• Lock the screen of all mobile devices when they are not being used.
• Password protect USB keys/flash drives and portable drives.
• Treat your mobile device as if it were cash. Do not leave it unsecured when it is unattended. Do not leave it in your car.

If you find a lost USB key/flash drive/CD Rom etc return it to Campus Security at X200. Do not plug them into your computer as they may contain viruses or malware.

Legitimate calls from the Service Desk will be accompanied by an email from the Footprints ticketing system. In addition, at no time will the Service Desk ask you to download an application so they can trouble shoot your computer or ask you for your password. If you suspect a call is not legitimate, politely end the call and dial 403-440-6000 to contact the Service Desk directly.

Cyber attackers use social engineering to gain your trust so you will give them information they can use to compromise data security. If you are contacted by phone, email or text by an individual asking for information that they should already know, verify their identity using contact information that you know is legitimate. The same is true for anyone asking for confidential information or login credentials.

• Password should be long, strong and unique.
• Don't share them with anyone for any reason.
• Memorize them or store them securely in KeePass or a locked cabinet or drawer.
• Enable two factor authentication when it is available.
• Do not use your Mount Royal username or password for sites outside the University.

Ensure that you store data on H: drive, J: drive or using Google Drive. All of these locations are automatically backed up daily. Do not store data on your desktop or local drive on your computer. If you get a virus you could lose all your data.

Do not click on any links or open any attachments in emails that you are not expecting regardless of who they are coming from. If you need to access information from a link or attachment:

• Phone the sender directly using a number you know is legitimate to confirm the legitimacy of the email
  
• Navigate to the website directly using an URL that you know is legitimate.