Computer science pupils studying cybersecurity are “very popular choices” for employers, said Kathy Knight, Director of the James W. Burns Executive Education Centre at the University of Manitoba’s Asper School of Business.

Asper plans to launch a cybersecurity program for non-tech leaders in 2025. The curriculum will include how to create a “cybersecurity mindset” within organizations, Knight outlined.

“All (employees) have a role to play in cybersecurity,” she said. “It is the human factor that is the biggest risk.”

To read the full story, please visit the Winnipeg Free Press.

Stefanson, in her role as premier, has said the province stands with Israel and condemns the Hamas attack, saying in a statement on Oct. 7 (the day of the initial attack) that she fully supports Israel’s right to defend itself.

These kinds of hacks are not uncommon, according to David Gerhard, the head of computer science at the University of Manitoba.

“Often public figures are the target of hackers for a couple reasons,” Gerhard told CTV News. “Because they interact with a lot of people which means they have a wide range, a hacker with a message to send can make that message go to a lot of people.”

Read here

It is important for us all to learn about these scams and take steps to protect our personal information and stop fraudsters in their tracks. Two of the most common types of fraud that affect university communities are business email fraud and phishing.

Business email fraud

Business email fraud, also known as CEO fraud, is a type of scam in which fraudsters impersonate a high-level administrator, such as a dean or president and send emails to employees requesting sensitive information or money. 

To protect yourself from business email fraud, never respond to unsolicited emails that ask for personal information or money. If you receive an email that appears to be from a supervisor or a faculty, unit or department lead, verify the sender’s identity by calling them or using a known email address before responding.

Phishing scams

Phishing scams typically take the form of emails or text messages that appear to come from a trusted source, such as a bank or a government agency. The scammer then asks for personal information to be sent to them, which they can use to steal your identity or money. 

To protect yourself from phishing scams, never respond to unsolicited emails or text messages, always be cautious of emails that contain attachments and never send money or personal information to someone you do not know.

March phishing simulation

The university will run our annual Fraud Prevention Month phishing simulation in March. The email will likely be a notice about your tax information. Watch out for these three indicators of a possible scam:

1. Urgency or fear – the message will try to reel you in by triggering a fear response.
2. Suspicious links –  typos in domain names are a common trick, e.g. “umaniloba.ca.” 
3. Fictional department or unit – for example, the university does not have a “Tax Department.”

If you notice any of these warning signs, forward the message to spam [at] umanitoba [dot] ca immediately.

What else you can do

You can take several other steps to protect your personal information and stop bad actors. These include using strong passwords, regularly checking your credit report and being cautious when sharing personal information online. Additionally, stay informed about the latest frauds and scams, pay attention to university information security alerts and report any suspicious messages to spam [at] umanitoba [dot] ca.

Remember: Information Security Starts with You!

How to add your second-factor device

Option 1

1. Open a browser (Google Chrome is recommended) and go to http://portal.office.com. 
2. Enter your UM username and password. 
3. Duo will prompt you to add your second-factor device. Follow the prompts to complete your setup. 

Option 2

Duo will prompt you to add your device the first time you log in to an MFA-protected service like UM email.

If you want to see what adding a device in Duo looks like before you proceed, please review our text-based instructions:

• How to enrol your second-factor device in Duo MFA (PDF) 
• How to enrol your second-factor device in Duo MFA (.doc) 

Did you know?

Duo MFA gives you the option to add more than one second-factor device. Add a back-up second-factor in case your first option is not available.

Visit https://umanitoba.ca/multi-factor-authentication for more information about using Duo MFA.  

If you are unable to use a mobile device with Duo MFA, please contact the IST Service Desk at 204-474-8600 to request an alternative option.  

Thank you for your support and cooperation!

$25 UM BookStore gift card winners

Students:

Aliabbas Bansiwala
AMARA CHIEKEZIE
Ashley Harris
Zachariah Henderson
Ryan Kozera
Mya Kryschuk
Lillian Lau
Kevin Lees
Denys Popov
Graham Taylor

Staff:

Caleigh Bell
Sarah Chan
Susan Coutu
Jacquie Dawson
Enrique Fernandez
Glen Hales
Damir Hamzic
Renee Hoffart
Yang Qiu
Shedlmor Sevillo

Did you know?

Did you know that installing Duo on your mobile device is the most convenient way to use multi-factor authentication (MFA)?

The Duo app

The Duo app is free and available in the Apple App Store and Google Play. Using your mobile phone for MFA is most convenient but if a mobile phone isn’t an option for you, contact the IST Service Desk to discuss other options.

Using Duo cellular coverage or Wi-Fi access

If you don’t have cell phone coverage, you can choose the “Enter a passcode” option to authentication. Then open the Duo app and tap “Show” under the Passcode. It will give you a six-digit code to enter for authentication. You do not need an internet connection or a cellular signal to generate these passcodes.

Duo data usage

Duo uses almost no data. 500 pushes to your device will use 1 MB of data in total. This is roughly equivalent to loading one webpage on your smartphone.

Read more about the Duo app on UM Multi-factor authentication.

Opt-in to MFA to be entered to win 

Using multi-factor authentication (MFA) is essential to keep our systems as secure as possible. If you haven’t already, please take the time to opt-in to MFA with Duo today. For more information, visit http://umanitoba.ca/dotheduo 

Note: You do not need to opt-in if you are already using Duo MFA for any university service. Duo MFA is available to all faculty, staff, and students.

1^st Prize

Philip Dufresne
Asst to Head/Administrative Asst, Biochemistry & Medical Genetics

2^nd Prize

James Nagy
Professor, Physiology & Pathophysiology

3^rd Prize

Richard Hodges
Director, Animal Care & Veterinary Services

Congratulations to the winners and a big thank you to everyone who participated in our Duo Enrolment Contest!

Using multi-factor authentication is a convenient and effective way to keep our systems as secure as possible. If you haven’t already, please set up multi-factor authentication for logging into the VPN today. Find the Duo set-up instructions and more information about multi-factor authentication at UM multi-factor authentication.

Remember: Information Security Starts with You!

Staff and faculty are required to regularly log in to the university network to maintain to the activation of software licenses and to receive security patches and software updates.

This October, you will be encouraged to add an additional security factor when signing in to the virtual private network (VPN).

What is MFA?

Multi-factor authentication or MFA adds an extra layer of security to your university accounts to protect you, your data and university systems from unauthorized access and phishing attacks. 

Verifying your identity using a second factor such as your phone or mobile device prevents others from accessing your accounts, even if they know your password.

“Traditional security methods like passwords are no longer enough,” says Patrick McCarthy, director of information security and compliance. 

“Bad actors have become skilled at exposing the weaknesses of password-based authentication. One effective method to successfully mitigate this vulnerability is adding an additional security layer with multi-factor authentication.”

How does it work?

Using multi-factor authentication is simple:

1. Self-enroll by registering your phone or mobile device in Duo. You only have to enrol once.
2. Use Pulse Secure to connect to the VPN and enter your username and password.
3. Use your phone or mobile device to verify your identity.
4. You’re securely logged in!

Note: If you are unable to use a mobile device for MFA, please contact the IST Service Desk at 204-474-8600 for more options. 

Why is it important?

With an increase in remote work, more staff are using the virtual private network (VPN) to connect to a variety of systems, using both university-managed and personal home computers. 

And, because VPN is accessible from anywhere on the Internet, cyber security advisers expect VPN attacks to increase. Non-profit cyber security agencies and government bodies like the Canadian Centre for Cyber Security strongly recommend that organizations enable multi-factor authentication to protect VPN accounts from unauthorized access.

The university will begin rolling out multi-factor authentication to all staff and faculty VPN users starting October 13, 2020.  You will receive an email notification and enrollment instructions when MFA is rolled out to your area.

Win a prize!

Enrol in Duo and use multi-factor authentication to connect to the VPN this October and November to qualify! Visit our Cyber Security Awareness Month website for contest details.  

If you have any questions or concerns about this new initiative, please contact the Service Desk at 204-474-8600.

“Systems used to process, store, retrieve and transmit information play a vital role in the conduct and success of the UM’s teaching, learning, research, outreach and business processes,” says Patrick McCarthy, director of IST Information Security and Compliance.

“The Information Security Policy will also enable us to reduce the impact of the cyber threats all organizations and educational institutions are facing,” he adds.

The policy, procedure and standards apply to everyone in the university because, as McCarthy notes, we all have a responsibility to keep our data safe and protected.

The purpose of the Information Security Policy is to:

• ensure the protection of the all information and information systems;
• mitigate risks associated with theft, loss, misuse, damage or abuse of information systems;
• ensure staff, students, faculty and researchers are aware of and comply with provincial and federal legislation;
• minimize the university’s exposure to cyber attacks;
• ensure that information users understand their responsibilities; and
• protect the university from liability.

Developed by the Information Security and Compliance team, the draft policy and procedure were reviewed by units including human resources, the office of legal counsel, audit services, access and privacy and the unions across the university prior to ratification.

What do I need to do?

Read the policy, procedure and associated standards.

Some standards like the Password Standard apply to everyone, while others like the Workstation Patch Management Standard  apply to anyone responsible for managing, updating or maintaining computer systems.

Where do I get more information?

If you have any questions, concerns or would like more information about your responsibilities, email the Information Security and Compliance team directly at infosec@umanitoba.ca.

Thank you for your continued help in ensuring the confidentiality, integrity and availability of the university’s data. 

Remember: Information Security Starts with You!

Examples of COVID-19 Scams

• Fabricated notices from health organizations (e.g., the Federal Government, CDC, WHO or local health departments).
• Phony websites containing maps and dashboards
• Information about protecting yourself, your children or your community that contains malicious links or attachments
• Charitable appeals, claiming to help victims of the virus, which are not legitimate
• Misleading ads or spam about masks or other protective gear, or other helpful hints to combat the virus.

What Can You Do? 

Be vigilant for Coronavirus-COVID-19 scams during the coming weeks. If you suspect a message may be a phishing scam, please report it by forwarding the email message as an attachment to spam@umanitoba.ca.

1. Rely on established lines of communication from the university for your updates. Important announcements and information will be posted on the university’s Coronavirus webpage: http://umanitoba.ca/coronavirus.
2. Be cautious about opening any Web links or attachments even if you know the sender, as they may be from a compromised account.
3. Look for red flags in emails you receive. Red flags include abnormalities in the sender, topic, links, content, etc. Tips for spotting phishing scams—along with detailed instructions for reporting suspicious email messages—are available on our Email Securityweb page.
4. Contact spam@umanitoba.ca whenever you have any doubts or concerns about a message you have received. Our security team will investigate and follow up with any necessary warnings to you and the university community.

Vigilance is key. Reporting suspicious messages is the best way for us to combat the attacks.

Remember, information security starts with you!

When you use your university credentials to log into non-university services like Dropbox, Twitter or Facebook, you risk your information getting into the hands of a hacker.

Take steps to protect yourself and the university:

• Use a different username and password for each online service you access
• NEVER use your U of M credentials for any non-university services
• If you have to use your U of M email address for an online service, use a DIFFERENT PASSWORD

Data breaches occur more often than you think. Sites like LinkedIn, Evite, Canva and Houzz have all experienced data breaches in the last two years. The person or group behind a breach counts on the fact that between 31% and 55% of people use the same login credentials at multiple sites . Once they have your username, email address, password and possibly other personal information, they will attempt to access other sites with your login, including U of M’s systems.

This is why the university continues to improve our cyber security safeguards by requiring a yearly password change, and by introducing device encryption to ensure that your data is only readable with a password.

Read More

• A new initiative to protect university data is underway!
• Password and usage agreements expiring next month