New Minimum Cybersecurity Controls for accessing UBC Electronic Information and Systems
UBC Executive has mandated new minimum cybersecurity requirements for faculty, staff, and researchers accessing UBC Electronic Information and Systems. Learn more
Valuable Privacy & Security Information During COVID-19 Restrictions
It can be difficult to keep track of all the privacy and security reminders you are receiving during your change in work circumstances due to the Coronavirus outbreak.
On this page you will find a consolidation of privacy resources, and security reminders and tips, for staff, faculty, researchers and students. Please make ample use of these resources, and bookmark them to your browser for quick future reference.
Some of the sections below also include downloadable material that you may want to share during team meetings and publish on internal websites.
Faculty, Staff & Researchers - Privacy
Protect personal information while working from home
During the COVID-19 pandemic, please review these important reminders to protect personal information while working from home.
Simple steps to take include:
1. Log off or shut down your laptop or home computer when you are not using it
2. If you will be working with personal information from home or remotely, take care to make sure you are the only person able to access the records.
3. Set the automatic logoff on your devices to run after a short period of idleness.
4. Do not share a laptop used for working with personal information with other individuals, including family members and friends.
5. Make sure you understand and follow UBC’s Securing Computing and Mobile Storage Devices policy. This includes the newly mandated minimum cybersecurity controls.
Amendments to Restrictions (FIPPA Bill 35 & Ministerial Order M085)
Data current as of: July 15, 2020
UBC is subject to the Freedom of Information and Protection of Privacy Act (FIPPA), part of which states that faculty and staff cannot store personal information outside of Canada without written consent. As such, the use of many popular cloud services and applications that possibly collect, store, transmit, or access personal information outside of Canada has been limited for staff and faculty.
Recent changes in legislature (BILL 35) have amended the requirements of the Privacy Act to allow for processing and storage of personal information outside of Canada, within specific criteria.
Also, in March 2020 Ministerial Order M085 was implemented, temporarily allowing disclosure of personal information outside of Canada, within specific criteria in response to the COVID-19 crisis.
On June 5, the provincial government announced the extension of Order M085 to December 31, 2020 (it was originally due to expire June 30). At UBC, this means we are able to implement solutions that store personal information outside Canada where necessary to allow remote working and learning. All potential solutions are still required to go through a rigorous Privacy Impact Assessment to ensure that they comply with privacy and security requirements.
What does this mean for UBC?
1. Increased opportunity for technology adoption.
2. Responsible process for planning and adopting and using new technologies.
3. The need to complete a Privacy Impact Assessment is still in place.
4. Consider opportunities that meet the needs in your function.
Contact Privacy Matters @ UBC for more information.
Faculty, Staff & Researchers - Security
The Impact of COVID-19 on Cybersecurity
Sadly, cybercriminals are taking advantage of the COVID-19 pandemic as a thematic lure for their malicious activities. They know that presently many are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious.
Criminals have developed enticing COVID-19-related content to trick potential victims into clicking on malicious links and attachments. Lures are commonly found in phishing email campaigns attempting to distribute information-stealing malware or ransomware on personal computers and mobile devices.
What to watch for
COVID-19 lures are increasingly used by criminals to advertise counterfeit medical supplies, elicit fraudulent donations, and support other fraudulent schemes.
These lures often attempt to imitate the branding of legitimate organizations in order to build trust in the victim. Cybercriminals are aware that the names and logos of international organizations or national health agencies are appearing more frequently in the news and on social media, but that most individuals are unfamiliar with their websites and communication activities.
The COVID-19 pandemic has caused many staff, faculty and researchers to adapt to a remote working environment. As a result, many are accessing sensitive data through myVPN and cloud-based applications for the first time. To compound the vulnerability, many are using their personal devices and home Wi-Fi networks that are poorly secured in comparison to UBC’s on-campus network.
Much of the criminals focus is centered on staff and faculty that have appointments in units of strategic interest such as HR and finance, recruitment and development.
Even as on-site working restrictions are slowly being relaxed, provincial security professionals are anticipating an increase over the coming year in COVID-19 related cyber threat activity as more traditional espionage activities remain hampered by travel restrictions and physical distancing.
In order to stay connected to students and fellow colleagues, many are introducing video-conferencing platforms such as Zoom and Skype for Business into their workday and criminals are looking to exploit this change in routine. Thankfully the UBC Cybersecurity team and UBC IT have worked together to publish practical advice for using recommended audio conferencing, virtual meetings and instant messaging tools.
Check out these instructions on how to get started using videoconferencing tools.
Then please consider this information regarding how to collaborate securely over video.
In the immediate future, it is almost certain that cybercriminals will continue to target individuals into divulging financial data or downloading malicious software. This will very likely be done by impersonating government correspondence or websites, similar to CRA-themed messaging during tax season. As physical distancing restrictions begin to soften across the province, cybercriminals will likely begin crafting phishing messages that revolve around vaccine development and production.
The Canadian Centre for Cyber Security has warned that “the Canadian health sector will almost certainly continue to be targeted by ransomware campaigns of varying sophistication in the immediate future.” UBC researchers must be on alert for possible nefarious messaging intended to hinder the development and production of important medical research.
Additional Information for COVID-19 Researchers
If you are a UBC researcher associated with COVID-19 or epidemiology research, you are a prime target for cybercriminals looking to extract the data you are gathering for exploitative purposes. In cybersecurity terms, you are considered a ‘high-risk’ user. Not because of the risk you pose personally, but because of the sensitive information that you are currently handling.
UBC Executive is mandating that all researchers that access, process, or store high-risk information are to adhere to increased security controls. You can find out more about this by visiting the Increased Security Precautions for Faculty, Staff, and Researchers page.
In addition, there are several steps you can personally take to make yourself and the information you access more secure:
Teleworking Best Practices - Do's & Don'ts Guide
Take Action Against COVID-19 Scams
Ways for Students to Keep Cybersafe
Data current as of: August 28, 2020
With UBC’s transition to online learning and classes, it is important to keep yourself and your information cybersecure. Here’s the top 5 things you can do to keep cybersafe:
1. Protect your password(s) Passwords are an important part of our digital lives and with online learning, your credentials are now more important than ever. Have you ever considered the implications of what would happen if your password was stolen? Learn how to protect your passwords.
2. Protect your devices Keep your operating system and software up to date. Weaknesses in systems and software that are not up to date are vulnerable. Always use malware protection (antivirus) and consider “next gen” products, as they offer more advanced security and take advantage of machine learning to protect you. Many are free or very inexpensive.
3. Back up your data Computer hard drives can crash, computers and smartphones can be lost or stolen, soup can be spilled on laptops, and software viruses or malware can delete your files. Be sure to back-up your data on a regular basis. Be sure to test the backups every few months to check that you can recover your data.
4. Protect your personal information There are a number of ways you can protect your personal information and others. View this quick guide to learn more.
5. Don’t get phished: recognizing phishing and spear-phishing dangers People who want to steal your information can be clever. Learn how to protect yourself against phishing and spear-phishing messages. Received a suspicious email or link? Don't open the message or click the link. For your personal email, learn how to report a Phish and then delete it. For UBC email, forward the message to firstname.lastname@example.org.
6. Secure your WhatsApp conversations Enable the WhatsApp security PIN feature within the WhatsApp application. You can set up a PIN of your own choosing, and even an email address to use if you forget that PIN. This is separate to the six-digit code that WhatsApp sends by SMS when verifying a new installation. This added security layer deter would be hackers from attempting to access your account.
Coronavirus (COVID-19) and UBC’s response
Protecting personal information away from the office
Disclosure of personal information of individuals in crisis
Cybercrime Support Network
Cyber Hygiene for COVID-19
British Columbia's Response to COVID-19
COVID-19: Scams, frauds and misleading claims