2017

You begin your day like any other, logging into your computer and then logging into your Gmail to check the day’s messages. But this morning is different. For some reason your password isn’t working. You are certain that you are entering the correct password. You have checked to see if Caps Lock is on and still you can’t get in. What do you do?

Your first step is to call the Service Desk. There is a very big possibility that your Gmail account has been compromised. Especially if you use your Gmail username and password combination to login to other accounts.

Once the Service Desk has reset your password and you can get into your account, you need to check your settings. As mentioned in a previous post, once cyber criminals break into your account they like to change its settings so they can regain control of it once you get wise. By checking your account settings, you can make sure your signature hasn’t been changed, that your name appears in the Sent field, that your mail isn’t being forwarded to the criminal and they haven’t given themselves additional access to your account.

Want to decrease the chance that your account will be compromised in the future? Enable two step verification on your account and don’t use your Gmail password for other accounts.

Adult Websites Delivering Malware via Pop-ups – 03/21/17

A new malvertising (malware masquerading as advertising) campaign is targeting popular adult websites in Canada and the UK. Unsuspecting visitors to these trusted sites are clicking on the webpages to view content. Unfortunately instead of being rewarded with juicy pics, they receive a pop-up advertisement loaded with malware. Normally the user’s anti-virus will detect the malware and block it from doing any damage. However, some of these nasty things are brand new and unknown to many types of anti-virus software so they are not detected and infect the user’s computer.

Adult websites receive millions of visitors every month and therefore are favorite targets of hackers. However, any site can be hijacked by a cyber criminal and used to deliver malvertising. How do you protect yourself from being a victim?

Keep your anti-virus software up to date.
Set your browser to block pop-ups.

Unfortunately, your browser cannot determine which pop-ups are malicious and which ones are delivering legitimate content. How do you know if you are missing out on content because a pop-up is being blocked? Your browser lets you know.

After you have set your browser to block pop-ups, when you visit a website that contains them your browser notifies you. At that point you can choose to allow pop-ups for that specific site or continue to block them. Do not allow pop-ups unless you are sure the content being delivered is not malicious. Happy surfing!!

Protecting Yourself from Scams During Tax Season – 03/14/17

Every tax season the cyber criminals try to take advantage of tax payers eager to get their refunds. What do you need to know to protect yourself?

The CRA will never communicate with you via email unless you have signed up for online mail.
The CRA will never ask for personal or financial information via email.
The only time the CRA will send you an email with a link in it, is when you are on the phone with them and are requesting information be sent via email.

If you unexpectedly receive an email from the CRA containing links, delete the email. If you receive an email from the CRA asking for personal or financial information, delete the email. If you are uncertain as to the legitimacy of an email received from the CRA, call them directly using a phone number you have found on the CRA website. For more information on how to protect yourself from scams, identify theft and fraud, check out the CRA website.

What you Should Know Before you Buy an Appliance/Toy that Connects to the Internet. – 03/03/17

Technology is an amazing thing. Everyday we hear about new and exciting technological advances. We can now control our home with our voice, see who is ringing our doorbell at home while we work, track the movements of our teenagers and have our toys interact with us.

Unfortunately manufacturers have been so busy keeping us entertained and making our lives easier that they have forgotten to keep us safe as well. The majority of these devices do not allow for firmware updates, changing the access passwords or usernames. Security is usually last on the list, leaving many devices with huge holes that cyber criminals can use to gain control of these them.

You may be thinking what is the worst that can happen if they get control of my coffee maker? Well if they gain access to your coffee maker, they can turn your coffee maker into a bot, instructing it to visit a particular website or server. On its own, this is harmless. However if hackers turn millions of devices into bots, it overwhelms the website and crashes the server. This is called a Denial of Service attack. It prevents customers from accessing a site and making purchases, costing businesses millions in revenue.

Even more concerning are those devices containing cameras or microphones. They can record images of us or our voices and send them to some distant server where security often takes a back seat and our private lives may be monitored. Companies can collect this information and then use it to sell us products. In addition, their often poor security practices can allow hackers to intercept the information or steal it from servers.

So how do you protect yourself and your privacy while still enjoying the wonders of technology? Here are a few things to consider when purchasing internet connected devices for your home.

Do not purchase products that do not allow you to change the default password.
Do not purchase products that do not allow the firmware (the software that runs the device) to be upgraded.
If the device has a camera or microphone, determine what is being recorded, why is it being recorded and where those recordings are being stored.

Once you have made the purchase and brought your new toy into your home there are some things you can do to protect your data and privacy.

Change the default password.
Keep the firmware updated.
Don’t enable the features that require an Internet connection unless it is really necessary.
Disconnect it from the Internet when you are not using it.
Cover up recording devices that are not being used.

Don’t give up your privacy or put your security at risk, just because something is super cool. Not sure if that feature is worth the risk? Ask yourself…is having my coffee pot automatically order beans for me worth loosing access to my bank accounts?

Can’t remember all those passwords? Use a password manager. – 02/22/17

You are supposed to have a unique password for every account. However, considering you have to login to do everything from checking your to do list to booking an appointment with your doctor, keeping track of all those passwords is getting close to impossible. That is why we recommend you use a password manager.

A password manager stores all your passwords, allows to you login using quick keys and will even generate secure passwords for you. All you have to remember is the master password to login to the password manager.

There are many types of password managers on the market. Some are free like KeePass and LastPass, others require a fee. How do you choose which one to use? To help you out, PCmag has a review of some of the more popular ones.

To help you learn how to use the password manager KeePass, we have created a lovely handout that includes the basics . To make learning even easier, we also regularly offer a terrific, fun little workshop. Visit the Cybersecurity Hub is find dates and register.

Updated 03/01/22

This Valentine’s Day watch out for Scammers – 02/13/17

What you need to know about crossing the border – 02/10/17

After a Canadian woman was required to surrender her cell phone to US border guards last week and then denied entry, people are wondering what they can do to protect their privacy. Unfortunately, not a whole lot. When crossing the border, you are entering a foreign country and their laws take precedence. They can scan your phone, laptop, tablet or any other device for content as they wish. Any information they find can be used against you. Any sensitive data that is stored can be exposed.

The best way to protect your privacy and that of Mount Royal is to not bring a device with you. Leave your smartphone, tablet or laptop at home. This is especially true if you are traveling to countries with less than honest border guards who are known hold on to your device until you pay a fine. If you are traveling for business and require portable devices:

Ensure that portable devices are wiped clean of anything you want to remain private. This includes removing social media apps and deleting browser, email and text message history.
Store data you need access to on Google drive or leave it on your workstation and then use SRAS to access it from your hotel.
Make sure you remove your Mount Royal email account from your phone and devices and log out of Google.

Basically you want to turn your smartphone into a phone. It takes calls and that’s it. Theoretically they could ask you to login to your email anyway, however the odds are they are not going to bother.

If you need specific legal advice concerning crossing the border as a Mount Royal University employee, contact Legal Services.

One last piece of advice, be nice to the border guards. Declaring that you have rights as a Canadian citizen will only aggravate them. You are attempting to enter their country, our privacy laws do not apply.

Increase the security of your Google account with two step verification – 02/08/17

It seems like every day, we hear about a new security breach. Yahoo, Adobe, Ashley Madison; all breached leaving their account holders feeling violated and wondering if their data or identify are safe. To make matters worse these breaches are often not identified until months or years after the attack, giving criminals plenty of time to capitalize on the stolen information. Even if you have a strong password, it cannot protect you if your account provider has its user’s login credentials stolen.

As mentioned in a previous post, many account providers are now offering two step verification. How does it work? You set up the service by giving them your cell phone number. The next time you login you are asked for your password and then an verification code that is texted to your phone. Worried about losing your phone? You can print off backup codes or give them an alternative cell phone number.

Once two step verification is enabled, if a cyber criminal tries to login to your account you will receive a text with an verification code. Not only does it keep the criminal from logging in to your account, it also alerts you that your login credentials have been compromised and that you need to change your password.

ITS highly recommends that you enable two step verification on all your accounts that offer it, especially on your Google account. If you are a user who has access to sensitive data or admin access, our recommendation is even stronger. To make it as easy as possible to enable it, we have created a lovely step by step document that gives clear instructions. We also encourage you to call the Service Desk if you wish to enable it but are uncomfortable doing it on your own.

Common Data Privacy Pitfalls – 02/07/17

What are the most common ways people compromise their privacy online?

Exposing too much personal information online

Cyber criminals mine the internet for your personal information. They use it to determine your security question answers on your accounts, to impersonate you when calling agencies you have accounts with and to create phishing emails that contain content related to your life. To thwart cyber criminals:

Set your social media privacy settings to the highest level
Don’t accept contact requests from people you do not know
Limit what information you enter into websites as much as possible
Don’t use information that can easily be found on the Internet for security questions or in your passwords

Not sure how much of your personal information can be found online? Google yourself or better yet have a friend google you. You might be horrified to see what they find.

Sending a regrettable email

We have all been there, we have clicked send and went…”Oh no!!”. Worse yet, we have clicked send and found out days later we have just started Armageddon. How do you avoid sending the regrettable email?

Want a check list to print out and post by your computer? Check out, Avoid the regrettable email.

Cybersecurity Blog