<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
	xmlns:content="//purl.org/rss/1.0/modules/content/"
	xmlns:wfw="//wellformedweb.org/CommentAPI/"
	xmlns:dc="//purl.org/dc/elements/1.1/"
	xmlns:atom="//www.w3.org/2005/Atom"
	xmlns:sy="//purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="//purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>UM Todayinformation security and compliance &#8211; UM Today</title>
	<atom:link href="https://umtoday-wordpress.ad.umanitoba.ca/tag/information-security-and-compliance/feed/" rel="self" type="application/rss+xml" />
	<link>https://umtoday-wordpress.ad.umanitoba.ca</link>
	<description>Your Source for University of Manitoba News</description>
	<lastBuildDate>Tue, 27 Jan 2026 15:13:58 +0000</lastBuildDate>
	<language>en-US</language>
		<sy:updatePeriod>hourly</sy:updatePeriod>
		<sy:updateFrequency>1</sy:updateFrequency>
	<generator>https://wordpress.org/?v=6.7.1</generator>
	<item>
		<title>Multi-factor authentication will add additional security</title>
        
          <alt_title>
                Authentication changes for staff and faculty are coming to campus 
</alt_title>
        
        
		<link>https://umtoday-wordpress.ad.umanitoba.ca/multi-factor-authentication-will-add-additional-security/</link>
		<comments>https://umtoday-wordpress.ad.umanitoba.ca/multi-factor-authentication-will-add-additional-security/#comments</comments>
		<pubDate>Tue, 06 Oct 2020 18:18:48 +0000</pubDate>
		<dc:creator><![CDATA[Terry Vandenbroeck]]></dc:creator>
				<category><![CDATA[Network News]]></category>
		<category><![CDATA[Cybersecurity]]></category>
		<category><![CDATA[information security and compliance]]></category>
		<category><![CDATA[MFA]]></category>
		<category><![CDATA[Staff]]></category>
		<category><![CDATA[Student]]></category>
		<category><![CDATA[Things to Know]]></category>

		<guid isPermaLink="false">https://news.umanitoba.ca/?p=135649</guid>
		<description><![CDATA[Multi-factor authentication (MFA) is coming to the UM. This is great news because it means better security for our systems and data. Staff and faculty are required to regularly log in to the university network to maintain to the activation of software licenses and to receive security patches and software updates. This October, you will be [&#8230;]]]></description>
        
        <alt_description><![CDATA[<img width="120" height="90" src="https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372-120x90.jpg" class="attachment-newsfeed size-newsfeed wp-post-image" alt="" style="margin-bottom:0px;" decoding="async" srcset="https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372-120x90.jpg 120w, https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372-800x600.jpg 800w, https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372-768x576.jpg 768w, https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372-1200x900.jpg 1200w, https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2020/08/iStock-1041476372.jpg 2000w" sizes="(max-width: 120px) 100vw, 120px" /> Multi-factor authentication (MFA) is coming to the UM. This is great news because it means better security for our systems and data.]]></alt_description>
        
				<content:encoded><![CDATA[<p>Multi-factor authentication (MFA) is coming to the UM. This is great news because it means better security for our systems and data.</p>
<p>Staff and faculty are required to <a href="https://news.umanitoba.ca/working-remotely-log-in-to-the-virtual-private-network-vpn-regularly/">regularly log in to the university network </a>to maintain to the activation of software licenses and to receive security patches and software updates.</p>
<p>This October, you will be encouraged to add an additional security factor when signing in to the virtual private network (VPN).</p>
<h3><strong>What is MFA?</strong></h3>
<p>Multi-factor authentication or MFA adds an extra layer of security to your university accounts to protect you, your data and university systems from unauthorized access and phishing attacks.&nbsp;</p>
<p>Verifying your identity using a second factor such as your phone or mobile device prevents others from accessing your accounts, even if they know your password.</p>
<p>“Traditional security methods like passwords are no longer enough,” says Patrick McCarthy, director of information security and compliance.&nbsp;</p>
<p>“Bad actors have become skilled at exposing the weaknesses of password-based authentication. One effective method to successfully mitigate this vulnerability is adding an additional security layer with multi-factor authentication.”</p>
<h3><strong>How does it work?</strong></h3>
<p>Using multi-factor authentication is simple:</p>
<ol>
<li>Self-enroll by registering your phone or mobile device in Duo. You only have to enrol once.</li>
<li>Use Pulse Secure to connect to the VPN and enter your username and password.</li>
<li>Use your phone or mobile device to verify your identity.</li>
<li>You’re securely logged in!</li>
</ol>
<p>Note: If you are unable to use a mobile device for MFA, please contact the IST Service Desk at 204-474-8600 for more options.&nbsp;</p>
<h3>Why is it important?</h3>
<p>With an increase in remote work, more staff are using the virtual private network (VPN) to connect to a variety of systems, using both university-managed and personal home computers.&nbsp;</p>
<p>And, because VPN is accessible from anywhere on the Internet, cyber security advisers expect VPN attacks to increase. Non-profit cyber security agencies and government bodies like the <a href="https://cyber.gc.ca/en/guidance/secure-your-accounts-and-devices-multi-factor-authentication-itsap30030?utm_source=dlvr.it&amp;utm_medium=facebook">Canadian Centre for Cyber Security</a> strongly recommend that organizations enable multi-factor authentication to protect VPN accounts from unauthorized access.</p>
<p>The university will begin rolling out multi-factor authentication to all staff and faculty VPN users starting October 13, 2020. &nbsp;You will receive an email notification and enrollment instructions when MFA is rolled out to your area.</p>
<h3>Win a prize!</h3>
<p><span class="TextRun Highlight BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177">Enrol&nbsp;</span></span><span class="TextRun Highlight BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177">in Duo&nbsp;</span></span><span class="TextRun Highlight BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177">and use&nbsp;</span></span><span class="TextRun Highlight BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177">multi-factor authentication to connect to the VPN</span></span><span class="TextRun Highlight BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177"> this October and November to qualify</span></span><span class="TextRun BCX9 SCXW168660177" lang="EN-CA" lang="EN-CA" xml:lang="EN-CA" data-contrast="auto"><span class="NormalTextRun BCX9 SCXW168660177">! </span></span>Visit our <a href="https://umanitoba.ca/computing/ist/security/cyber-security-month.html">Cyber Security Awareness Month website</a> for contest details. &nbsp;</p>
<p><em>If you have any questions or concerns about this new initiative, please contact the Service Desk at 204-474-8600. </em></p>
<p>&nbsp;</p>
]]></content:encoded>
			<wfw:commentRss>https://umtoday-wordpress.ad.umanitoba.ca/multi-factor-authentication-will-add-additional-security/feed/</wfw:commentRss>
		<slash:comments>4</slash:comments>
		</item>
		<item>
		<title>Did you click the link?</title>
        
          <alt_title>
                Did you click the link? Online tax-phishing simulation catches fewer than last year 
</alt_title>
        
        
		<link>https://umtoday-wordpress.ad.umanitoba.ca/did-you-click-the-link/</link>
		<comments>https://umtoday-wordpress.ad.umanitoba.ca/did-you-click-the-link/#respond</comments>
		<pubDate>Tue, 21 May 2019 19:02:04 +0000</pubDate>
		<dc:creator><![CDATA[Terry Vandenbroeck]]></dc:creator>
				<category><![CDATA[Network News]]></category>
		<category><![CDATA[cyber security]]></category>
		<category><![CDATA[information security and compliance]]></category>
		<category><![CDATA[phishing]]></category>
		<category><![CDATA[Staff]]></category>
		<category><![CDATA[Things to Know]]></category>

		<guid isPermaLink="false">http://news.umanitoba.ca/?p=112937</guid>
		<description><![CDATA[Information Security &#38; Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. Last year, the same phishing simulation was used. And like last year, the email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.” Compared [&#8230;]]]></description>
        
        <alt_description><![CDATA[<img width="120" height="90" src="https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2019/05/Did-you-click-smg-120x90.jpg" class="attachment-newsfeed size-newsfeed wp-post-image" alt="pie chart image" style="margin-bottom:0px;" decoding="async" /> Information Security & Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. Last year, the same phishing simulation was used. And like last year, the email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.”]]></alt_description>
        
				<content:encoded><![CDATA[<p>Information Security &amp; Compliance sent all U of M employees a simulated phishing email during National Fraud Prevention Month in March. Last year, the same phishing simulation was used. And like last year, the email pretended to be from the university’s payroll department and contained the subject line, “Important notice regarding your tax information.”</p>
<p>Compared to last year, the simulation saw a slight decrease in the number of people who clicked the link &#8212; 6.7% compared to last year&#8217;s 6.8%.&nbsp;</p>
<p>The results also showed that of the 6.7% who clicked the link, many were repeat offenders.</p>
<p>&#8220;Given the global coverage of our community, this is not surprising,&#8221; says David Treble, IT Security Officer. &#8220;Sometimes users travelling outside the country are more apt to click links that stress urgency or action, as they may not wish to be inconvenienced while travelling.&nbsp; Other times a phishing email may be timed nicely with real life events, like tax time. &#8221;</p>
<p>Regardless,&nbsp; the trend over three years of the same phishing simulation shows a gradual decrease in staff and faculty who click the link.&nbsp;</p>
<p>To avoid falling for a tax-phishing scam, follow these three simple tips:</p>
<ul>
<li><strong>Don&#8217;t open it</strong>. Most tax-related government agencies do not initiate contact by email, text message or social media. If the email mentions tax forms, it is likely a scam. Either delete the email or forward it to <a href="mailto:spam@umanitoba.ca">spam@umanitoba.ca</a> for review.</li>
<li><strong>Verify the sender</strong>. Don’t assume an email is legitimate by looking at the header– it’s easy to fake a <em>From: </em>or <em>Reply-to:</em> Call the sender to confirm the request is legitimate.</li>
<li><strong>Check if the URL is correct</strong>. Don’t be misled by sites claiming to be a government agency or tax-software company. Just mouseover any link to verify the URL it is really linked to. Make sure URLs are spelled correctly too.&nbsp;</li>
</ul>
<p>Think before you click!</p>
<p>&nbsp;</p>
<h2>About email simulations</h2>
<p>Simulated email messages provide a realistic experience in a safe and controlled environment. They are designed to help us recognize and resist tactics used in real phishing attacks.</p>
<p>Periodic simulations will continue as a part of the university’s Cyber Security Awareness Campaign.</p>
<h2><strong><br />
Remember, information security starts with you!</strong></h2>
<p><em>For more information about phishing attacks, visit the Information Security and Compliance web page at </em><a href="http://umanitoba.ca/computing/ist/security/phishing.html"><em>http://umanitoba.ca/computing/ist/security/phishing.html</em></a><em>. </em></p>
<p>&nbsp;</p>
]]></content:encoded>
			<wfw:commentRss>https://umtoday-wordpress.ad.umanitoba.ca/did-you-click-the-link/feed/</wfw:commentRss>
		<slash:comments>0</slash:comments>
		</item>
		<item>
		<title>How to catch a phish</title>
        
          <alt_title>
                How to catch a phish 
</alt_title>
        
        
		<link>https://umtoday-wordpress.ad.umanitoba.ca/how-to-catch-a-phish/</link>
		<comments>https://umtoday-wordpress.ad.umanitoba.ca/how-to-catch-a-phish/#comments</comments>
		<pubDate>Tue, 08 May 2018 16:44:01 +0000</pubDate>
		<dc:creator><![CDATA[Terry Vandenbroeck]]></dc:creator>
				<category><![CDATA[Network News]]></category>
		<category><![CDATA[information security and compliance]]></category>
		<category><![CDATA[IST]]></category>
		<category><![CDATA[privacy]]></category>
		<category><![CDATA[security]]></category>
		<category><![CDATA[Staff]]></category>
		<category><![CDATA[Students]]></category>

		<guid isPermaLink="false">http://news.umanitoba.ca/?p=89992</guid>
		<description><![CDATA[Cybercriminals use phishing emails to manipulate people into doing what they want, including providing personal information such as banking or identification records. Because of this element of manipulating human emotions, phishing is considered a kind of social engineering. According to the Canada Business Network website, “There are many social engineering tactics, but the basic idea [&#8230;]]]></description>
        
        <alt_description><![CDATA[<img width="120" height="90" src="https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2018/05/phishing_how_to_spot_may15_ver2-120x90.png" class="attachment-newsfeed size-newsfeed wp-post-image" alt="How to spot a phishing email" style="margin-bottom:0px;" decoding="async" /> Cybercriminals use phishing emails to manipulate people into doing what they want, including providing personal information such as banking or identification records. Because of this element of manipulating human emotions, phishing is considered a kind of social engineering.]]></alt_description>
        
				<content:encoded><![CDATA[<p>Cybercriminals use phishing emails to manipulate people into doing what they want, including providing personal information such as banking or identification records. Because of this element of manipulating human emotions, phishing is considered a kind of social engineering.</p>
<p>According to the <a href="https://canadabusiness.ca/digital-literacy/privacy-and-security/fraud-and-scams/social-engineering/">Canada Business Network website</a>, “There are many social engineering tactics, but the basic idea is the same for all: a hacker will pretend to be someone they are not, and will try to trick or bully someone into giving away sensitive information that the hacker needs to carry out their attack.”</p>
<p>Technology makes manipulation through phishing easy. Setting up and operating a phishing attack is fast, inexpensive and low risk: any cybercriminal with an email address can launch one.</p>
<p>According to Verizon&#8217;s <a href="http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/">2017 Data Breach Investigations Report</a>, the education sector saw a rise in social engineering–based attacks. Students, staff, and faculty all lose when personal data and research are disclosed to unauthorized parties.</p>
<p>Phishing played a part in more than 40 per cent of these breaches. Knowing what you&#8217;re up against can help you be more secure in your online life.&nbsp;</p>
<p>Here are the six signs of a suspicious email:</p>
<ol>
<li><strong>Stranger danger</strong>: A sender address that does not match the sender name</li>
<li><strong>No John Hancock</strong>: A signature that is overly generic</li>
<li><strong>Hover to discover</strong>: Mouse over links in email to reveal their true URL. If the name and the URL do not match, delete the email.</li>
<li><strong>Do not open unexpected attachments</strong>: They are a cybercriminal&#8217;s #1 choice for spreading malicious software.</li>
<li><strong>Trust your instincts</strong>: Does that email feel ‘off’ in some way? It probably is. Forward it to spam[at]umanitoba[dot]ca to confirm the message.</li>
<li><strong>Is it urgent? Slow down</strong>. An “IMPORTANT MESSAGE” may be a phishing attempt. Cybercriminals want you to do what you&#8217;re told, when you&#8217;re told. Think before you click.</li>
</ol>
<p>If an email you’ve received contains two or more of the indicators listed above, delete it or forward the message to spam[at]umanitoba[dot]ca.</p>
<p><em>For more information about phishing attacks, visit the Information Security and Compliance web page at </em><a href="http://umanitoba.ca/computing/ist/security/phishing.html"><em>http://umanitoba.ca/computing/ist/security/phishing.html</em></a><em>. </em></p>
]]></content:encoded>
			<wfw:commentRss>https://umtoday-wordpress.ad.umanitoba.ca/how-to-catch-a-phish/feed/</wfw:commentRss>
		<slash:comments>2</slash:comments>
		</item>
		<item>
		<title>How to stay safe in cyberspace</title>
        
          <alt_title>
                How to stay safe in cyberspace 
</alt_title>
        
        
		<link>https://umtoday-wordpress.ad.umanitoba.ca/how-to-stay-safe-in-cyberspace/</link>
		<comments>https://umtoday-wordpress.ad.umanitoba.ca/how-to-stay-safe-in-cyberspace/#respond</comments>
		<pubDate>Fri, 13 Oct 2017 15:11:01 +0000</pubDate>
		<dc:creator><![CDATA[Terry Vandenbroeck]]></dc:creator>
				<category><![CDATA[Network News]]></category>
		<category><![CDATA[faculty]]></category>
		<category><![CDATA[information security and compliance]]></category>
		<category><![CDATA[Security Services]]></category>
		<category><![CDATA[Staff]]></category>
		<category><![CDATA[Students]]></category>

		<guid isPermaLink="false">http://news.umanitoba.ca/?p=76157</guid>
		<description><![CDATA[Cyber security is an ongoing pursuit. Our Information and Security Compliance staff works diligently to ensure that your computing information is protected all year round. This means improving our practices around network security, e-mail security and device security, in addition to the daily monitoring and reporting of cyber threats. The new identity and access management [&#8230;]]]></description>
        
        <alt_description><![CDATA[<img width="120" height="90" src="https://umtoday-wordpress.ad.umanitoba.ca/wp-content/uploads/2017/10/StockSnap_L495ZQH5KK-120x90.jpg" class="attachment-newsfeed size-newsfeed wp-post-image" alt="Students working on laptops in a library" style="margin-bottom:0px;" decoding="async" loading="lazy" /> Cyber security is an ongoing pursuit.]]></alt_description>
        
				<content:encoded><![CDATA[<p>Cyber security is an ongoing pursuit.</p>
<p>Our Information and Security Compliance staff works diligently to ensure that your computing information is protected all year round. This means improving our practices around network security, e-mail security and device security, in addition to the daily monitoring and reporting of cyber threats.</p>
<p>The new identity and access management system — <a href="http://umanitoba.ca/computing/ist/accounts/signumfaqs.html">signUM</a> — is part of these efforts to maximize the security of your personal data. It supports the U of M password standard, which requires users to create a 10-character password that must be changed on an annual basis.</p>
<p>Since the Internet is always “on,” individuals must also remain vigilant to protect personal information and mobile devices — including laptops, tablets, smartphones, and wearable technology.</p>
<p>Here are some tips:</p>
<ul>
<li><strong>Add a passcode</strong> to your cell phone, tablet, or laptop right now!</li>
<li><strong>Use strong passwords or passphrases</strong>, especially for online banking and other important accounts.</li>
<li><strong>Enable multifactor authentication</strong> wherever possible. This helps secure your accounts by requiring hardware or biometrics in addition to your password.</li>
<li><strong>Check your social media settings.</strong> Enable two-step verification whenever possible.</li>
<li><strong>Educate yourself.</strong> Stay informed about the latest  security issues such as malware and phishing on the <a href="http://umanitoba.ca/computing/ist/security/latestphish.html">IST website</a>.  Review these <a href="https://www.getcybersafe.gc.ca/index-en.aspx">online safety practices</a> from the Government of Canada.</li>
</ul>
<p>&nbsp;</p>
<p>READ MORE</p>
<ul>
<li><a href="http://news.umanitoba.ca/think-before-you-click/">Think before you click!</a></li>
<li><a href="http://news.umanitoba.ca/phishing-attacks-identifying-malicious-links-in-your-email/">Phishing attacks: Identifying malicious links in your email</a></li>
<li><a href="http://news.umanitoba.ca/protect-yourself-and-the-university-against-phishing-attacks/">Protect yourself and the university against phishing attacks</a></li>
<li><a href="http://news.umanitoba.ca/beware-of-malicious-attachments/">Beware of malicious attachments</a></li>
<li><a href="http://news.umanitoba.ca/protecting-sensitive-data/">Protecting sensitive data</a></li>
</ul>
<p>&nbsp;</p>
<p>Visit the IST website for more about <a href="http://umanitoba.ca/computing/ist/security">Information Security and Compliance</a> at the U of M.</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
]]></content:encoded>
			<wfw:commentRss>https://umtoday-wordpress.ad.umanitoba.ca/how-to-stay-safe-in-cyberspace/feed/</wfw:commentRss>
		<slash:comments>0</slash:comments>
		</item>
	</channel>
</rss>
