Increased Security Precautions for Faculty, Staff, and Researchers

Increased Security Precautions for Faculty, Staff, and Researchers

Last updated: April 15, 2020

There is currently a significant increase in the volume and sophistication of cyber attacks specifically targeting universities and healthcare research facilities. We are receiving frequent notifications from government agencies, such as the Canadian Centre for Cyber Security and other reporting agencies, that the number of attacks is surging. These attackers are using new tactics and techniques designed to exploit confusion surrounding COVID-19. The nature of the attacks is often such that the traditional anti-malware and blocking techniques are not sufficient to protect institutional servers, computers and information.

To respond to the increased risk of attacks, combined with the risk resulting from thousands of faculty and staff working from home, increased cybersecurity controls must be implemented on all servers and computers accessing, processing or storing Medium Risk, High Risk, or Very High Risk information, as those terms have been defined in Information Security Standard #01.

The UBC Executive is mandating that:

  1. Anti-malware and Endpoint Detection and Response software approved by UBC Cybersecurity be installed on all UBC servers that access, process, or store Medium Risk, High Risk, or Very High Risk information;

  2. Anti-malware and Endpoint Detection and Response software approved by UBC Cybersecurity be installed on all UBC-owned faculty, staff, and research computers that access, process, or store significant amounts of Medium Risk, High Risk, or Very High Risk information; and

  3. Encryption must be enabled, and current anti-malware software be installed on personally-owned computers used for accessing UBC systems and information. There are many options for your choice of current anti-malware, including the installation of UBC-approved software at no cost.

The cost of these controls is being covered centrally. There is no cost to the end user.

Like all of our security tools, the new anti-malware and Endpoint Detection and Response software have been configured to ensure your privacy is protected. The purpose of this software is to protect your device from malicious software, not to record any personal information about you or your browsing habits. The content of files, emails, passwords, instant messages, etc. is not accessed or recorded. Information about your personal use of UBC systems and devices is protected under the Freedom of Information and Protection of Privacy Act, and by UBC’s Information Systems Policy (SC14) and Information Security Standard #10, Accessing Electronic Accounts and Records.

It is understood that we are in difficult times with respect to our COVID-19 response, and that access to many servers and computers at UBC has been curtailed as a result of the work-from-home situation. It is recognized that it may not be possible to immediately comply with this mandate as many servers and computers will require physical access.

It is neither necessary nor recommended to deploy the new minimum cybersecurity controls at this time to devices that require physical access on campus. These devices can be updated once regular campus operations resume.

There remains, however, an urgent requirement to deploy the new minimum cybersecurity controls to devices that can be updated remotely. For some, these updates will take a few minutes and for others it may take weeks or longer to determine the optimal deployment plan, but in any case it is important to move as quickly as possible in order to assure that UBC information is properly protected.

To learn more about the required cybersecurity software, and what action may be required of you, please click the link that applies to you

Not sure which of these scenarios apply to you? Please complete this short survey and a member of the Cybersecurity team will respond to you as quickly as possible.

General Information

Visit the UBC IT website for an online guide to working remotely, including information on how to access emails and files, tools and best practices for virtual meetings, and security requirements.

You should take some time to refresh your memory on the UBC Information Security Standards, which are mandatory for all Users of UBC Electronic Information and Systems. The Information Security Standards which are particularly relevant are:

A few simple reminders to help protect UBC

  • Watch out for scams directly related to COVID-19, such as emails claiming to be from the Centers for Disease Control and Prevention or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus as it relates to British Columbians, visit the official websites for the BCCDC and the World Health Organization.
  • Don’t click on links from unfamiliar sources. Doing so can download malware onto your computer or device even without further action on your part.
  • Report any suspicious emails to – the Cybersecurity team will investigate.
  • Protect your password and keep it secure. Don’t use UBC passwords for any other websites.
  • Complete the mandatory Privacy and Information Security Fundamentals.