Click on any question below to view the answer, or email your own questions to cybersecurity@ufv.ca.
Click on any question below to view the answer, or email your own questions to cybersecurity@ufv.ca.
What is information security?
Information security is the practice of protecting information and systems from unauthorized disclosure, modification, and destruction. It encompasses the security of all IT resources, including both University information and the IT devices that access, process, store, or transmit it.
University data is any data for which UFV is accountable. Included is any data relevant to the administration (student and employee records, finanacial data) and day-to-day function (teaching, research, and service) of the University.
Systems/IT Devices are any electronic device (desktop or laptop computer, phone, tablet, etc.) used to access, process, store, or transmit University information, and that uses the University's IT infrastructure, including the University network.
What is sensitive data? Why does it matter, and how can I protect it?
Proper data management is a responsibility of every University employee; you are responsible for any University information to which you have access. Properly managing the data in your care will help protect you, the University, and the community from data-related theft and harm. Improper data management can lead identity theft, reputational harm, lawsuits, and extremely expensive damages. The goal of data management is to appropriately manage these risks without impairing University operations.
Sensitive data is any data that could compromise integrity or confidentiality. For example, academic or financial records, address and contact information, or files relating to medical concerns. It must be protected from unauthorized access to safeguard the privacy and security of our students, staff, faculty, alumni, and UFV as an organization. In many cases, sensitive data is hidden in larger data sets or files.
It's easy to get in the habit of incorporating safe data management into your workplace routine. Knowing what kinds of data you use, as well as how and where you use them, is the first step. Once you determine what data you have and where it's stored, you can protect it by archiving, encrypting, or erasing it as appropriate.
For sensitive University information:
You can apply the same principles to your personal information. If you don't need to store records like old tax returns, bank statements, or other records on your computer or other device, you can store them on an encrypted flash drive or external hard drive and then securely delete them from your device. You should also encrypt any files that you choose to keep on your device (and encrypt the device itself with whole disk encryption).
How can I protect my UFV student or employee email account?
Choosing a strong and secure password is the first step in securing your accounts. Secure passwords have the following characteristics:
View our tips for creating strong passwords here. Consider using a password manager to keep your passwords safe.
Never click links or download attachments from emails that look suspicious. To learn more about how to identify suspicious emails, click here.
What is UFV doing about SPAM?
UFV's cybersecurity team is constantly monitoring our email system to detect spam before it reaches you. We stay up to date on the latest email security threats to ensure our systems are current. However, cybercriminals are getting smarter in the ways they avoid detection so we need your help if something gets through.
How does SPAM and phishing impact me/UFV?
SPAM, phishing, and other scam messages come with real risk and impact.
How can I recognize a phishing attempt?
How can I recognize a fake website?
Check out these telltale signs a website may be fake:
1. Check the address bar
The start of a URL may start with http:// or https:// - note the 's' which stands for secure. If a website uses http:// (no s), that doesn’t guarantee that it is a scam, but it’s something to watch for. To be on the safe side, you should never enter personal information into a site beginning with http://.
2. Check the domain name
A favorite trick of scammers is to create websites with addresses that mimic those of large brands or companies, like gooogle.com or amaz0n.net. Scammers count on you skimming over the address and domain name, so it’s always worth double-checking the address bar if you’re redirected to a website from another page.
3. Check the domain age
Scammers know that more people shop online around the Holidays, so they will make real-looking websites around those times. You can check a website's age at the Whois domain tracker to see how long a site has been in business.
4. Poor grammar and spelling
An excess of spelling, punctuation, capitalization, and grammar mistakes could indicate that a website went up quickly. On legitimate websites, the ocassional typo may be an accident, but these companies still put effort into presenting a professional website. If a website capitalizes every other word or has a lot of odd phrasing and punctuation, take a closer look.
5. Verify
There are lots of free, easy to use tools available for checking the legitimacy of a website.
If you aren't sure about a website, it is best not to give them any personal or payment information. Be especially careful if you were directed to the website from a link in an email or message.
I received a weird email/message/phone call, what do I do?
We are here to help if you receive something that you are not sure about.
Report suspicious email and other communications to phishreport@ufv.ca. If it was an email, please forward the original email you received with your report so that we can investigate the source.
For all other general inquiries, please contact cybersecurity@ufv.ca
I think I have a virus/malware on my device. What do I do?
If you are a student who is registered for the current running semester, our Student Device Support program offers virus and malware removal. For more information on the program (where to go, what you need), click here.
If you are not currently registered, you can take advantage of this program when you are. You can also refer to our tips and guidance on protecting your devices.
For UFV provided devices such as UFV phones, workstations, and laptops, contact the IT Service Desk for assistance with virus and malware detection and removal. You can log in to create your ticket, email at itservicedesk@ufv.ca or phone at 604-864-4610 (toll-free: 1-888-504-7441, ext. 4610). Be ready to provide your workstation ID.
For personal device support, please refer to our tips and guidance on protecting your devices.
How can I securely access UFV files and data?
UFV files and data are best accessed when on campus through your network drives rather than downloaded onto your device, as this significantly reduces the risk of data loss or theft. USB sticks are also small and easily lost, so it is not recommended to store sensitive data on them.
It is important to be aware of your surroundings and never leave your device unattended.
How can I make sure my device is secure?
Don’t trust wi-fi: public networks, like in coffee shops and airports, are easily and commonly attacked. Attackers can use these networks to distribute malware, snoop what you are doing (including your login details if you enter them), and even make fake “Free Wi-fi” public networks that entice you to connect.
Encrypt: If your device is encrypted and it is lost or stolen, all the data on the device will be scrambled and unreadable to the thief. Only your password or recovery key can unscramble the data, so in most cases, encryption means that sensitive data remains secure even when it is lost or stolen. To learn more about encryption, please visit (hyperlink to encryption page)
Never leave your device: Don’t give thieves a chance to grab your computer, laptop, phone, or other materials.
Lock your devices: If you must leave your device or you are not working on it, always ensure the screen is locked. Tip! - If you are using a windows computer, such as the ones on campus, press the Win key + L to instantly lock your screen.
What is Bitlocker?
Bitlocker is a feature included in some versions of Windows that provides drive encryption. When a drive is encrypted, the data on it becomes scrambled and indecipherable to anyone without the right password or smartcard.
A more complex Recovery Key will be needed if Bitlocker detects the drive has been moved or changed. This protects your data even if the drive is removed or stolen.
Where is my Recovery Key? / I’m locked out!
For UFV provided devices, IT Services manages all recovery keys. If you require assistance with your recovery key, please contact the IT Service Desk.
For personal devices, see Microsoft’s guide on recovering the Recovery Key.
What is Bitlocker To Go?
USB drives, also known as flash drives, are very convenient when it comes to transporting data. Their tiny size allows you to carry them unnoticed in a pocket or on a key ring, while their storage capacity allows you to store almost anything. Unfortunately, the small size that makes them so useful also makes them easy to lose, which can put any sensitive information you have stored on them at risk.
To protect your data on USB drives, you can use BitLocker To Go, a feature of Windows that encrypts your data to prevent unauthorized viewing. Without your password, smart card or recovery key, your data will be indecipherable to anyone who finds your flash drive.
To find out how to use Bitlocker To Go, download our Bitlocker To Go Guide or contact the IT Service Desk.
What is SmartScreen?
Windows SmartScreen helps you identify potential malicious websites, and helps you to make informed decisions about downloads. It helps to protect you in three ways:
What does SmartScreen look like?
In the case of a blocked site, SmartScreen appears as a red page in Microsoft Edge.
In the case of a blocked download, the progress bar will become red and warn you about the unsafe download.
What can I do if SmartScreen warns me about a site I visit, but I believe that site is safe?
From the warning page, you can choose to report the site as safe. To do so, select More Information, and then Report that this site does not contain threats. From there, follow the instructions.
For most sites, you will also be able to disregard the warning by clicking Disregard and continue (not recommended).
Please note: clicking this option may expose your computer and personal data to malware and other threats. If you are unsure if you should continue, please contact the IT Service Desk or Cybersecurity.
If you visit a site that you think may be unsafe but has not been caught by SmartScreen, you can report it by clicking the Tools button, then Safety,
"SmartScreen can't be reached right now"
Ocassionally when downloading a file, you may get a SmartScreen warning message that reads:
SmartScreen can't be reached right now
In this case, open the folder with the file you downloaded (usually "Downloads"). Right-click this file > choose Properties. In the properties window, at the bottom of the General tab, check the box that says 'Unblock', then 'OK'.
You can now run the downloaded file.
Is SmartScreen a pop-up blocker?
No. SmartScreen checks the sites you visit and the files you download for known security threats. Pop-up blockers only block pop-ups, which are usually non-malicious advertisements.