Cybersecurity Blog

Cybersecurity Challenge 2019/2020 Winners – 10/29/20

The 2019/2020 Cybersecurity Challenge wrapped up on September 30 last month. A big congratulations to Stephanie Spencer in Continuing Education! She is the winner of the $250.00 gift certificate to Best Buy! Have fun shopping Stephanie.

The winner of the Golden Superhero Award is once again the Facilities Management team. Congratulations team for an outstanding effort! Here is the gang in their COVID glory,

From left to right: Jason Philipchuk- Facilities Management Office, Carol Hartwick – Environmental Services, Garry Berge – Building Operations.

 

A huge thank you to everyone who participated! It was the best year ever for the Challenge. That said, this year’s Challenge is shaping up to be a close race. For the first time in three year’s, the Facilities Management team is not in first place and the top four teams are running neck and neck. Who will be the winner next year? Tune in on March 31, 2021 and find out!

 

It’s Cybersecurity Awareness Month! – 10/02/20

 

 

Welcome to another Cybersecurity Awareness Month (CSAM)!!  Although we can’t meet in person, we do have a full list of activities that you can participate in.

Cybersecurity Challenge 2020/2021

The Challenge is back with several improvements.  As before, you earn contest entry codes by participating in cybersecurity activities. Each entry gets you one chance to win a $250 Best Buy gift certificate from Cisco Systems Canada.  However the contest now runs from October 1, 2020 to March 31, 2021. This should prevent Challenge fatigue while still ensuring everyone has the opportunity to participate.

The teams have also been updated. They are now only 100 members in size. As all the teams are the same size, the leaderboard will display the actual number of entries rather than percentages. Lastly, the sharing of codes officially became against the rules. If you don’t participate and enter a code, you will be disqualified from the Challenge.

Virtual Treasure Hunt

To replace our Hack the Room activity, we have a virtual treasure hunt. Bluebeard has hidden a chest full of crypto currency. Solve the clues, collect contest entry codes and find the treasure. Everyone who finds the treasure is entered into a draw for a $100 Amazon gift certificate courtesy of WBM Technologies.

The Cybercrime Series

Come join us for tales of cyberhorror. The Cybercrime Series looks at cybernightmares and how to prevent them. We have two scheduled for October.

  • Cybersecurity: Are our graduates ready for the new economy? – Angele McAllister
  • The Cybersecurity Monster Manual: Stopping things that go “hack” in the night – Michael McDonnell

Double codes for completing training in October

To encourage you to complete your cybersecurity training, we are offering two contest entry codes for completing your training this month.

Our regular activities

Keep an eye out for our regular activities as well.  Participating in them earns you contest entry codes for the Challenge. You can subscribe to the newsletter, show off your cybersecurity sticker, join us in the Cybercafe or complete your training.

 

Workshop and Cybercafe held next week 09/17/20

 

 

Next week we have two events being held. September 22, 2020 is the Protecting yourself against cybercrime 2021 workshop from 2:00 pm  to 3:30 pm.  This is a great opportunity to complete your mandatory training and ask as many questions about cybersecurity as you like.

If you are not able to make the training but still would like to discuss cybersecurity, join us for the Cybercafe on September 24 at 3:00 pm. For 30 minutes you can ask all your burning cybersecurity questions. Our Security Administrator will be joining us, so the questions can get as technical as you like.  While you can ask anything you like, I will also be presenting a current news item as a topic of discussion. Check back on September 23 to see what that topic will be.

See you there!

New tool for remote file access coming – 08/12/20

 

 

IT Services is proud to announce the imminent arrival of their new remote file access tool, Webfiles. Previously when you clicked on the Remote File Access link in MyMRU, you were directed to SRAS. This allowed you to upload and download files on the Mount Royal network remotely. This tool was used by students, staff and faculty and was linked to our old VPN Pulse Secure.

As of September 7, 2020 Pulse Secure will no longer be supported and SRAS will no longer function. In preparation of this, we have been moving those using Pulse Secure over to our new VPN Global Protect.

Webfiles will replace the SRAS upload and download functionality. Just like SRAS, it is available to students, staff and faculty. If you use the Remote File Access link in MyMRU to access SRAS, sometime before August 24, 2020 the link will be updated to give you access to Webfiles.  If you use secure.mtroyal.ca, to access SRAS, please move over to Webfiles before September 7, 2020 to ensure continued access to remote files.

Change is always challenging however Webfiles is much easier to use than SRAS , making this change a welcome one. For details on how to use Webfiles, refer to the user guide Accessing files and folders remotely using Webfiles.  For the latest information on remote file access, visit the Working Off-Campus webpage.

 

New Cybersecurity Awareness Training Platform is Launched 08/12/20

It’s that time of the year again. Last year’s cybersecurity awareness training is being archived and the new training program is being launched. This year we not only have a new program, but we have a brand new tool to deliver it, The Security Education Platform by Proofpoint.

Thanks to this new tool, we are able to mandate cybersecurity awareness training for all employees! While everyone has access to the online training tool, depending on your role you may be able to take a workshop to meet your training requirement. On Monday, August 17 the new training goes live!

If you have any questions about the new training platform, contact me at bpasteris@mtroyal.ca or call me at 403-440-6329.

 

Power outage on campus this weekend will affect remote desktop users at home – 07/14/20

 

 

Employees who are set up to use ‘remote desktop’ will need to save their work and power down their campus PCs from home 8 p.m. on Sat., July 18 for an annual maintenance shutdown. PCs will automatically be turned on the following morning at 8 a.m. Employees who are working on campus will need to power down their PCs and empty fridges of any perishables before leaving work on Friday, July 17.

We are rolling out a new VPN Service – 06/12/20

 

Currently, people across the University use the Pulse Secure VPN also referred to as SRAS to create a secure encrypted connection between their home machine and their MRU workstation. Unfortunately, budget constraints are requiring us to move to a more cost effective service.  The new service is called GlobalProtect. The good news is, it is more powerful and easier to use.

The move from Pulse Secure/SRAS to GlobalProtect is happening in phases. Although everyone on campus who has access to Pulse Secure will also have access to the new service, you aren’t required to move over until you have received a notification with instructions on how to install, configure and use the new service.

The Working Off Campus webpage has everything that you need to know about the move and how to use the new service including user manuals and a list of FAQs. As always, you can contact the Service Desk for support.

We know that working from home is frustrating enough without having to deal with a new service, unfortunately it couldn’t be helped. We apologize for any inconvenience.

 

 

The PhishAlarm button, a new way to report suspicious emails – 05/26/20

 

IT Services is proud to announce the launch of a new reporting process for phishing emails. If you are an employee, you will be able to use our new PhishAlarm button.  If you are not, you can forward emails to cybersecurity@mtroyal.ca, our new email address for everything cybersecurity related.

Reporting a malicious email as an employee

If you have taken a look at your Gmail side panel, you may have noticed this .

 

If you don’t see your side panel, click the arrow in the bottom right hand of your screen.

 

 

Previously if you found an email that you thought was dangerous to your colleagues or you weren’t sure if it was legitimate, you had to click the Forward button and then type in abuse@mtroyal.ca in the To field. Now we have a handy button.

To report a malicious email using the PhishAlarm button

  1. Open the email
  2. Click the PhishAlarm button in the side panel.
  3. Click Report Phish. A confirmation pane appears.
  4. Click the X to close the confirmation pane.

Not only is the PhishAlarm button super easy to use, it sends the cybersecurity team more information about the email making it easier to investigate. It’s a win for everyone!

While we won’t be ignoring emails sent to abuse@mtroyal.ca, we are encouraging employees with phishing email concerns to use the PhishAlarm button. If you click the button and see a popup displaying something that looks like this:

You are not registered as an authorized user. If you are an employee, completing a registration form will rectify the problem.  If you are not, you are unable to use the PhishAlarm button and will have to forward suspicious emails the old fashioned way.

 

Reporting a malicious email if you are not an employee

Unfortunately, we are unable to offer the functionality of the PhishAlarm button to those who aren’t employees.  You will still see the PhishAlarm button, but if you try to use it you will get an unauthorized user notification.

The good news is, we have created a new email for reporting cybersecurity incidents,  cybersecurity@mtroyal.ca.  This new email will make it easier for the cybersecurity team to identify which reported emails are a priority and to respond quickly. While we won’t be ignoring emails sent to abuse@mtroyal.ca, we are encouraging people to use cybersecurity@mtroyal.ca going forward.

 

Show off your cybersecurity prowess with digital stickers – 05/26/20

 

 

With everyone working from home, our popular sticker program no longer worked. However, we have come up with a terrific replacement…digital stickers!

Just like before you can earn the stickers by reporting phishing emails. However you can also download them from the MRU Cybersecurity Hub. Instead of putting them on your electronic devices, we are asking people to add them to the end of their email signatures.  Everytime you send out an email, the recipient will get a nice reminder of how to stay cybersafe.

As before, you can still earn contest entry codes for the Cybersecurity Challenge. However instead of sending me a picture of your sticker, just send me an email requesting a code with the sticker in the signature.

Every quarter there will be a new sticker and a new code! Happy collecting!!

 

The online training is changing – 04/24/20

 

If you haven’t completed your cybersecurity or PCI awareness training for 2020 yet, you might want to do that before the end of the month. We have a new training tool that we will be introducing July 1.  As a result we will be losing access to our current training videos and interactive pre-tests on April 30.

To tide us over until the new tool is rolled out, on April 29 I will be uploading new videos with quizzes. However, you will not have the ability to test out of the video and it will take longer to complete the training.  I apologize for the inconvenience, however you can look forward to more targeted training once the new tool is rolled out.

The good news is, you still have a few days to complete the current version of the training.  If you have any questions , please feel free to contact me at bpasteris@mtroyal.ca.

04/27/20  update: There has been some confusion around the security awareness training completion date. The deadline has not changed, you still have until June 30 to complete your mandatory training. The only difference is if you complete it before April 30, it will be easier.