ITS

Information Technology Services
Information Technology Services

Security Messages from the Staff at ITS

Who better to give cyber security advice than those working right within our own department? This year, we asked the staff in the ITS department to give us their tips and advice of what they thought our campus community would like to know about. Below you will find their submissions. We hope you will find them informative (and perhaps even a little cheeky).


Message 1: Emails are legal documents.

A lot of people don’t realize that emails are legal records. According to the Freedom of Information and Protection of Privacy Act (FIPPA), any piece of recorded information, however it is recorded, is considered a record. While your personal emails or voicemails are not university records, any emails or voicemails (if saved) relating to university matters are considered university records and are subject to the FIPPA. For more information about FIPPA and email records, visit the Email Best Practices webpage on the Office of the CIO and Associate Vice-Principal’s (Information Technology Services) website.


Message 2: Be wary of masked links.

My tip for campus users to keep safe and secure online is to be wary of masked web links. They can lead to websites that may compromise your credentials or even automatically download and install malicious software (malware). It’s always best to verify who is sending you the link and which address the link is going to if you’re unsure of the content. Here’s a masked link as an example: http://bit.ly/IqT6zt.


Message 3: Internet usage is a privilege, not a right.

People don’t often realize that Internet Service Providers (ISPs) have a duty to uphold good practice on the Internet. If you or your device is causing interruptions to others on the Internet or you or someone on your device is downloading copyright material, the ISP can kick you off of their network. We often forget that Internet usage is a privilege, not a right. It comes with rules of behavior and failure to comply results in the loss of that privilege.


Message 4: Get a password manager and use it.

I used to pride myself on knowing all of my passwords to all of the sites I used. I had a stock body for my passwords that I would modify by a couple of characters for each site. It sounds fine but when an obscure site you registered at four years ago has a data breach, you may not hear about it and if you’re essentially using the same password everywhere, that makes it easier for hackers to get your credentials on other sites. Use a password manager and make strong, unique passwords for all of your sites.


Message 5: Did you know that Queen's owns your employee email account?

When you leave Queen’s, you no longer have access to your email account. Need a password reset that has to be sent to your Queen’s email address with a verification link? It doesn’t really help if you can’t access that account anymore. Create a personal email address for your personal business (there are lots of free providers) and keep your Queen’s email address for your work business.


Message 6: Beware of scareware.

There are many new types of malware coming out all of the time. A new one I’ve come across is scareware. What is it? Scareware is deception software. Its purpose it to frighten people into thinking their computer is being attacked and the solution is to download and install their software, which is actually a scam. Unless it is a message from your trusted anti-virus program, always be cautious of pop-ups and flashy messages claiming to be attacking your computer.


Message 7: Enjoy online gaming, but be vigilant.

Many people may avoid online gaming sites because they think that playing these games pose a security risk. Because a lot of these sites come free, they usually offer advertisements or require additional plugins to play the games. It doesn’t mean you can’t enjoy online gaming – just be vigilant and review the security credentials of your gaming website. Only download plugins from reliable sources. Ensure you have anti-virus and anti-spyware programs installed, just in case.