October is Cybersecurity month! Canisius ITS would like to invite you to spend some time thinking about your online presence and how you can make it more secure.
Cybersecurity Awareness Training
In accordance with several regulatory agencies (FERPA, NYS Shield, GLBA, etc.), accreditation, and for cyber insurance purposes, Canisius requires all Faculty and Staff to complete cybersecurity awareness training every academic year. You may fulfill the requirement by attending an in-person, 1-hour session on October 23rd. For those unable to attend, a recording will be made available. Your participation will be tracked for compliance purposes.
The University is partnering with Foxpointe Solutions to provide this training in the Winter Student Center, upstairs in the Regis Room on:
Wednesday, October 23rd, 12:00PM to 1:00PM
Please register for the in-person session by clicking here.
If you have any questions, please contact the ITS Helpdesk at 716-888-8340 or by email at helpdesk@canisius.edu.
Is It Really Them?
Every now and then we receive emails, or even text messages, that purport to be colleagues or ITS, asking us to communicate with them for some special or urgent purpose. These can be scammers, and the tactic is called “Phishing.” Read more about these scams and how to avoid them here.
Additionally, make sure to follow safe Email practices. As stated above, Emails can be “spoofed”, meaning that they may look like they come from a colleague but can actually be scammers. Remember to look at the actual Email address (using your mouse, you can hover over the sender’s name in the FROM line) to better identify valid Email requests.
Another easy way faculty and staff can identify spoofed emails is to check for one of the following colored alerts:
These alerts help to confirm whether or not an Email is safe and includes some of the emails found in your “Junk” folder that is already marked “SPAM”. Note that these banners will appear as plain text (i.e., no colored background/square) when viewed in the Junk folder. However, moving the message to any other folder will allow you to see the full-color version.
ITS has also identified several “trusted” email addresses from some of our partner vendors. These senders will not have the above banner image in the header of a message. A few of the trusted vendors include Slate, Adirondack, Medicat, emails sent by Advancement through Benchmark, and more. If you discover that we have missed a vendor that you believe should be included in the trusted vendor list, please contact the ITS Help Desk at helpdesk@canisius.edu.
Also keep in mind that ITS will never send an email concerning authentication (e.g., password expiration) that contains a link.
Separate Work from Personal
It is a good idea to separate out your professional and personal life. On this note, Canisius strongly recommends that you do not mix your work and personal communications and online accounts. Per the Canisius Acceptable Usage Policy, we recommend that you do not use your Canisius Email (i.e., the email ending in @canisius.edu) for personal communications or as the contact email for various personal accounts unrelated to your work at the University.
Please take the time to review any of your personal online accounts and check that you are using a personal email account (such as a free Google Mail/gmail account). Use this external Email address for any accounts unrelated to Canisius University such as personal social media, financial/banking, shopping, etc. Share your personal Email address with friends and family and ask them to contact you there for non-Canisius matters. Use this personal email to also set up another form of Multi-factor Authentication for your Canisius account. You may want to set up an Authenticator App too, particularly if you are in a building that has low cell service.
Secure File Sharing
Email is the primary way most of us communicate with other departments and colleagues. However, it’s not necessarily the safest, especially for securely sharing documents and files. For example, if you accidentally misspell someone’s email address or send the email to the wrong person, they will be able to access any attachments in the email.
If you are sharing sensitive information with fellow faculty and/or staff (or even course resources with your students), check out how to Securely Share Files in Google Drive, or, if you prefer, how to Securely Share Files in OneDrive. Only the people that you have shared the files or folders with will be able to access them.
If your office or department shares information (via email or shared documents, such as Google Docs or Sheets), set up a Shared Google Drive. Shared Drives are great for a team and will persist even after any team member has left the University. Any documents or files that they were working on will still be there for later use.
Additional Tips & Resources
For more information on cybersecurity, check out FoxPointe Solutions’ tips and the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure our World page and Shields Up page.
Also, check out the Pedagogy Primer Podcast Episode 15, where we interviewed Matthew Gracie and Dr. Justin Del Vecchio, both cybersecurity professionals and faculty in the Department of Quantitative Sciences and the Cybersecurity Graduate Program here at Canisius. In this episode, they talk about prospects for Cybersecurity students as well as ways to stay current on cybersecurity issues and cybersecurity best practices.
Keeping Canisius’ systems safe is a community effort! When in doubt or if you have general questions, contact ITS Help Desk at helpdesk@canisius.edu.