Cybersecurity Blog

Cybersecurity Awareness Month is coming and so are the prizes! 09/25/2023

 

 

Oct. 1 marks the beginning of Cybersecurity Awareness Month. To celebrate we have  fun activities to participate in and prizes to give away.

The Virtual Treasure Hunt returns this year. Solve puzzles, collect clues and find Blue Beard’s treasure. Everyone who finds the treasure is entered into a draw for an Anker PowerWare 10 Dual Pad wireless charger donated by Proofpoint. To make things even more fun, each clue you find gives you an entry into a draw for a spin of the prize wheel. The prize wheel is loaded with fun prizes such as travel mugs, reuable memo pads, insulated mugs, golf shirts and more. The first treasure hunt clue is dropped on Oct. 3. However you can register anytime before Oct. 31 and still participate.  Registration is open now. Students, staff and faculty can all register. Sign up and get in on the fun.

Also returning is the Random Acts of Cybersecurity program. Starting Oct. 1 you can nominate a colleague for being cybersafe. Each nomination will earn the nominee AND the nominator one entry into a draw to spin the prize wheel. Two winners will be selected, one nominee and one nominator. Share with your colleagues the cybersafe things you are doing and get nominated or ask your colleagues how they are being cybersafe and start nominating. The program will run until the end of March 2023. Unfortunately only staff and faculty can participate. A big thank you to our sponsors, Proofpoint, Paolo Alto and CDW.

 

Support scam freaks out a student and library staff – 09/11/2023

One poor student got more than they bargained for when they did some web surfing on a library computer.  An innocent click  on a search result produced this alarming notification.

 

The freaked out student asked library staff for help and IT Services was contacted. Once the technician arrived, he realized the computer was a victim of a Chrome browser takeover.  In a Chrome browser takeover, it looks like the computer itself has been compromised as the normal Window controls are missing and the only way to get rid of the alerts appears to be by calling the toll free number.

 

 

In reality, the computer is just fine and it is only the Chrome browser that has been hijacked. Since Microsoft does not monitor computers for malicious software, nor do they block access to your computer, the technician knew what type of attack he was dealing with.  To regain access to the computer, he did the following:

  1. Pressed CTRL + ALT + DELETE to view the Task Manager
  2. Clicked on Google Chrome in the Apps list
  3. Clicked the End task button

This closed down Chrome and returned the computer to normal. Both the student and the library staff were releived that no harm had been done. So was the technician who congratulated them both on contacting the IT Service Desk rather than trying to resolve the issue on their own.

Unfortuately there is no way this attack could have been prevented. The website that iniated the attack was a legitimate site that had been compromised. There was no way to know that before the link was clicked as that site had been visited many times before without issue.

Remember, if you see an alert appear on your computer insisting that you call a phone number to fix it, it is a scam. Close the browser window and don’t visit that website again. If the Window controls are missing, shut down the browser using the task manager. No legitimate anti-virus software will ask you to call them.

 

Phone recharge led to wiping a laptop clean – 07/26/2023

 

 

Last week Carrie (not her real name) lost three days of productivity when her laptop had to be reimaged. For those of you who don’t know what reimaging is, it is when ITS has the pleasure of wiping everything off of your machine and then reinstalls the standard applications.

I know what you are thinking, “If they reinstalled everything, why did she lose three days of productivity?”. Simple, no one has just the standard applications with the default settings on their computer. Every department and every person has their own special applications and settings that allow them to do their job more effectively. It takes time to get your machine back to where it was before it was reimaged. In Carrie’s case, it was three days.

What caused all this inconvenience and frustration for Carrie? A stranger’s smartphone. Yup, you read correctly. A smartphone. When Carrie left for a two day vacation, she left her laptop tucked under the shelf of her standing desk plugged into the docking station. Carrie works in reception and she doesn’t have a door that she can lock. She thought if she just left it tucked out of the way, her laptop would be safe. Afterall, her department’s offices are behind doors that are locked every night.

While she was gone, her colleagues heard an alarm going off at her desk. When they investigated, they discovered the source of the alarm was a smartphone plugged into her laptop. They contacted Carrie to see if the phone belonged to her. When she assured them that it didn’t, they checked with the rest of the department. The smartphone didn’t belong to anyone there either.  Security was called but they were unable to determine who the smartphone belonged to. Because there was no way to know if this was a malicious act or not, it had to be assumed that the smartphone had downloaded something nasty onto Carrie’s laptop.

The laptop was reimaged according to ITS security protocols.  They require that If a device could be compromised, it is reimaged … period. Even if a malware scan finds nothing, we do the safest thing which is to wipe the machine clean.

Sadly, it is most likely that some MRU employee from another department innocently plugged their phone in for a quick charge and then forgot about it. In their rush, it never occurred to them they would be causing such grief.

This story is a reminder to everyone.

  1. If your phone needs charging, please use your own computer or the public charging stations around campus. DO NOT use a colleague’s computer.
  2. Secure your device as much as possible when you leave for the day. If you have a laptop. take it home or lock it away. If you have a desktop, lock your office door or make sure the common area door is locked.
  3. Do not store files on your desktop or C: drive, otherwise you will lose them if your machine has to be reimaged.
  4. If you find a strange device plugged into your machine, do what Carrie’s colleagues did, contact Security and ITS. Do not use your computer until ITS has determined it is safe to do so.

These simple steps will protect our network while saving you and your colleagues a lot of time and frustration.

 

 

A new name and look for the Cybersecurity Newsletter – 07/25/2023

 

We are delighted to announce a new name and look for the Cybersecurity Newsletter.  Introducing Cyber Spotlight, your source for the latest cyber threats on campus, cybersafety tips and the latest campus sponsored cybersecurity activities.

 

 

We know how busy everyone is. Few of you have time to stay up to date on the latest cybersecurity threats. That is why we redesigned the newsletter. Now you can quickly and easily find the active threats on campus so you can immediately take action. Also, at a quick glance you can see what information is relevant to your friends and family.  Plus, you can learn a new way to stay cybersafe in minutes. Our Cybersafety tip of the week summaries helpful articles in a just a few sentences so you don’t have to read the whole thing.

Not only is our format changing, but our release date is too. We know how nuts Fridays and Mondays can be so the new newsletter will go out every Wednesday.

Say hello to the Cyber Spotlight, it is arriving soon at an inbox near you!

 

New cybersecurity awareness training goes live August 15 – 07/19/2023

 

 

It is that time of the year again.  Time to say goodbye to last year’s training and say hello to a brand new year of cybersecurity fun.  The training for new hires is now live and new employees are being enrolled automatically every Monday as they were last year. However, the rest of the program does have a few changes.

First, training for current employees won’t be launched until August 15 when faculty returns to campus. This does shorten the time that is available to complete the training. However, now notifications won’t be going out to people who aren’t here.

Second, contractors are now required to take training as well as employees. We decided to expand the cybersecurity awareness program as last year we experienced  a cybersecurity incident that originated with a contractor.

Third, the training completion due date for current employees is now June 15. New hires will continue to have 60 days to complete their cybersecurity awareness training and 30 days to complete their PCI awareness training.   By moving the deadline ahead two weeks, faculty will no longer be getting reminders when they are not on campus and it will be easier to meet our PCI compliance requirements.

Lastly, all our training content this year has been approved by the EDI office. Previously only our Cyber Guys videos were reviewed.  This change ensures that all our content falls in line with the University’s strategic direction to strengthen diverse communities.

The rest of the training program remains unchanged. Current employees can still test out of training. As well, our monthly Cyber Guys videos will continue to deliver giggles every month starting in October.

We hope these changes make the program more effective and less onerous.  We welcome your feedback on the changes or any other aspect of the program. With your input, we can continue to improve ensuring the program helps the entire campus stay cybersafe.

 

How to mark an email as unread on your phone – 07/18/2023

When reading an email on your phone, it is challenging to determine if the email is malicous or not.  The screen is just too small to see the red flags, increasing the chances you will become  a victim of a cyberattack.

Reading an email on your phone is perfectly safe. However when you are asked to take action, mark the email as unread and read it again later on a larger screen. While this is great advice, how exactly do you mark an email as unread on the Gmail app?

To mark an email as unread on the Gmail app:

  1. Open the email
  2. Click on the envelope in the upper right hand corner

 

 

Twelve character passwords are now being hacked on a regular basis. 08/01/2023

 

 

For years you have been hearing that a strong password is greater than 8 characters long, has uppercase letters, lowercase letters, numbers and symbols. Today that is no longer the case. The threat actors now have computing power and tools that allow them to brute force hack any 8 character password in less than a day.

So how long should your password be? Well that depends on whether you have created the password yourself or have had a password manager do it. According to experts, if you generate the password yourself, it has to be 20 characters long. If you have a password manager generate a random one for you, then it only needs to be 12 characters long.

Why the discrepancy? The thought is the human brain cannot generate a random enough password to keep criminals out. We tend to use dictionary words and dates making it easier for these types of passwords to be cracked. In comparison, a password manager generates a completely random combination of characters which is much more secure.

I know what you are thinking, isn’t 20 characters overkill? Well we have had multiple accounts on campus brute force hacked in the past year. The passwords were unique, were used no where else, had 12 characters or less and included all the recommended characters.  There was no way that the passwords could have been stolen from elsewhere. A brute force hack is the only explanation of how the accounts were compromised.

A 20 character password may be secure, but if you are trying to come up with a single word that is that long, it can be bloody hard. The whole process is easier if you use four random words that have meaning to you, but would be nonsensical to anyone else. Once you hae your words, insert a number into each one and capitalize one letter in the word. You can use spaces as your special character or replace the spaces with a special character. For example, saddlepad blue shiny bay, becomes s4addlepaD#b4luE#s4hinY#b4aY.

To make it easy to remember, I insert the same number in the same place, captialize the last letter and replace the spaces with the same symbol. The result is a monster password that will take years to crack but can be remembered.

While having a 20 character password will keep your accounts safe for now, it won’t be long before we will need 33 character passwords or longer. To add an extra layer of security, enable multi-factor authentication on all your accounts so that if your passwords are cracked, the attackers won’t be able to gain access.

 

Smart employee sees a correct email address and verifies anyway – 06/20/2023

Payroll was hit repeatedly this week with change bank requests. The requests looked legitimate. They came from a Mount Royal employee and the email address displayed was correct.

 

Fortunately, this wasn’t Payroll’s first rodeo and they knew that the sender’s email address was just a text field. An attacker could easily enter anything they like into that field. They also knew to verify that the request was actually made by the displayed sender. For this reason, they created a new, second email with a screen shot of the one received and asked the displayed sender if they had in fact sent the email. The answer was no.

Payroll’s quick thinking saved themselves and their colleagues days of heartache and a whole lot of money. This is a great illustration of why it is so important to verify that an email is legitimate before you act on it, even if the sending email address is correct. Just by taking a few extra minutes to send a new message, text or call; you can avert disaster and save the day just like Payroll did.

 

Campus slammed with fake performance reviews and faculty bonuses – 06/15/2023

This past week was a busy one for the cybersecurity team. The campus was slammed with document share invites from Google that were designed to look like they came from campus chairs and supervisors . Here is an example of one of the emails.

 

 

While it clearly states, in big letters at the top, that Benjamin Clark is sharing the document, the document description says that it is Ranjan Datta who is doing the sharing. This can confuse you just enough to make you open the file.  If you do, you will be asked to enter your Google login credentials before you are able to view the document.  Once you enter your login credentials, you are indeed able to view it. However, your login credentials will have also been sent to the attackers. If the attackers are clever enough, you aren’t even aware that anything is amiss.

Fortunately, It is fairly easy to spot these impersonators if you pay attention to what Google is saying and ignore the description that the attacker has entered. Google will always post the name and email address of the person sharing the document in big letters at the top of the email.  In addiition if that person does not have a Mount Royal email address, a pale yellow banner appears above the Open button letting you know. In comparision, the description is in a normal size text and appears just above the name of the shared file.

By taking a pause and analyzing the email, you can avoid having your email compromised. That said we are all human and make mistakes. If you think your login credentials may have been stolen, change your password immediately by visiting the MyMRU login page and clicking the Change Password link.

If you find one of these suspicious looking emails in your inbox, please report it using the PhishAlarm button or by forwarding it to cybersecurity@mtroyal.ca. Your quick actions allow us to alert your colleagues and prevent them from becoming victims.

 

 

The space audit is coming, cover up sensitive information – 05/31/2023

 

 

Starting June 12, Facilities Management will be conducting its annual space audit. Employees will enter all rooms on campus in order to update space information. Photos will be taken to record the condition of finishes, furniture layouts and equipment. Part of the project involves auditors creating work requests in the Frontline system for maintenance issues they identify.
 

While this project is for internal use and staffed by employees, it serves as a good reminder of the need to have good data protection measures in place. What does that mean to the average employee? Ensure that any sensitive information — including that involving students and employees — is kept in a location that can’t be easily seen or accessed. If you’re not at your workstation, lock your computer screen.

 

And we all know better than to have our user names and passwords pinned to a bulletin board by our computer, a rookie mistake made when Prince William was part of the RAF.