Share Files Securely

Share Files Securely

How to safely send sensitive information

Valuable Privacy & Security Information During COVID-19 Restrictions

It can be difficult to keep track of all the timely reminders available to help you maneuver through your change in work circumstances due to the Coronavirus outbreak, all while maintaining proper privacy and security protocols to protect yourself, and the data that you handle.

On this page you will find a consolidation of privacy resources and security reminders and tips for staff, faculty, researchers and students. Please make ample use of these resources as the need arises, and bookmark them to your browser for quick future reference.

Some of the sections below also include downloadable material that may be useful to share during team meetings and publish on internal websites.

Privacy Information

Protect personal information while working from home

Privacy Reminders for Staff, Faculty & Researchers

During the COVID-19 pandemic, please review these important reminders to protect personal information while working from home.

Simple steps to take include:

1. Log off or shut down your laptop or home computer when you are not using it

2. If you will be working with personal information from home or remotely, take care to make sure you are the only person able to access the records.

3. Set the automatic logoff on your devices to run after a short period of idleness.

4. Do not share a laptop used for working with personal information with other individuals, including family members and friends.

5. Make sure you understand and follow UBC’s Securing Computing and Mobile Storage Devices policy. This includes the newly mandated minimum cybersecurity controls.

Download these reminders as a poster

Amendments to Restrictions (FIPPA Bill 35 & Ministerial Order M085)

UBC is subject to the Freedom of Information and Protection of Privacy Act (FIPPA), part of which states that faculty and staff cannot store personal information outside of Canada without written consent. As such, the use of many popular cloud services and applications that possibly collect, store, transmit, or access personal information outside of Canada has been limited for staff and faculty.

Recent changes in legislature (BILL 35) have amended the requirements of the Privacy Act to allow for processing and storage of personal information outside of Canada, within specific criteria.

Also, in March 2020 Ministerial Order M085 was implemented, temporarily allowing disclosure of personal information outside of Canada, within specific criteria in response to the COVID-19 crisis.

What does this mean for UBC?

1. Increased opportunity for technology adoption.

2. Responsible process for planning and adopting and using new technologies.

3. The need to complete Privacy Impact Assessment is still in place.

4. Consider opportunities that meet the needs in your function.

Contact Privacy Matters @ UBC for more information.

Security Information

The Impact of COVID-19 on Cybersecurity

Sadly, cybercriminals are taking advantage of the COVID-19 pandemic as a thematic lure for their malicious activities. They know that presently many are anxious about the future and less likely to act prudently when presented with emails, SMS messages, or advertisements involving COVID-19 that would otherwise seem suspicious.

Criminals have developed enticing COVID-19-related content to trick potential victims into clicking on malicious links and attachments. Lures are commonly found in phishing email campaigns attempting to distribute information-stealing malware or ransomware on personal computers and mobile devices.




What to watch for

COVID-19 lures are increasingly used by criminals to advertise counterfeit medical supplies, elicit fraudulent donations, and support other fraudulent schemes.

These lures often attempt to imitate the branding of legitimate organizations in order to build trust in the victim. Cybercriminals are aware that the names and logos of international organizations or national health agencies are appearing more frequently in the news and on social media, but that most individuals are unfamiliar with their websites and communication activities.




Particularly Vulnerable

The COVID-19 pandemic has caused many staff, faculty and researchers to adapt to a remote working environment. As a result, many are accessing sensitive data through myVPN and cloud-based applications for the first time. To compound the vulnerability, many are using their personal devices and home Wi-Fi networks that are poorly secured in comparison to UBC’s on-campus network.

Much of the criminals focus is centered on staff and faculty that have appointments in units of strategic interest such as HR and finance, recruitment and development.

Even as on-site working restrictions are slowly being relaxed, provincial security professionals are anticipating an increase over the coming year in COVID-19 related cyber threat activity as more traditional espionage activities remain hampered by travel restrictions and physical distancing.




Videoconferencing Tools

In order to stay connected to students and fellow colleagues, many are introducing video-conferencing platforms such as Zoom and Skype for Business into their workday and criminals are looking to exploit this change in routine. Thankfully the UBC Cybersecurity team and UBC IT have worked together to publish practical advice for using recommended audio conferencing, virtual meetings and instant messaging tools.




What's Next?

In the immediate future, it is almost certain that cybercriminals will continue to target individuals into divulging financial data or downloading malicious software. This will very likely be done by impersonating government correspondence or websites, similar to CRA-themed messaging during tax season. As physical distancing restrictions begin to soften across the province, cybercriminals will likely begin crafting phishing messages that revolve around vaccine development and production.

The Canadian Centre for Cyber Security has warned that “the Canadian health sector will almost certainly continue to be targeted by ransomware campaigns of varying sophistication in the immediate future.” UBC researchers must be on alert for possible nefarious messaging intended to hinder the development and production of important medical research.

What steps can you take to avoid being a victim of cybercriminals during the COVID-19 crisis? Please check out the Teleworking Guide and the Take Action Against COVID-19 Scams sections below.

Teleworking Best Practices - Do's & Don'ts Guide



DO

  • Read the UBC IT guide to working off campus for reminders regarding collaboration tools and video conferencing platforms.

  • Make sure you understand and follow UBC’s Securing Computing and Mobile Storage Devices policy. This includes the newly mandated minimum cybersecurity controls.

  • Use approved methods to share files. Be mindful of distribution and dissemination even when utilizing approved platforms

  • Log off of your myVPN connection when away from your computer

  • Follow UBC policy for encrypting computers used for UBC business

  • Use a strong password for your CWL, and change it frequently

  • Close all non-work related windows and applications before and during work related use of personal equipment

  • Create a separate user profile with minimal privileges for work-only use when using a personal computer to perform UBC business

  • Clear browser cache when switching from work to personal use when using a personal computer to perform UBC business


  • DON'T

  • Print work-related materials at home, unless explicitly approved by your manager

  • Auto-forward your office phone to a personal number unless explicitly approved by your manager

  • Connect to phone or video conferences unless you were invited. Upon connecting, always announce your name and affiliation

  • Forward work emails from your FASmail account to a personal email account

  • Connect to a network that you do not own and control (e.g. public Wi-Fi)


  • Download this guide as a poster

    Take Action Against COVID-19 Scams

  • Watch for emails claiming to be from the Centers for Disease Control and Prevention or experts saying they have information about the virus. For the most up-to-date information about the Coronavirus as it relates to British Columbians, visit the official websites for the BCCDC and the World Health Organization.

  • Ignore online offers for vaccinations. There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure COVID-19, online or in stores.

  • Be extra alert to anomalies like calls from cybercriminals pretending to be government organizations, family members in distress, or banks/credit card companies. These calls will often ask for gift cards as payment.

  • Be aware of what you’re clicking on.

  • Do not respond to requests for information. Instead go straight to the source to verify the legitimacy of the request.


  • Download these tips as a poster

    Top 5 Ways for Students to Keep Cybersafe

    With UBC’s transition to online learning and classes, it is important to keep yourself and your information cybersecure. Here’s the top 5 things you can do to keep cybersafe:

    1. Protect your password(s)
    Passwords are an important part of our digital lives and with online learning, your credentials are now more important than ever. Have you ever considered the implications of what would happen if your password was stolen? Learn how to protect your passwords.

    2. Protect your devices
    Keep your operating system and software up to date. Weaknesses in systems and software that are not up to date are vulnerable. Always use malware protection (antivirus) and consider “next gen” products, as they offer more advanced security and take advantage of machine learning to protect you. Many are free or very inexpensive.

    3. Back up your data
    Computer hard drives can crash, computers and smartphones can be lost or stolen, soup can be spilled on laptops, and software viruses or malware can delete your files. Be sure to back-up your data on a regular basis. Be sure to test the backups every few months to check that you can recover your data.

    4. Protect your personal information
    There are a number of ways you can protect your personal information and others. View this quick guide to learn more.

    5. Don’t get phished: recognizing phishing and spear-phishing dangers
    People who want to steal your information can be clever. Learn how to protect yourself against phishing and spear-phishing messages. Received a suspicious email or link? Don't open the message or click the link. For your personal email, learn how to report a Phish and then delete it. For UBC email, forward the message to security@ubc.ca.

    Download these tips as a poster