PrISM has developed online privacy and information security training for all faculty and staff at UBC. This 20-30-minute training session will empower you to protect personal information and other confidential UBC information and systems.

Learn more about the training.

Perform custom risk assessments / investigations into emerging, or prevalent risk areas to assist in better understanding and mitigating privacy and information security risk.

1. Privacy Impact Assessment (PIA) helps identify and mitigate potential privacy and security issues related to all new or substantially modified systems, projects, programs or activities, thereby fulfilling UBC’s legal requirements.
2. Application Risk Assessments (ARA) covers technical risk areas such as vulnerability management and privileged access.
3. Operational Risk Assessments (ORA) focuses on risks relating to end-user handling of personal information.
4. Tailored Risk Assessments (if none of the above fit your needs).

Encryption is the most effective way to keep your personal information and UBC’s data secure. Encryption is a method of making information unreadable in order to protect it from unauthorized access. When information is encrypted, a password is required to make it readable again.

UBC policy and British Columbia law require all mobile devices (including laptops) that are used to store confidential information to be encrypted. The PrISM team is working to encourage encryption of all devices used for work purposes by departments and faculties at UBC. Learn more about encryption.

The awareness and communication project is working to increase education and awareness to change behavior and build a privacy and information security conscious culture. The creation of the Privacy Matters @ UBC initiative to ensure that all faculty and staff are regularly exposed to communications about privacy and information security requirements. The comprehensive communications strategy is working to sustain awareness and engagement among faculty and staff at UBC.

In a continued effort to increase the dialogue and transparency about cybersecurity at UBC, we will be relaunching the confidential communications website for information security. This site will be a secure, non-public environment meant for UBC staff, faculty, researchers, and affiliates. The information posted on the website is confidential and is therefore subject to specific access and sharing restrictions.

Basic access to this site requires Campus-Wide Login (CWL) credentials. If you are located off-campus, a myVPN connection is required.  As an added level of security, users are required to apply for access to privileged information.  A request form is available after logging in to the new site and accepting the Terms and Conditions. The website is now available at cc.cybersecurity.ubc.ca.

As part of the ongoing effort to enhance cybersecurity at UBC, network security upgrades will be implemented at the UBC Okanagan campus for all university-based wired and wireless networks (ubcsecure, ubcvisitor, ubcprivate, and eduroam). This upgrade will add a layer of protection to prevent unintentional visits to malicious websites.

After the upgrade, if a user on the UBC network accidently clicks on a link to a high-risk website, their browser will redirect them to a block page. Only websites that are known to be malicious will be blocked by the system, including:

• Malware sites that host malicious software, mobile threats, and more
• Phishing sites that aim to trick users into handing over personal or financial information
• ‘Command and Control Callbacks’ that allow compromised devices to communicate with an attackers’ infrastructure

Please note: this process is automatic and this new service will not track or log individual user website activity.

The network security upgrade at UBC Okanagan is Phase 1 of this project and we will be making similar upgrades at the Vancouver campus within the next few months. More details will be made available shortly.

To ensure that UBC’s confidential data and information systems are safe from a data breach, the university has Information Security Standards that govern the use and protection of university data and computing resources. As required by Policy #104, Acceptable Use and Security of UBC Electronic Information and Systems, all faculty and staff are responsible and accountable for following these standards.

These Information Security Standards are subject to periodic reviews to adapt to changing expectations and risks. The next review cycle begins this year. All staff and faculty are invited to provide feedback on the standards. You can provide feedback at privacymatters.ubc.ca/issreview or by emailing privacy.matters@ubc.ca.

All feedback will be forwarded to the members of a review team made up of staff and faculty members for analysis. The team will then publish draft amendments to the standards for comment by the campus community. The team will then make final amendments and forward them to the Chief Information Officer for approval.

The current information security standards can be found at https://cio.ubc.ca/information-security-standards

All are encouraged to participate in this important process and your input is greatly appreciated.

As part of our ongoing effort to enhance cybersecurity at UBC, we will be introducing multi-factor authentication (MFA) across the university within the next year. By adding MFA to frequently used university applications, we will strengthen access security by requiring two or more methods to verify a user’s identity. We are amongst the first universities in Canada to introduce multifactor authentication broadly into our applications, joining other organizations including Facebook, Harvard, and MIT.

We are currently working with Duo Security to create an experience that is as seamless and simple as possible. The first phase of the project will include multifactor authentication for:

• Several high-traffic sites and applications used by UBC IT employees
• UBC IT VPN Pool

Learn more about the project at https://privacymatters.ubc.ca/enhancedcwl (CWL username/password required).