Being secure at UVic

Your duties often include interacting with student records, which are considered confidential data. Student records include:

• transcripts and grades
• academic accommodations and disciplinary records
• coursework, class lists and attendance records

As an instructor or teaching assistant, you're expected to:

• Use a UVic email address for all work-related communication
• Use UVic-supported data storage options for confidential data
• Report any data or privacy breaches to your supervisor
• Work from UVic-managed devices whenever possible

Your duties often include accessing confidential data through UVic's administrative applications like Banner and FAST.

As an administrative or operational employee, you're expected to:

• Use UVic-managed devices for your work.
• Follow your department's data storage practices.
• Follow secure data storage and records disposal procedures.
• Keep your workplace secure by closing and locking doors and windows if you leave it unattended.
• Press the ​ Windows + L keys to Lock your computer when you're not using it.
• Report information security incidents and tell your manager about them.
• Take UVic's annual staff privacy training course.

Your duties often include handling all types of confidential data, particularly financial and employee records.

As a manager or supervisor, you're expected to:

• Understand UVic policies and procedures and how they affect your department's duties
• Ensure staff are following your department's data storage practices
• Work with IT support to make sure your staff have UVic-managed devices
• Follow up on any data or privacy breaches your staff report to you
• Assist the Information Security team and Privacy Office during information security or privacy breach incidents

A passphrase is more secure than a password because it's longer than a single word. For best security:

• Choose long passphrases that are easy to remember and difficult to guess
• Create a unique and strong passphrase for each account
• Never give your passphrase to anyone, for any reason, no matter what
• Follow UVic's advice on creating strong passphrases

Use multi-factor authentication (MFA) on your accounts whenever it's possible. MFA adds an extra layer of security to your account by adding an extra step into your sign in process. This type of security is also called two-factor authentication (2FA) or two-step verification.

You can add multiple devices, generate bypass codes and set up authenticator tokens through Manage MFA.

If you use your mobile device for Duo MFA, make sure you add a back-up device or set up bypass codes. That way, you’ll still be able to sign into your NetLink account if you don’t have access to your phone.

The best way to keep track of all your unique passphrases is with a password manager. There are many types of password managers, so choose the one best suited to your browsing habits. Useful features include:

• integration across multiple devices so you always have access
• reminders to change old passwords
• alerts about weak or reused passwords
• multi-factor authentication

Learn more about choosing a password manager.

Phishing is a common online scam designed to trick you into clicking malicious links or revealing sensitive personal information such as passwords, credit card numbers or your SIN.

UVic filters over 3 million spam messages a day, but there is always a risk that one will get through our filters.

To help you avoid phishing attacks:

• Ignore unsolicited emails, text messages or phone calls
• Be wary of attachments, links and forms that come from people you don't know
• If a giveaway or surprise job offer seems too good to be true, it probably is

If you receive any suspicious emails to your UVic account, you can report them through Outlook. All reports are reviewed by UVic's Information Security team. Every report helps us protect all UVic email accounts.

To report an email, click on the red shield Report icon at the top of your inbox. You can report phishing and junk mail.

You can also report suspicious text messages.

UVic will never ask for your passphrase via email or text message and neither will other legitimate websites. Fake sign-in pages are a common phishing scam.

To help you avoid fake sign-in pages:

• Sign in to websites through their home page instead of clicking on links in messages
• Don't scan QR codes from unfamiliar sources as these can easily re-direct you to fake websites

If you're not using a managed web browser on a UVic computer, your browser might be sharing more information than you'd like. You can choose the settings that fit your user experience best.

• Manage Chrome safety and security
• Manage security settings in Safari on Mac
• Manage Firefox privacy and security
• Manage Microsoft Edge security features

Browser extensions (or add-ins) can add features or helpful functions to your web browser. They can also be used for malicious code. On UVic computers, new extensions are blocked until we've reviewed them to make sure they're safe.

To help you avoid malicious extensions:

• Look for extensions from legitimate developers with good user reviews
• Check the description and permissions for anything unnecessary like data sharing or tracking information
• Only install extensions from trusted sources
• Remove any extensions that you aren't using anymore

Learn more about extensions in Google Chrome, Safari, Firefox and Microsoft Edge.

Whenever your device is connected to the Internet, your data can be vulnerable while in transit.

To safely use public Wi-Fi:

• Assume that public Wi-Fi is not private or secure
• Make sure you connect to legitimate networks, not fake ones with similar names
• Avoid accessing sensitive information like bank accounts while on public Wi-Fi
• Use secure remote connectivity and file transfer options like a VPN service

Software updates are the simplest way to keep your devices secure. Operating system and software vendors frequently release updates that patch security flaws and fix bugs.

Install updates as soon as possible after they’re released. Your computer will be vulnerable to security threats until updates are installed.

To keep your device up to date:

• Use the automatic update features in Windows, macOS, iOS and Android
• Restart your computer regularly so updates install
• Don't ignore software update prompts, especially on web browsers
• Avoid untrustworthy (often free) downloads from freeware or shareware sites.

Security software, such as firewalls and anti-malware software, protects your computer and data from unauthorized access and threats like viruses and spyware. 

You should only install security software from trusted, legitimate sources.

Learn more about security features already on your computer:

• Windows security
• macOS security

We store a lot of important data on our computers, phones and tablets. Even if you're the only person using your device, you should protect it with a passphrase.

To help keep your devices secure:

• Set a strong passphrase or PIN. You can also use biometrics like fingerprint readers or facial recognition if your device supports it.
• Use a unique passphrase or PIN for each device.
• Make sure that your device is set to lock after a period of inactivity. This will prompt for a username and passphrase to unlock it.

Resources:

• User account access in Windows
• Set up your Mac to be secure
• Turn on Lock Screen feature on iPhone
• Set screen lock on an Android device

Backing up your data means making a copy of your digital files and storing them somewhere else. This means you can still access them if your computer or device is lost, broken or stolen. There are two different types of backups:

• Syncing files to a cloud service like OneDrive. This is a good option for backing up your UVic-related data.
• Full system backups, which make a copy of your entire computer, including software and settings. This is usually done with an external hard drive and a backup program. Full system backups let you restore your entire computer if needed.

Backups are only useful if you do them regularly. Learn more about managing your data backups.

Don't leave your computer, tablet, cell phone or storage media in an unsecured area. Never leave them unattended and signed in, especially in public.

If you're working on campus, make sure to close windows and lock your door whenever you're out of the room.