Your laptop is essential to your work, research, and connection to the UBC community. It gives you incredible mobility and convenience—but it also carries sensitive information that needs protection. While many of us are familiar with risks like malware or phishing, some threats are quieter, harder to spot, and rooted deep within the hardware itself.
Understanding these hidden vulnerabilities helps us better protect UBC data, uphold our responsibilities under privacy legislation, and support a safer digital environment for everyone.
Hardware Threats Run Deeper Than Software
We tend to think of cyber risk as software-based (harmful files, unsafe links, or malicious apps). But attackers also focus on the hardware inside your device. These threats can live below the operating system, where security tools may not detect them.
In some cases, vulnerabilities have been found in the security chips controlling sensitive credentials on common laptops. When exploited, attackers may extract data such as passwords or biometric information, or install malicious code at the firmware level. Because this activity happens so deep within the system, it may continue undetected and can persist even if you reinstall your operating system.
Protecting against these threats requires more than updating your apps. Firmware updates—issued by manufacturers to correct flaws—are just as important. Keeping these components current helps prevent attackers from exploiting deep-level weaknesses.
Encryption: The Foundation of Data Protection
At UBC, the devices we use every day often hold personal information and confidential university data. To protect this data, all Users of UBC Electronic Information and Systems are responsible and accountable for following the Information Security Standards. These standards mandate that all devices—UBC-owned or personal—used to access UBC Electronic Information and Systems must be encrypted.
Encryption scrambles information so it cannot be read without the correct password. If a laptop is misplaced or stolen, encryption ensures the data remains secure.
Physical Security Matters—Especially When Working Remotely
Cybersecurity often focuses on digital threats, but physical access remains one of the simplest ways information can be compromised. Remote and hybrid work can increase these risks as public and shared spaces make it easier for devices to be accessed or tampered with.
- Always lock your laptop when stepping away, even briefly.
- Use password protection on your screen saver.
- Consider a cable lock when working in shared or public spaces.
- If your device is lost or stolen, report it immediately to security@ubc.ca.
Passwords, Backups, and Safe Downloads
Encryption only works if no one can easily access it. Your password acts as the key that protects encrypted data, and a weak or reused password can undermine the protection that encryption provides.
Backing up your files regularly helps ensure that your work remains safe, even if something unexpected happens, such as a lost device or a ransomware incident.
- Use a password that complies with UBC password policy requirements.
- Back up your information regularly—whether to cloud storage or an external drive.
- Download software from trusted sources only. This reduces the likelihood of unintentionally installing malware.
Why This Matters at UBC
Hardware flaws, missing updates, weak passwords, or misplaced laptops may seem like small issues—but together, they can create serious risks. When each of us takes steps to safeguard our devices, we strengthen UBC’s ability to protect the community’s data and ensure continuity in teaching, learning, and research.
By keeping your firmware updated, encrypting your devices, securing them physically, backing up data, and practicing good password habits, you help maintain a safer digital environment for everyone across UBC.