COVID-19 and McMaster Cyber Security: We all have a role to play
Paul Muir, IT Security Manager and Information Security Officer, McMaster University
We all have a role to play in keeping information secure at McMaster.
The responsibilities of this role grow as students, faculty, and staff move off campus and begin accessing resources from home. It will become increasingly important for all members of the McMaster community to be extra vigilant in protecting their credentials. In a way, we are all members of the McMaster IT Security team— let’s do an amazing job together!
We are anticipating intensified phishing attacks and other attempts to steal credentials. Many of the malicious emails will be related to COVID-19 and many more will use commonly used services such as Office365, WebEx or Zoom to lure people into giving up their passwords. Your responsibilities as a member of the extended IT Security team are to Identify, Report, and Delete.
- Hover before you click: hover your mouse over links before clicking them to ensure they lead to a trusted location. Also, hover over the sender address to confirm the sender.
- Confirm before acting: if you’re unsure about an email request, an attachment or a link that you have received, don’t take action until you have confirmed with the sender that they are legitimate. The best way to confirm is by phone!
- Don’t follow links if you don’t have to. If you receive a request to login to Mosaic, navigate to Mosaic manually and login to avoid clicking the link in the email. The same approach can be applied to requests to login to any online service.
- Report known or suspected malicious emails to email@example.com. This is how you will contribute to protecting others.
- Delete it from your inbox and your deleted mail.
Creating a Secure Work-from-home environment
Your other responsibility as a member of the extended IT Security team is to ensure that you have a secure computing environment at home:
- Strong password: Login to https://maciam.mcmaster.ca and update your MacID password with one that is strong and unique. Update your password recovery questions while you are there.
- Secure computer: Make sure that the computer you are using is protected with antivirus and a personal firewall and that the software on your computer is up to date.
- Secure home network: Make sure that your network home wireless network is not using default passwords and restricts access only to the devices you allow.
- Secure collaborations: use the tools provided by the university to collaborate on shared information and to communicate with your colleagues