Minimum Cybersecurity Controls for UBC Employees

Minimum Cybersecurity Controls for UBC Employees

Minimum Cybersecurity Controls

To protect UBC’s Electronic Information and Systems, minimum cybersecurity controls for all UBC Employees include:

Malware Protection and Endpoint Detection and Response (EDR)

For all UBC-owned Servers and Workstations, Endpoint Detection and Response (EDR) software approved by the CISO must be implemented as per UBC’s Information Security Standard U7, Securing Computing and Mobile Storage Devices/Media.

The cost of this software is being covered centrally; there is no cost to the end user.

Like all of our security tools, UBC’s EDR software has been configured to ensure your privacy is protected. The purpose of this software is to protect your device from malicious software, not to record any personal information about you or your browsing habits. The content of files, emails, passwords, instant messages, etc. is not accessed or recorded. Information about your personal use of UBC Systems and Devices is protected under the Freedom of Information and Protection of Privacy Act, and by UBC’s Information Systems Policy (SC14) and Information Security Standard U10, Accessing Electronic Accounts and Records.

For personally-owned computing devices used for University Business, you must install up-to-date anti-malware and spyware cleaning software (except for smartphones and tablets that do not offer this feature) and configure it to update at least once per day. There are many options for your choice of current anti-malware, including the installation of UBC-recommended EDR software at no cost.

Automatic Blocking of Malicious Websites

UBC-owned Servers and Devices must be protected by a DNS firewall in order to prevent them from communicating with malicious websites, as per UBC’s Information Security Standard U7, Securing Computing and Mobile Storage Devices/Media.

Encryption

In addition to anti-malware and EDR requirements, UBC has Device-level encryption requirements for all Devices used to access UBC Electronic Information and Systems, whether UBC-owned or personally-owned. For details, reference Information Security Standard U5, Encryption Requirements.

Not sure which of these apply to you? Please contact Privacy Matters and a member of the Cybersecurity team will respond to you as quickly as possible.

A few simple reminders to help protect UBC

  • Review the online guide to working remotely for information on how to access emails and files, tools and best practices for virtual meetings, and security requirements.
  • Don’t click on links from unfamiliar sources. Doing so can download malware onto your computer or device even without further action on your part.
  • Report any suspicious emails to security@ubc.ca – the Cybersecurity team will investigate.
  • Protect your password and keep it secure. Don’t use UBC passwords for any other websites.
  • Complete the mandatory Privacy and Information Security Fundamentals training.