Goodbye PhishAlarm button, Hello reporting to Google – 06/19/2024
Updated 09/27/2024
For a few years, we have been asking the MRU community to report suspicious emails by using the PhishAlarm button or by forwarding the email to cybersecurity@mtroyal.ca. This notifies the Cybersecurity team of the possible threat and allows us to inform the reporter and their colleagues of any active attacks hitting the campus. While this service has been useful, it bypasses Google’s built-in security tools.
Google’s security tools have improved significantly and we are shifting to using this more effective, efficient system. Starting Tuesday, July 2, the MRU community will use GMail’s built-in reporting system instead of using the PhishAlarm button.
Every email reported to Google is reviewed by their security tools. If enough people report an email, Google will place a yellow warning banner at the top of it, letting your colleagues know it could be malicious.
Consistently reporting phishing emails to Google does more than protect your colleagues. It also improves Google’s ability to recognize malicious emails. Over time, fewer of them will arrive in your inbox. If you delete an email, rather than reporting it, you miss out on these benefits.
If you’re not using Gmail to view your email, you can continue to forward suspicious emails to cybersecurity@mtroyal.ca. However, this bypasses Google’s security tools and leaves your inbox — and the University — more vulnerable to attack.
Make your life easier and reduce the number of phishing emails you receive by reporting suspicious emails to Google.
To report suspicious emails to Google:
- Open the email.
- Click the three dots in the upper right corner (the kebab).
- Select Report phishing from the menu. A confirmation dialogue box appears.
- Click Report Phishing Message. Google removes the email from your inbox.
- That’s it!
Join the MRU Cybersecurity Community chat and share your reports with others in real time
Reporting to Google does help you and your colleagues over time, however there is a way to alert others immediately. Forward your emails to the MRU Cybersecurity Community chat before you report them to Google. It only takes an extra 30 seconds, but it saves your colleagues hours of hassle. This new chat space is where you can communicate with others on campus about active cyber attacks as well as get real time alerts yourself. To celebrate its launch, we are giving away a camera fitted drone during Cybersecurity Awareness Month in October. Check out the web page to find out more.
A new name and look for the Cybersecurity Newsletter – 07/25/2023
We are delighted to announce a new name and look for the Cybersecurity Newsletter. Introducing Cyber Spotlight, your source for the latest cyber threats on campus, cybersafety tips and the latest campus sponsored cybersecurity activities.
We know how busy everyone is. Few of you have time to stay up to date on the latest cybersecurity threats. That is why we redesigned the newsletter. Now you can quickly and easily find the active threats on campus so you can immediately take action. Also, at a quick glance you can see what information is relevant to your friends and family. Plus, you can learn a new way to stay cybersafe in minutes. Our Cybersafety tip of the week summaries helpful articles in a just a few sentences so you don’t have to read the whole thing.
Not only is our format changing, but our release date is too. We know how nuts Fridays and Mondays can be so the new newsletter will go out every Wednesday.
Say hello to the Cyber Spotlight, it is arriving soon at an inbox near you!
New cybersecurity awareness training goes live August 15 – 07/19/2023
It is that time of the year again. Time to say goodbye to last year’s training and say hello to a brand new year of cybersecurity fun. The training for new hires is now live and new employees are being enrolled automatically every Monday as they were last year. However, the rest of the program does have a few changes.
First, training for current employees won’t be launched until August 15 when faculty returns to campus. This does shorten the time that is available to complete the training. However, now notifications won’t be going out to people who aren’t here.
Second, contractors are now required to take training as well as employees. We decided to expand the cybersecurity awareness program as last year we experienced a cybersecurity incident that originated with a contractor.
Third, the training completion due date for current employees is now June 15. New hires will continue to have 60 days to complete their cybersecurity awareness training and 30 days to complete their PCI awareness training. By moving the deadline ahead two weeks, faculty will no longer be getting reminders when they are not on campus and it will be easier to meet our PCI compliance requirements.
Lastly, all our training content this year has been approved by the EDI office. Previously only our Cyber Guys videos were reviewed. This change ensures that all our content falls in line with the University’s strategic direction to strengthen diverse communities.
The rest of the training program remains unchanged. Current employees can still test out of training. As well, our monthly Cyber Guys videos will continue to deliver giggles every month starting in October.
We hope these changes make the program more effective and less onerous. We welcome your feedback on the changes or any other aspect of the program. With your input, we can continue to improve ensuring the program helps the entire campus stay cybersafe.
New cybersecurity awareness training launching soon – 06/29/22
It is that time again. One training year closes and another begins. June 30 is the training deadline for this year’s courses. I am pleased to say that 74% of registrants have already completed the training. If those who are currently working on courses finish up, that will give us a record 79% completion rate. Whooo hooo!!! I am confident that you won’t let me down and you will pop back in to complete those last few modules.
Unfortunately we have fewer people finishing the pretest. Only 70% have completed it. Luckily the majority of those who do, have not been assigned training. When training is assigned, typically only two modules must be completed. That means the odds are, it will only take you 20 to 30 minutes to complete your annual training! Take aside a little time to finish this up and prove how effective the pretest program is. Keep in mind while the deadline was June 29, the Security Education Platform will allow you to access the pretest and assigned training until July 29, 2022. So it isn’t too late to get it done!
In the beginning of July a new round of training will launch. Watch for the email notifications to arrive in your inbox. Remember, current employees have a whole year to complete their training. Please don’t angry email me that you just finished your training and don’t know why you have to take more. New hires aren’t so lucky. They have only 60 days to complete their training. It works best if you spread the training out instead of completing it all in one sitting.
This year registration for new hires into the Security Education Platform will be automatic as will enrollment in the new hire training. This is wonderful news as neither you nor any of your new hires will have to fill out the registration form. The training notification will automatically arrive in their inbox. They can get started on their training right away without any help from you. Yaaayyy!! Unfortunately if they handle payment card data, they will still have to register for PCI training. Sorry, it can’t all be good news.
There will once again be a pretest for all current employees. This year, it will be a tad shorter, 22 instead of 33 questions. Yaayyyy!! Some more good news. Once again, there will be additional training for those of you considered to be high value targets. The training is very specific to your role and you will find it more helpful than annoying. At least that is the hope.
In addition to new training, we also have a new system in place to keep user profiles up to date. This should result in far fewer people getting training notifications after they have left MRU. As well supervisors should find that the training status reports for their teams will be more accurate. Another win!
Lastly, the Cyber Guys videos will take a short break over July and return again in August. They have been busy and we have a new whole crop of ridiculously funny reminders on how to stay cybersafe for the new year. Thank all of you for the positive feedback. I am delighted that you have found them as entertaining as I have.
A big thank you to everyone who has set aside precious time in their schedule to complete their training. You have invested in the safety of your home, family and colleagues. While the training doesn’t always seem beneficial, sometime in the future you will be thankful that you took the time to learn how to identify and thwart a cyberattack.
The Cyber Guys are coming! – 01/11/22
January 2022 is here! As promised, next week we will be releasing the first Cyber Guys video. This short video is super fun. As a reward for watching you will earn a contest entry code. Have a giggle, get a cybersafety reminder and earn codes. What could be better? Log into the Security Education Platform and check your My Assignments list to find the video link.
The return of the Cybercafe – 12/15/21
To level the playing field for the Cybersecurity Challenge for those working from home, starting in January 2022, the Cybercafe will return. Once a month I will make myself available from 10:00 am to 2:00 pm virtually for questions, MFA support or to discuss the latest cybersecurity threat. Everyone who stops in will get two contest entry codes, the same ones given out at the Cybersecurity Roadshow. This prevents double dipping, evens things out and gives our working from home folks a chance to catch up.
I am hoping that this will give everyone an equal chance to participate in the challenge and encourage those who may have felt left out to join in. This is an excellent opportunity for your team to catch up and earn some entries. See you all in 2022!
It is survey time! Participate and win a $50 gift certificate! – 12/06/21
It is that time of the year when we look back at last year’s program and figure out what worked, what didn’t and where we can improve. To help us determine if we are on the right track, we need your help. Please take 5 min to complete our survey. To ensure that we are learning about what people are doing on campus rather than what they know they should be doing, the survey is anonymous. You can freely admit your sins safe in the knowledge we will never know who you are. Your honestly will help us determine the direction of our program next year. You can take the survey here.
The Cybersecurity Newsletter has a new look! – 10/22/21
The cybersecurity awareness program at MRU rebranded earlier this fall. It took us a while, but we have also rebranded the Cybersecurity Newsletter. Gone is the blue background, sections have been reorganized and we have a fancy new header to match our new program branding. We hope it will now be easier to read as well as to find the information that is most useful for you. Look for the new format newsletter to arrive in your inbox on Friday.
If you aren’t a subscriber, now is the time to do so. Get the latest news on current attacks and how to stay cybersafe. Once you subscribe, you can share what you learn with family and friends. Don’t delay, subscribe now.
October is Cybersecurity Awareness Month – 09/29/21
It is Cybersecurity Awareness Month!! To celebrate we have several activities planned. As always, the Cybersecurity Challenge will run from October 1 to March 31. This year the Challenge has a new sponsor, WBM! The teams have been reorganized to ensure they are of equal size so the competition should be as fierce as it was last year. Will the Facilities Management team finally be unseated or will they be victorious once again?
The Virtual Treasure hunt that was so popular last year is back with new clues and puzzles. Solve the puzzles and use the clues to find the location of the treasure. Everyone can participate.
We have two new Cybercrime Series talks scheduled as well. Brian Reed from Proofpoint will be discussing insider threats, the horror stories that go with them and how to protect yourself. Jason Kell from Teknologi1 will be discussing attacks to Industrial Control Systems and the repercussion.
Come join in, have fun, earn contest entry codes and learn how to stay cybersafe!
Our cybersecurity awareness program has a new look! – 09/02/21
After 5 successful years, the cybersecurity team is saying goodbye to our superheroes. While they served us well, we recognized that it was time for a change. Our survey let us know that the campus was looking for branding that was more professional but still used simple straight forward messaging. Introducing The Shield.
Look for the new posters, screen slides and stickers as they pop up around campus. We hope you love our new look as much as we do. Let us know what you think in the comments below.