Information Technology Services

IT Security FAQ

Click on any question below to view the answer, or email your own questions to cybersecurity@ufv.ca

Information security is the practice of protecting information and systems from unauthorized disclosure, modification, and destruction. It encompasses the security of all IT resources, including both University information and the IT devices that access, process, store, or transmit it.

University data is any data for which UFV is accountable. Included is any data relevant to the administration (student and employee records, finanacial data) and day-to-day function (teaching, research, and service) of the University.

Systems/IT Devices are any electronic device (desktop or laptop computer, phone, tablet, etc.) used to access, process, store, or transmit University information, and that uses the University's IT infrastructure, including the University network. 

 


Proper data management is a responsibility of every University employee; you are responsible for any University information to which you have access. Properly managing the data in your care will help protect you, the University, and the community from data-related theft and harm. Improper data management can lead identity theft, reputational harm, lawsuits, and extremely expensive damages. The goal of data management is to appropriately manage these risks without impairing University operations.

How do I know whether I have sensitive data?

Sensitive data is any data that could compromise integrity or confidentiality. For example, academic or financial records, address and contact information, or files relating to medical concerns. It must be protected from unauthorized access to safeguard the privacy and security of our students, staff, faculty, alumni, and UFV as an organization. In many cases, sensitive data is hidden in larger data sets or files. 

Manage data safely

It's easy to get in the habit of incorporating safe data management into your workplace routine. Knowing what kinds of data you use, as well as how and where you use them, is the first step. Once you determine what data you have and where it's stored, you can protect it by archiving, encrypting, or erasing it as appropriate.

For sensitive University information:

  • If you still need the information, but don't need to store it only on your device (and want to access it anywhere), store it on your home drive or department network drive.
  • If you need the information and it must be stored locally on your device, encrypt it.
  • If you no longer need the information, erase it from your device.

You can apply the same principles to your personal information. If you don't need to store records like old tax returns, bank statements, or other records on your computer or other device, you can store them on an encrypted flash drive or external hard drive and then securely delete them from your device. You should also encrypt any files that you choose to keep on your device (and encrypt the device itself with whole disk encryption).


SPAM, phishing, and other scam messages come with real risk and impact. 

Risks:

  1. Leakage of sensitive information - Phishers will disguise themselves as known individuals of victims (e.g. senior management) or trustworthy institutions (e.g. banks) to lure victims to give out their sensitive information such as account names, passwords and identity information. Phishers may further use this sensitive information for malicious purpose (e.g., identity theft) or sell them to third parties.
  2. Malware infections - Links or attachments in phishing emails or phishing websites may contain malware (e.g. key-logger, ransomware and cryptocurrency mining malware). If users click these links or open these attachments, their devices may get infected, which may lead to data leakage, data loss or other financial loss.

Impacts:

  1. Financial loss - With sensitive information obtained from victims, phishers can carry out transactions (such as transferring your money to their accounts). Business operations can be disrupted due to the time needed to respond to incidents or fix an infected device. 
  2. Reputational loss - Phishers can further make use of information obtained from victims to send blackmail, intimidate victims’ contacts or even perform illegal activities (e.g. stealing confidential data), causing legal and liability problems. As for an organisation being attacked, it may suffer reputation damage to its brand, and its clients may move their business elsewhere due to losing trust in the organisation in safeguarding their data.
  3. Intellectual property theft - Intellectual property, including the products of faculty, staff, and student research and scholarship, is crucial to our community. With the information obtained from victims, phishing attacks can lead to theft of intellectual property which can represent millions in research and development costs.


Choosing a strong and secure password is the first step in securing your accounts. Secure passwords have the following characteristics:

  • Can't be easily guessed
  • Is not common
  • Does not contain your name, address, username, email, or other personal details about yourself/your family
  • Is only known by you

View our tips for creating strong passwords here. Consider using a password manager to keep your passwords safe.

Never click links or download attachments from emails that look suspicious. To learn more about how to identify suspicious emails, click here

For more information on protecting yourself and your devices, click here


We are here to help if you receive something that you are not sure about. 

Report suspicious email and other communications to phishreport@ufv.ca. If it was an email, please forward the original email you received with your report so that we can investigate the source.

For all other general inquiries, please contact cybersecurity@ufv.ca


Students:

If you are a student who is registered for the current running semester, our Student Device Support program offers virus and malware removal. For more information on the program (where to go, what you need), click here

If you are not currently registered, you can take advantage of this program when you are. You can also refer to our tips and guidance on protecting your devices

Faculty & Staff:

For UFV provided devices such as UFV phones, workstations, and laptops, contact the IT Service Desk for assistance with virus and malware detection and removal. You can log in to create your ticket, email at itservicedesk@ufv.ca or phone at 604-864-4610 (toll-free: 1-888-504-7441, ext. 4610). Be ready to provide your workstation ID. 

For personal device support, please refer to our tips and guidance on protecting your devices.


We have a glossary of common IT Security terms here. There is also a guide on the different kinds of viruses and malware here

If you would like clarification or additional information about any of these topics or terms, please don't hesitate to ask us. Email us at cybersecurity@ufv.ca.


Contact Us