetooth and even geolocation. These features may seem innocent enough when they’re in use, but they could also make it easier for cyber criminals to steal from or target you.

Working Remotely

Did you know?
You can access your Fleming College phone extension to make and receive calls via WebEx?

The way you connect to Fleming resources and use information when offsite can affect the security of our infrastructure and potentially impact the privacy rights of our community members.

Here are some preferred technologies to use while working remotely:

Use a College provided laptop or workstation if assigned
Students only: To access College PC’s remotely – Use our LabFind solution
Staff only: To access College PC’s remotely – Use our Virtual Desktop Environment
To access your files (H:\ and S:\): Use My Work Drive
For software available for your home PC: please visit the Home & Lab Use Software Page
To change your Fleming College password: Use our Self-Serve Password website

To learn about other services and support available, please visit the ITS Information Page

Here are some tips to ensure your home PC is safe while working remotely:

Ensure that you have up to date anti-virus installed.
Keep all software up to date, turn on automatic updates.
Only use trusted and secure Wi-Fi, ensure your home Wi-Fi is protected with a strong password and standard encryption (WPA2 or WPA3).
Backup your work to College servers or solutions at regular intervals.
Consider encrypting your hard drive.

Here are some tips to ensure you handle data appropriately while working remotely:

Learn about Personally Identifiable Information(PII)
Do not transfer, save, or store sensitive information outside of Fleming College systems, computers, or laptops.
Sensitive printed documents or written information must be destroyed with a cross-cut paper shredder.
Be able to identify sensitive information and be cautious while using it.
Consult with your manager if you are unsure of acceptable use and classification of data and how you handle or use that data.

Protect Your Personal Information

Did you know?
With social media, Canadians are sharing more personal information online than ever before, which means there’s more for cyber criminals to steal. There’s probably a lot of information about you available online, (Full name, Birthday, Phone number, Work history, Social Insurance Number, Login credentials).

The good news is that if you’ve read this page, you’re well on your way to keeping your personal information private and safe! Here are some highlights to consider:

Be aware of phishing and malware
Use Multi-Factor authentication
Ask questions!
Follow good account and passwords practices
Turn on login alerts (social media, banking, etc) and watch for suspicious activity
Keep your devices up-to-date and protected with anti-virus or threat protection
Don’t use public wi-fi
Review privacy and security settings on websites and your devices to your comfort level for information sharing. It’s ok to limit who you share information with.
Backup Your Data Regularly
Look for web addresses with https:// which means the site takes extra measures to help secure your information. “http://” is not secure.
Don’t click on Ads
Don’t leave a paper trail; shred your old documents

Social Networks

Facebook, Twitter, Google+, YouTube, Pinterest, LinkedIn and other social networks have become an integral part of online lives. Social networks are a great way to stay connected with others, but you should be wary about how much personal information you post.

Post only about others as you have them post about you. Yes, The Golden Rule applies online as well.

Have your classmates, friends and family follow these tips to safely enjoy social networking:

Privacy and security settings exist for a reason: Learn about and use the privacy and security settings on social networks. They are there to help you control who sees what you post and manage your online experience in a positive way.
Once posted, always posted: Protect your reputation on social networks. What you post online stays online. Think twice before posting pictures you wouldn’t want your parents or future employers to see. Recent research found that 70% of job recruiters rejected candidates based on information they found online.
Keep your accounts secure: Use a secure password/passphrase. Change your password regularly. Always use multi-factor authentication if supported. Use unique credentials for unique site.
Your online reputation can be a good thing: Recent research also found that recruiters respond to a strong, positive personal brand online. Show your smarts, thoughtfulness, and mastery of the environment.
Keep personal info personal: Be cautious about how much personal information you provide on social networking sites. The more information you post, the easier it may be for a hacker or someone else to use that information to steal your identity, access your data, or commit other crimes such as stalking. Be aware of Geolocations information in photos and posts that give away your location.
Know and manage your friends: Social networks can be used for a variety of purposes. Some of the fun is creating a large pool of friends from many aspects of your life. That doesn’t mean all friends are created equal. Use tools to manage the information you share with friends in different groups or even have multiple online pages. If you’re trying to create a public persona as a blogger or expert, create an open profile or a “fan” page that encourages broad participation and limits personal information. Use your personal profile to keep your real friends (the ones you know you trust) more synched up with your daily life.
Be honest if you’re uncomfortable: If a friend posts something about you that makes you uncomfortable or you think is inappropriate, let them know. Likewise, stay open-minded if a friend approaches you because something you’ve posted makes him or her uncomfortable. People have different tolerances for how much the world knows about them respect those differences.
Know what action to take: If someone is harassing or threatening you, remove them from your friends list, block them, and report them to the site administrator.

Travelling

See our Cybersecurity While Travelling page.

For more great cybersecurity resources visit the following sites:

Get Cyber Safe (opens new window) – Government of Canada
Stay Safe Online (opens new window) – National Cyber Security Alliance
Stop. Think. Connect (opens new window)

Information Technology Services

Automate the transactions, Personalize the interactions

Cybersecurity Awareness