IT Services is proud to announce the imminent arrival of their new remote file access tool, Webfiles. Previously when you clicked on the Remote File Access link in MyMRU, you were directed to SRAS. This allowed you to upload and download files on the Mount Royal network remotely. This tool was used by students, staff and faculty and was linked to our old VPN Pulse Secure.
As of September 7, 2020 Pulse Secure will no longer be supported and SRAS will no longer function. In preparation of this, we have been moving those using Pulse Secure over to our new VPN Global Protect.
Webfiles will replace the SRAS upload and download functionality. Just like SRAS, it is available to students, staff and faculty. If you use the Remote File Access link in MyMRU to access SRAS, sometime before August 24, 2020 the link will be updated to give you access to Webfiles. If you use secure.mtroyal.ca, to access SRAS, please move over to Webfiles before September 7, 2020 to ensure continued access to remote files.
Change is always challenging however Webfiles is much easier to use than SRAS , making this change a welcome one. For details on how to use Webfiles, refer to the user guide Accessing files and folders remotely using Webfiles. For the latest information on remote file access, visit the Working Off-Campus webpage.
It’s that time of the year again. Last year’s cybersecurity awareness training is being archived and the new training program is being launched. This year we not only have a new program, but we have a brand new tool to deliver it, The Security Education Platform by Proofpoint.
Thanks to this new tool, we are able to mandate cybersecurity awareness training for all employees! While everyone has access to the online training tool, depending on your role you may be able to take a workshop to meet your training requirement. On Monday, August 17 the new training goes live!
If you have any questions about the new training platform, contact me at email@example.com or call me at 403-440-6329.
Employees who are set up to use ‘remote desktop’ will need to save their work and power down their campus PCs from home 8 p.m. on Sat., July 18 for an annual maintenance shutdown. PCs will automatically be turned on the following morning at 8 a.m. Employees who are working on campus will need to power down their PCs and empty fridges of any perishables before leaving work on Friday, July 17.
Currently, people across the University use the Pulse Secure VPN also referred to as SRAS to create a secure encrypted connection between their home machine and their MRU workstation. Unfortunately, budget constraints are requiring us to move to a more cost effective service. The new service is called GlobalProtect. The good news is, it is more powerful and easier to use.
The move from Pulse Secure/SRAS to GlobalProtect is happening in phases. Although everyone on campus who has access to Pulse Secure will also have access to the new service, you aren’t required to move over until you have received a notification with instructions on how to install, configure and use the new service.
The Working Off Campus webpage has everything that you need to know about the move and how to use the new service including user manuals and a list of FAQs. As always, you can contact the Service Desk for support.
We know that working from home is frustrating enough without having to deal with a new service, unfortunately it couldn’t be helped. We apologize for any inconvenience.
IT Services is proud to announce the launch of a new reporting process for phishing emails. If you are an employee, you will be able to use our new PhishAlarm button. If you are not, you can forward emails to firstname.lastname@example.org, our new email address for everything cybersecurity related.
Reporting a malicious email as an employee
If you have taken a look at your Gmail side panel, you may have noticed this .
If you don’t see your side panel, click the arrow in the bottom right hand of your screen.
Previously if you found an email that you thought was dangerous to your colleagues or you weren’t sure if it was legitimate, you had to click the Forward button and then type in email@example.com in the To field. Now we have a handy button.
To report a malicious email using the PhishAlarm button
- Open the email
- Click the PhishAlarm button in the side panel.
- Click Report Phish. A confirmation pane appears.
- Click the X to close the confirmation pane.
Not only is the PhishAlarm button super easy to use, it sends the cybersecurity team more information about the email making it easier to investigate. It’s a win for everyone!
While we won’t be ignoring emails sent to firstname.lastname@example.org, we are encouraging employees with phishing email concerns to use the PhishAlarm button. If you click the button and see a popup displaying something that looks like this:
You are not registered as an authorized user. If you are an employee, completing a registration form will rectify the problem. If you are not, you are unable to use the PhishAlarm button and will have to forward suspicious emails the old fashioned way.
Reporting a malicious email if you are not an employee
Unfortunately, we are unable to offer the functionality of the PhishAlarm button to those who aren’t employees. You will still see the PhishAlarm button, but if you try to use it you will get an unauthorized user notification.
The good news is, we have created a new email for reporting cybersecurity incidents, email@example.com. This new email will make it easier for the cybersecurity team to identify which reported emails are a priority and to respond quickly. While we won’t be ignoring emails sent to firstname.lastname@example.org, we are encouraging people to use email@example.com going forward.
With everyone working from home, our popular sticker program no longer worked. However, we have come up with a terrific replacement…digital stickers!
Just like before you can earn the stickers by reporting phishing emails. However you can also download them from the MRU Cybersecurity Hub. Instead of putting them on your electronic devices, we are asking people to add them to the end of their email signatures. Everytime you send out an email, the recipient will get a nice reminder of how to stay cybersafe.
As before, you can still earn contest entry codes for the Cybersecurity Challenge. However instead of sending me a picture of your sticker, just send me an email requesting a code with the sticker in the signature.
Every quarter there will be a new sticker and a new code! Happy collecting!!
If you haven’t completed your cybersecurity or PCI awareness training for 2020 yet, you might want to do that before the end of the month. We have a new training tool that we will be introducing July 1. As a result we will be losing access to our current training videos and interactive pre-tests on April 30.
To tide us over until the new tool is rolled out, on April 29 I will be uploading new videos with quizzes. However, you will not have the ability to test out of the video and it will take longer to complete the training. I apologize for the inconvenience, however you can look forward to more targeted training once the new tool is rolled out.
The good news is, you still have a few days to complete the current version of the training. If you have any questions , please feel free to contact me at firstname.lastname@example.org.
04/27/20 update: There has been some confusion around the security awareness training completion date. The deadline has not changed, you still have until June 30 to complete your mandatory training. The only difference is if you complete it before April 30, it will be easier.
Every once in a while I get affirmation that all that I do to try and keep all of you safe is working. This was one of those weeks. I would like to take a moment to toot the horn of Credit Registration.
They receive hundreds of emails from students and prospective students every week. The majority of the time they have no idea who they are talking to. To reduce the chances they will be cyberattack victims, they have put procedures into place that somewhat verify the sender’s identity. It isn’t fool proof, but it is a good balance between practicality and security. What is truly wonderful is their staff follow their procedures.
This week those procedures were tested and they passed. Congratulations Credit Registration!
The MRU community is made up of a diverse group of people. Some of you just like to forward suspicious emails to email@example.com without really doing much investigation on your own. Others like to make a game out of looking for phishing red flags. While still others follow email processing guidelines, just like I have asked. Thanks to all of you, my job is never dull.
That said, we thought it would be a good idea to give all of you one more tool to help with the challenging job of identifying phishing emails. IT Services is proud to announce the launch of the MRU Phish Bowl. The Phish Bowl contains a collection of all the phishing emails that we have received over the past few years. When you receive an email in your inbox and you aren’t quite sure if it is malicious, you can now search the Phish Bowl for it. If the exact email or a very similar one is posted then you know it is malicious and you can simply delete it.
Each post in the Phish Bowl shows you what the email looks like, points out the red flags and lets you know how to deal with similar emails in the future. Not only is it informative but it is also educational.
If an email doesn’t appear in the Phish Bowl, it doesn’t mean that the email is legitimate. You will still have to use the other strategies that you have been implementing to determine if it is malicious. The Phish Bowl is only an additional tool, not a replacement for your current vigilance.
The Phish Bowl is also helpful for those of you who are not sure if they should forward an email to firstname.lastname@example.org or not. If you do a search and find the email already listed, you know there is no need to report it. If it isn’t, then you know you may have a new nasty that needs to be reported.
We will be updating the Phish Bowl as new reports come in. You can access it here, or from the MRU Cybersecurity Hub at mru.ca/cybersecurity. Look for the Phish Bowl link in the section titled Stay Informed.
Last week we launched the Cybersecurity Survey. Unfortunately the survey contained an error that kept students from completing it. The survey is now fixed.
If you had tried to complete the survey but were unable to, please give it another try. Your entry into the $50 gift certificate to the Table is waiting.
Thank you for your patience. We apologize for the inconvenience.