Information Security tips

How do I protect my data?

• Backup your data regularly.
• Store your data on your network drive or UM OneDrive.
• Keep your device operating system (OS) and applications up to date.
• Contact IST Help and Solutions Centre for recommendations or assistance with selecting and implementing an encryption tool.
  • What is encryption? Encryption is a method of preventing unauthorized access to electronic data. Encryption scrambles your data and makes it accessible to only authorized parties (using a UMNETID and Password). Other means of accessing your data will be unsuccessful.
  • Why use encryption? Security breaches can cause a lot of wasted time, money and stress. We are committed to keeping your data safe and for your eyes only!

As mobile devices on campus continue to grow, it is important that faculty, staff and students at the University adopt practices and procedures for mobile storage devices to ensure that confidential and private data stored on these devices is protected.

These devices and the data contained on them when left unsecured, are susceptible to theft and possibly to exploitation.

When at all possible, protected or restricted data should not be stored on mobile storage devices. If sensitive data is stored on a mobile device the following practices should be adopted:

Maintain a clean device

• Keep your security software, browsers and operating systems up to date.
• Keep your applications up to date.  Many updates add new features and better security.
• Monitor your device’s data usage and investigate anomalies.
• Know the source of your app. Be sure to only use trusted sources.
• Do not “jailbreak” or “root” your mobile device. A non-standard configuration may prevent the installation of security updates and may void your warranty.

Restrict device access

• Use a password to access the device and set the device to auto-lock during inactivity.
• Protect specific files with a password if possible.
• Do not share your device with other people.
• Use locking security cables for mobile computers and lock offices, cabinets or desks where devices are stored.
• Ensure your doors are locked and devices are out of sight when in a vehicle.
• Do not leave your device unattended in a public area.
• Institute a check-out procedure to track shared devices in a department or faculty.
• Use an encrypted USB Flash drive.

• Ensure compliance with the Device Encryption Standard.

Getting connected

• Turn off wireless, Bluetooth and infrared access when not in use.
• Wireless access should be configured to ask for a password before connecting.
• Unknown or untrusted networks should not be used to transfer sensitive data.

Safety online

• When in doubt throw it out. Always be suspect of links or attachments in email, posts and texts.
• Check for secure connections or websites starting with https:// - especially when making purchases.
• Learn the security and privacy features of your social media applications. Be comfortable with the information you share.

Be a good online citizen

• Only share information about others that you would be comfortable having them share about you.
• Never give out anyone’s personal information to a third party without permission. This includes email, social media names, numbers, photos or videos.

Lost or stolen devices

• Immediately report the loss, theft or unauthorized use of the device.
• Capable devices should be wiped remotely in the event of loss or theft. 

Read about Protecting your information while travelling.

Read about Protecting your information while using public Wi-Fi.

For additional information, visit UM’s access and privacy page.

Good password management is your best protection against personal information theft. Hackers often use programs to crack your password but by keeping it confidential and following these basic rules you can make it difficult for them.

• Make your password strong by using a longer one if possible. Use a combination of numbers, uppercase, lowercase and special characters if allowed.
• Make your passwords hard to guess. Don't use personal or accessible information as your password.
• Do not share. Never give out your password for any reason.
• Don't use the same password for applications or devices.

In their 2017 Wi-Fi Risk Report, Norton writes that 60 percent of users feel their information is safe when using hotspots, but 53 percent can’t tell if the network is secure. The convenience is often too tempting to avoid the risk!

What if the Wi-Fi hotspot is unsecure?

When a Wi-Fi hotspot is unsecured, that means data you transmit or received is unprotected. Anybody on the same network could spy on your information if they know how. If you decide to use free public Wi-Fi, be careful with the service you use and the types of sites you visit when connected.

Protect yourself when using public Wi-Fi by following these basic tips:

Choose the right network

A common attack is to create a Wi-Fi hotspot that closely resembles the secure hotspot in the area.  For example, an attacker may create an open hotspot called “Staarbucks Free Internet”. This is an effective way to trick you into logging in to the wrong network. You should always double check the connection is legitimate.

Connect to a secure network

You should always try to connect to a network with the secure padlock icon. This padlock icon indicates that a password is required to connect.

Sometimes the lack of a padlock doesn’t always mean a network is untrustworthy. Hotel Wi-Fi hotspots do not have a padlock because they often redirect you to a web page login that requires a password.  Another example is our secure uofm-guest network. It is secure, but it does not require a password so there is no padlock icon. If you have a choice, always connect to the network with the padlock.

Avoid accessing or sending personal or sensitive data

Any site that requires you to login with a userid and password should be avoided while using public Wi-Fi. When connected to a public Wi-Fi hotspot, avoid activities like accessing your bank account, shopping with a credit card or connecting to university services.

Use the UM VPN

If you must access email or other systems, ensure that you are using the UM VPN service which will create an encrypted secure connection.

Use websites with encrypted connections (HTTPS)

Any website that requires you to login should be using “HTTPS” to ensure SSL (Secure Sockets Layer) is used for your connection. You will recognize a website with an encrypted connection by the padlock icon beside the site’s URL.  More and more websites are making their pages secure, even if they don’t require a login.  If you don’t see the padlock next to the website’s URL, avoid using this service when connected to a public Wi-Fi hotspot.

• Privacy Commissioner of Canada: You Privacy Rights
• Privacy Commissioner of Canada: Online Privacy
• Privacy Commissioner of Canada: Social Networking
• US-Cert (US Computer Emergency Readiness Team): Staying Safe on Social Network Sites