About
About
About the initiative
Learn more about why privacy matters at UBC.
Privacy and information security at UBC is largely dependent on faculty and staff taking an active role in keeping data secure. UBC provides security tools such as anti-virus software, firewalls, and spam filtering. However, these tools can only do so much. We need your help.
The Privacy Matters @ UBC initiative aims to increase the awareness of privacy and information security at UBC. Higher education institutions are often the target of data breaches, which not only affect the individuals whose personal information is compromised, but also the organization experiencing the breach.
Through comprehensive communication strategy and online training, our goal is to provide the campus community with the information needed to protect personal information and to keep UBC's data secure.
Privacy and Information Security Management (PrISM)
Privacy and Information Security Management (PrISM) at UBC is a coordinated effort between Risk Management Services, the Office of the University Counsel, and the Office of the CIO.
The mandate of PrISM is to enhance the privacy and security of information in electronic and hard-copy format through a series of campaigns related to technology, maintenance, data mapping and risk management, training, awareness, and communications.
Executive Leadership Committee
Program Leadership Committee
Current Projects
Learn more about the current initiatives that are a part of PrISM.
Projects
Online Privacy and Information Security Training
PrISM has developed online privacy and information security training for all faculty and staff at UBC. This 20-30-minute training session will empower you to protect personal information and other confidential UBC information and systems.
Risk Assessment Process
Perform custom risk assessments / investigations into emerging, or prevalent risk areas to assist in better understanding and mitigating privacy and information security risk.
- Privacy Impact Assessment (PIA) helps identify and mitigate potential privacy and security issues related to all new or substantially modified systems, projects, programs or activities, thereby fulfilling UBC’s legal requirements.
- Application Risk Assessments (ARA) covers technical risk areas such as vulnerability management and privileged access.
- Operational Risk Assessments (ORA) focuses on risks relating to end-user handling of personal information.
- Tailored Risk Assessments (if none of the above fit your needs).
Encryption
Encryption is the most effective way to keep your personal information and UBC’s data secure. Encryption is a method of making information unreadable in order to protect it from unauthorized access. When information is encrypted, a password is required to make it readable again.
UBC policy and British Columbia law require all mobile devices (including laptops) that are used to store confidential information to be encrypted. The PrISM team is working to encourage encryption of all devices used for work purposes by departments and faculties at UBC. Learn more about encryption.
Awareness and Communication
The awareness and communication project is working to increase education and awareness to change behavior and build a privacy and information security conscious culture. The creation of the Privacy Matters @ UBC initiative to ensure that all faculty and staff are regularly exposed to communications about privacy and information security requirements. The comprehensive communications strategy is working to sustain awareness and engagement among faculty and staff at UBC.
UBC Cybersecurity Confidential Communications
In a continued effort to increase the dialogue and transparency about cybersecurity at UBC, we will be relaunching the confidential communications website for information security. This site will be a secure, non-public environment meant for UBC staff, faculty, researchers, and affiliates. The information posted on the website is confidential and is therefore subject to specific access and sharing restrictions.
Basic access to this site requires Campus-Wide Login (CWL) credentials. If you are located off-campus, a myVPN connection is required. As an added level of security, users are required to apply for access to privileged information. A request form is available after logging in to the new site and accepting the Terms and Conditions. The website is now available at cc.cybersecurity.ubc.ca.
Network Security Upgrades (Phase 1)
As part of the ongoing effort to enhance cybersecurity at UBC, network security upgrades will be implemented at the UBC Okanagan campus for all university-based wired and wireless networks (ubcsecure, ubcvisitor, ubcprivate, and eduroam). This upgrade will add a layer of protection to prevent unintentional visits to malicious websites.
After the upgrade, if a user on the UBC network accidently clicks on a link to a high-risk website, their browser will redirect them to a block page. Only websites that are known to be malicious will be blocked by the system, including:
- Malware sites that host malicious software, mobile threats, and more
- Phishing sites that aim to trick users into handing over personal or financial information
- ‘Command and Control Callbacks’ that allow compromised devices to communicate with an attackers’ infrastructure
Please note: this process is automatic and this new service will not track or log individual user website activity.
The network security upgrade at UBC Okanagan is Phase 1 of this project and we will be making similar upgrades at the Vancouver campus within the next few months. More details will be made available shortly.
Information Security Standards Review
To ensure that UBC’s confidential data and information systems are safe from a data breach, the university has Information Security Standards that govern the use and protection of university data and computing resources. As required by Policy #104, Acceptable Use and Security of UBC Electronic Information and Systems, all faculty and staff are responsible and accountable for following these standards.
These Information Security Standards are subject to periodic reviews to adapt to changing expectations and risks. The next review cycle begins this year. All staff and faculty are invited to provide feedback on the standards. You can provide feedback at privacymatters.ubc.ca/issreview or by emailing privacy.matters@ubc.ca.
All feedback will be forwarded to the members of a review team made up of staff and faculty members for analysis. The team will then publish draft amendments to the standards for comment by the campus community. The team will then make final amendments and forward them to the Chief Information Officer for approval.
The current information security standards can be found at https://cio.ubc.ca/information-security-standards
All are encouraged to participate in this important process and your input is greatly appreciated.
Enhanced CWL (Multi-Factor Authentication)
PROTECT IT: Keep personal information secure
What is an 'Enhanced CWL'?
To keep personal information at UBC secure, faculty and staff will be asked to update their Campus-Wide Login (CWL) account to an 'Enhanced CWL' account. This update features an additional layer of protection with multi-factor authentication (MFA) provided by Duo Security.
Multi-factor authentication (MFA) is a security standard across North America, providing an effective way to prevent unauthorized access to information. It requires two items to identify a user:
- Something you know (i.e. your password)
- Something you have (typically a trusted mobile phone, land line or hardware token)
This way, even if someone steals your password, the cybercriminal would not be able to hijack your account when it is protected by multi-factor authentication.