Cybersecurity Hub

If you find a lost USB key/flash drive/CD Rom etc return it to Campus Security at X200. Do not plug them into your computer as they may contain viruses or malware.

• Lock the screen of all mobile devices when they are not being used.
• Password protect USB keys/flash drives and portable drives.
• Treat your mobile device as if it were cash. Do not leave it unsecured when it is unattended. Do not leave it in your car.

Legitimate calls from the Service Desk will be accompanied by an email from the ServiceNow ticketing system. In addition, at no time will the Service Desk ask you to download an application so they can trouble shoot your computer or ask you for your password. If you suspect a call is not legitimate, politely end the call and dial 403-440-6000 to contact the Service Desk directly.

Cyber attackers use social engineering to gain your trust so you will give them information they can use to compromise data security. If you are contacted by phone, email or text by an individual asking for information that they should already know, verify their identity using contact information that you know is legitimate. The same is true for anyone asking for confidential information or login credentials.

• Password should be 12 characters or greater.
• Don't share them with anyone for any reason.
• Use a password manager to store and generate unique passwords for every account.
• Enable two factor authentication when it is available.
• Do not use your Mount Royal username or password for none work websites.
• Lock your screen anytime you leave your workstation unattended

For more details on how to create secure passwords that are easy to remember, view the quick reference guide, Strong passwords made easy.

Ensure that you store data on H: drive, J: drive or using Google Drive. All of these locations are automatically backed up daily. Do not store data on your desktop or local drive on your computer. If you get a virus you could lose all your data.

Do not click on any links or open any attachments in emails that you are not expecting regardless of who they are coming from. If you need to access information from a link or attachment:

• Phone the sender directly using a number you know is legitimate to verify the legitimacy of the the email
  
• Navigate to the website directly using an URL that you know is legitimate.

Software updates patch security vulnerabiliies. When at home, enable automatic updates on your computer and all your devices. When on campus, restart your workstation to install your updates when you are prompted. Delaying updating your computer or devices leaves them vulnerable to cyberattacks.

Sensitive data is private information about companies, organizations, projects or people. It includes personal and financial data as well as intellectual property and proprietary business information.  It is found everywhere from printed documents, physical files, portable storage media (CDs/DVDs/USB), laptops/computers, mobile devices, printers, online accounts and cloud services (ie Google drive), It is important that this information is properly shared, stored and protected throughout its lifecycle as well as properly destroyed so it is unreadable when it is no longer needed.

• Limit access to sensitive information to those who have a business need.
• Reguflarly audit your data, destroying it when it is no longer needed.
• Keep sensitive data inside applications like FAST and Banner.
• Limit the number of copies made of sensitive data to reduce the exposure risk.
• When sending emails, double check the recipient email address and use the BCC field to keep recipients' personal email addresses private.
• Encrypt all portable devices that store data
• Sanitize old devices before disposing of them. Contact the IT Service Desk to find out how. 

For more details on securing sensitive data, visit the Data Privacy Best Practices web page.