Through the ever-expanding internet, people at Queen’s can connect with peers around the world and find information to help with their research and other professional endeavours. But along with all this opportunity, comes exposure to some serious risks.

Universities have become targets for cyberattacks as they own vast amounts of valuable research and financial information. Universities are also often vulnerable as they are designed for collaboration and have a high volume of employees who bring their own devices to work.

Most of these attacks are launched by organized crime, state or nations, hacktivists, or insiders. Over the last few years, Queen’s along with several large Canadian universities have fallen victim to damaging cyberattacks, including the University of Alberta, Carleton University, and the University of Calgary, which paid $20,000 in ransomware after some of its computers were hijacked.

It’s why stepping up cybersecurity is an important priority at Queen’s. The university’s information technology system underpins all of our academic and research activities, and is crucial to our financial sustainability. To safeguard it, Queen’s has been implementing a number of new cybersecurity measures behind the scenes recently, and next up is the launch of a new online course.

The Cybersecurity Awareness Course is now available for all full-time or term employees who have a continuing relationship with the university. The course takes about 45 minutes to complete and features modules on phishing, ransomware, and mobile security.

“Everyone at the university has a role to play in preventing cyberattacks and this course will give faculty and staff the latest information to help them protect their devices and all of their professional, research, and personal data from being hijacked, stolen, or even destroyed,” says Jennifer Doyle, Chief Information Officer. “As we’ve seen in other cyberattacks in Canada and the U.S., a cyberattack can cause significant financial and operational damage.”

To promote the course, members of the cybersecurity awareness project are now beginning to meet with faculties and departments across campus to talk about who should take the course in their area. Everyone identified will then receive an email invitation with a link to the course webpage.

“Everyone at the university has a role to play in preventing cyberattacks and this course will give faculty and staff the latest information to help them protect their devices and all of their professional, research, and personal data...”
                                                                             – Jennifer Doyle, Chief Information Officer

“Each area of Queen’s is unique, and this customized approach will allow us work closely with large and small teams across campus to answer people’s questions and encourage them to participate,” says Denise Ernst, Information Security Officer. “Our goal is to reach an 80 per cent participation rate by the end of 2018.”

A few weeks after completing the course, users can expect to be part of an interesting follow up exercise. They will be sent spoofed emails to see if they can avoid being “phished.” If all goes well, they will identify the email as phony and report it to abuse@queensu.ca.

“The phishing exercise is a safe and timely way for us to measure the effectiveness of the awareness course and to reinforce the course material by reminding people of what they learned,” says Ms. Ernst.

Meetings with different areas are now being scheduled but the course is already available online for anyone who would like to log in and take it now. It can be accessed at the following ITS security webpage.