COVID-19 Resources

COVID-19 Resources

for Faculty, Staff, Researchers & Students

New Minimum Cybersecurity Controls for accessing UBC Electronic Information and Systems


UBC Executive has mandated new minimum cybersecurity requirements for faculty, staff, and researchers accessing UBC Electronic Information and Systems. Learn more

Valuable Privacy & Security Information During COVID-19 Restrictions


It can be difficult to keep track of all the privacy and security reminders you are receiving during your change in work circumstances due to the Coronavirus outbreak.


On this page you will find a consolidation of privacy resources, and security reminders and tips, for staff, faculty, researchers and students. Please make ample use of these resources, and bookmark them to your browser for quick future reference.


Some of the sections below also include downloadable material that you may want to share during team meetings and publish on internal websites.

Faculty, Staff & Researchers - Privacy

Protect personal information while working from home

During the COVID-19 pandemic, please review these important reminders to protect personal information while working from home.


Simple steps to take include:


1. Log off or shut down your laptop or home computer when you are not using it


2. If you will be working with personal information from home or remotely, take care to make sure you are the only person able to access the records.


3. Set the automatic logoff on your devices to run after a short period of idleness.


4. Do not share a laptop used for working with personal information with other individuals, including family members and friends.


5. Make sure you understand and follow UBC’s Securing Computing and Mobile Storage Devices policy. This includes the newly mandated minimum cybersecurity controls.

Download these reminders as a poster

Amendments to Restrictions (FIPPA Bill 35 & Ministerial Order M085)


Data current as of: July 15, 2020


UBC is subject to the Freedom of Information and Protection of Privacy Act (FIPPA), part of which states that faculty and staff cannot store personal information outside of Canada without written consent. As such, the use of many popular cloud services and applications that possibly collect, store, transmit, or access personal information outside of Canada has been limited for staff and faculty.


Recent changes in legislature (BILL 35) have amended the requirements of the Privacy Act to allow for processing and storage of personal information outside of Canada, within specific criteria.


Also, in March 2020 Ministerial Order M085 was implemented, temporarily allowing disclosure of personal information outside of Canada, within specific criteria in response to the COVID-19 crisis.


On June 5, the provincial government announced the extension of Order M085 to December 31, 2020 (it was originally due to expire June 30). At UBC, this means we are able to implement solutions that store personal information outside Canada where necessary to allow remote working and learning. All potential solutions are still required to go through a rigorous Privacy Impact Assessment to ensure that they comply with privacy and security requirements.


What does this mean for UBC?


1. Increased opportunity for technology adoption.


2. Responsible process for planning and adopting and using new technologies.


3. The need to complete a Privacy Impact Assessment is still in place.


4. Consider opportunities that meet the needs in your function.


Contact Privacy Matters @ UBC for more information.

Faculty, Staff & Researchers - Security

The Impact of COVID-19 on Cybersecurity

Sadly, cybercriminals are taking advantage of the COVID-19 pandemic as a thematic lure for their malicious activities. They know that presently many are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious.


Criminals have developed enticing COVID-19-related content to trick potential victims into clicking on malicious links and attachments. Lures are commonly found in phishing email campaigns attempting to distribute information-stealing malware or ransomware on personal computers and mobile devices.




What to watch for

COVID-19 lures are increasingly used by criminals to advertise counterfeit medical supplies, elicit fraudulent donations, and support other fraudulent schemes.


These lures often attempt to imitate the branding of legitimate organizations in order to build trust in the victim. Cybercriminals are aware that the names and logos of international organizations or national health agencies are appearing more frequently in the news and on social media, but that most individuals are unfamiliar with their websites and communication activities.




Particularly Vulnerable

The COVID-19 pandemic has caused many staff, faculty and researchers to adapt to a remote working environment. As a result, many are accessing sensitive data through myVPN and cloud-based applications for the first time. To compound the vulnerability, many are using their personal devices and home Wi-Fi networks that are poorly secured in comparison to UBC’s on-campus network.


Much of the criminals focus is centered on staff and faculty that have appointments in units of strategic interest such as HR and finance, recruitment and development.


Even as on-site working restrictions are slowly being relaxed, provincial security professionals are anticipating an increase over the coming year in COVID-19 related cyber threat activity as more traditional espionage activities remain hampered by travel restrictions and physical distancing.




Videoconferencing Tools

In order to stay connected to students and fellow colleagues, many are introducing video-conferencing platforms such as Zoom and Skype for Business into their workday and criminals are looking to exploit this change in routine. Thankfully the UBC Cybersecurity team and UBC IT have worked together to publish practical advice for using recommended audio conferencing, virtual meetings and instant messaging tools.


Check out these instructions on how to get started using videoconferencing tools.


Then please consider this information regarding how to collaborate securely over video.




What's Next?

In the immediate future, it is almost certain that cybercriminals will continue to target individuals into divulging financial data or downloading malicious software. This will very likely be done by impersonating government correspondence or websites, similar to CRA-themed messaging during tax season. As physical distancing restrictions begin to soften across the province, cybercriminals will likely begin crafting phishing messages that revolve around vaccine development and production.


The Canadian Centre for Cyber Security has warned that “the Canadian health sector will almost certainly continue to be targeted by ransomware campaigns of varying sophistication in the immediate future.” UBC researchers must be on alert for possible nefarious messaging intended to hinder the development and production of important medical research.


What steps can you take to avoid being a victim of cybercriminals during the COVID-19 crisis? Please check out the Teleworking Guide and the Take Action Against COVID-19 Scams sections below.




Additional Information for COVID-19 Researchers

If you are a UBC researcher associated with COVID-19 or epidemiology research, you are a prime target for cybercriminals looking to extract the data you are gathering for exploitative purposes. In cybersecurity terms, you are considered a ‘high-risk’ user. Not because of the risk you pose personally, but because of the sensitive information that you are currently handling.


UBC Executive is mandating that all researchers that access, process, or store high-risk information are to adhere to increased security controls. You can find out more about this by visiting the Increased Security Precautions for Faculty, Staff, and Researchers page.


In addition, there are several steps you can personally take to make yourself and the information you access more secure:


  • 1. Ensure that the appropriate Endpoint security is in place for all servers, desktops and laptops. This includes personal devices that are used for anything related to UBC Research and UBC Business, especially email. Details about which technologies to use, and how to know that they are properly installed can be found on the Increased Security Controls page. There you will find specific information for both UBC owned devices and personally owned devices.

  • 2. Verify encryption is in place for all applicable devices and systems.

  • 3. Enroll your team in self-phishing training. If your team is not yet receiving regular self-phishing messages, speak to your supervisor about contacting the Cybersecurity team to enroll.

  • 4. Ensure all systems are properly patched and kept up-to-date. If research data is being stored on servers that are internet accessible, those servers need to be registered with UBC Cybersecurity in order for them to receive routine vulnerability scanning. Further information regarding vulnerability scanning can be found on the Cybersecurity Confidential Communications website (CWL login required, with UBC VPN or on-campus IP address).

  • 5. Ensure all research data is properly and regularly backed up. This includes the necessity for "offline" backups, so that bad actors cannot encrypt the backup as well as the primary data.

  • 6. Review information regarding ransomware.


  • Download this information as a poster

    Teleworking Best Practices - Do's & Don'ts Guide



    DO

  • Read the UBC IT guide to working off campus for reminders regarding collaboration tools and video conferencing platforms.

  • Make sure you understand and follow UBC’s Securing Computing and Mobile Storage Devices policy. This includes the newly mandated minimum cybersecurity controls.

  • Use approved methods to share files. Be mindful of distribution and dissemination even when utilizing approved platforms

  • Log off of your myVPN connection when away from your computer

  • Follow UBC policy for encrypting computers used for UBC business

  • Use a strong password for your CWL, and change it frequently

  • Close all non-work related windows and applications before and during work related use of personal equipment

  • Create a separate user profile with minimal privileges for work-only use when using a personal computer to perform UBC business

  • Clear browser cache when switching from work to personal use when using a personal computer to perform UBC business


  • DON'T

  • Print work-related materials at home, unless explicitly approved by your manager

  • Auto-forward your office phone to a personal number unless explicitly approved by your manager

  • Connect to phone or video conferences unless you were invited. Upon connecting, always announce your name and affiliation

  • Forward work emails from your FASmail account to a personal email account

  • Connect to a network that you do not own and control (e.g. public Wi-Fi)


  • Download this guide as a poster

    Take Action Against COVID-19 Scams

  • Watch for emails claiming to be from the Centers for Disease Control and Prevention or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus as it relates to British Columbians, visit the official websites for the BCCDC and the World Health Organization.

  • Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure COVID-19, online or in stores.

  • Be extra alert to anomalies like calls from cybercriminals pretending to be government organizations, family members in distress, or banks/credit card companies. These calls will often ask for gift cards as payment.

  • Be aware of what you’re clicking on.

  • Do not respond to requests for information. Instead go straight to the source to verify the legitimacy of the request.


  • Download these tips as a poster

    Students

    Ways for Students to Keep Cybersafe


    Data current as of: August 28, 2020


    With UBC’s transition to online learning and classes, it is important to keep yourself and your information cybersecure. Here’s the top 5 things you can do to keep cybersafe:


    1. Protect your password(s) Passwords are an important part of our digital lives and with online learning, your credentials are now more important than ever. Have you ever considered the implications of what would happen if your password was stolen? Learn how to protect your passwords.


    2. Protect your devices Keep your operating system and software up to date. Weaknesses in systems and software that are not up to date are vulnerable. Always use malware protection (antivirus) and consider “next gen” products, as they offer more advanced security and take advantage of machine learning to protect you. Many are free or very inexpensive.


    3. Back up your data Computer hard drives can crash, computers and smartphones can be lost or stolen, soup can be spilled on laptops, and software viruses or malware can delete your files. Be sure to back-up your data on a regular basis. Be sure to test the backups every few months to check that you can recover your data.


    4. Protect your personal information There are a number of ways you can protect your personal information and others. View this quick guide to learn more.


    5. Don’t get phished: recognizing phishing and spear-phishing dangers People who want to steal your information can be clever. Learn how to protect yourself against phishing and spear-phishing messages. Received a suspicious email or link? Don't open the message or click the link. For your personal email, learn how to report a Phish and then delete it. For UBC email, forward the message to security@ubc.ca.


    6. Secure your WhatsApp conversations Enable the WhatsApp security PIN feature within the WhatsApp application. You can set up a PIN of your own choosing, and even an email address to use if you forget that PIN. This is separate to the six-digit code that WhatsApp sends by SMS when verifying a new installation. This added security layer deter would be hackers from attempting to access your account.



    Download these tips as a poster