Tips for Faculty & Staff

Tips for Faculty & Staff

When working on or off campus
   

       

Privacy & Information Security - Wherever You Work

           

Take a moment to remember privacy and information security

           

Nearly every UBC faculty and staff member has access to confidential information. As the loss or disclosure of this information could be very harmful, it's important for you to know how to protect it no matter where you are working.

           

Thanks to significant advancements in mobile technologies, more faculty and staff are working remotely than ever before. While this is a convenient arrangement, it can cause concern when users are accessing research, financial or personal information. This type of data is at a higher risk of being compromised, corrupted, or lost when accessed remotely.



           

As the University increases the support for a hybrid working environment (remotely, and in the office) – it is necessary to review some key privacy and information security reminders for all UBC employees. Security and privacy threats are pervasive, and the impact of a breach can be massive – for example, the financial impact of fines and lawsuits, reputational damage to UBC, loss of research, and of course potential harms to affected individuals.

           

       
           
                               
               

Educational and healthcare records sell for $265+ per record on the dark web vs. $5 for a credit card

1                
           
           
                               
                   

87% of educational institutions have experienced at least one successful cyberattack

2                
           
         
                               
                   

Educational institutions have become top ransomware targets

3                
           
         
                               
                   

Cybercrimes to cost the world $10.5 trillion USD annually by 2025, making it more profitable than the global trade of all major illegal drugs combined

4                
           
       

1 https://www.experian.com | 2 https://www.bio-key.com | 3 https://www.cbsnews.com | 4 https://cybersecurityventures.com    
   
               
           

Security Checks When Working in the Office

           

All Devices used for University Business—no matter whether they are owned by the University, by the User, or by a third party—must be protected from theft or unauthorized access. This is clearly mandated in Information Security Standard U7

           

  • Physical security must be in place. For their protection, unattended Devices must be located in a room or other enclosed area that is locked or otherwise access-controlled; or a locked cabinet or other fixed container such as a locked server cabinet or cage.
  • When away from your desk and while commuting, don’t leave your personal devices unattended.
  • Always lock your devices when not in use: When you are not working on your mobile device, always ensure the screen is locked.
  • Familiarize yourself with the other staff in your office and on the floor of the building that your office occupies. Introduce yourself to colleagues and frequent visitors. Kindly ask for UBC identification from any individuals that you don’t recognize.
  •                  
       
       
                   
               

    Security Checks When Working Remotely

              

    When working remotely, it is easy to forget how vulnerable the personal information on your devices can be. Here are a few tips to stay secure when working away from the UBC Network:

               

  • Don’t trust the Wi-Fi: Stay alert when accessing personal information via public Wi-Fi networks, such as those in airports or coffee shops. If a ‘certificate error’ shows up when trying to visit a website or if you feel unsure about the safety of the network, do not use the connection.
  • Never leave your device unattended: Thieves love to look for an easy grab to steal mobile devices; don’t give them the opportunity.
  • Always lock your devices when not in use: When you are not working on your mobile device, always ensure the screen is locked.
  • If you need to enable remote access to UBC systems, contact IT support staff to help configure access as specified in the UBC Information Security Standards.
  •                    
       
       
                   
               

    Top Privacy & Security Reminders

               

    With a highly mobile workforce, cybersecurity precautions remain high for faculty, staff, and student employees, regardless of whether you work remotely or on campus. At UBC, we are responsible for substantial amounts of personal information about students, faculty and staff as well as any other confidential information we hold on behalf of the university. Nearly every UBC faculty and staff member has access to confidential information, including personal and payment card data. As the loss or disclosure of this information could be very harmful, it's important for you to know how to protect it. Please use the following privacy and information security tips as a starting point, then review the links in the "Go even further section..." and bookmark the pages and references most applicable to your role at UBC.

                   
  • Protect your mobile devices, including laptops
  •                
  • Watch for the [CAUTION: Non-UBC Email] banner at the top of emails. Emails from UBC colleagues and services will NOT have this banner applied.
  •                
  • Do not open attachments that you weren't expecting, especially if they require a password to open. Contact the sender either by phone, or by sending them a separate email to a known email address (do not reply to the email you received) to confirm legitimacy.
  •                
  • Do not click on links in messages. Always type the website address into your browser.
  •                
  • If in doubt, forward the email as an attachment to security@ubc.ca
  •                
  • If you think you have clicked on a potentially malicious link, contact security@ubc.ca immediately and reset your CWL password.
  •                
  • Do not encourage users to click on links in messages by building them into workflows!
  •                
  • Keep your passphrases and passwords secure by making each password strong and using multi-factor authentication whenever possible. It is recommended you use a password safe and/or password manager. Where possible, use a minimum 16 character passphrase.
  •                
  • Get encrypted: If an encrypted device gets misplaced or stolen, the information remains scrambled until your password unlocks it. In most cases, encryption means that sensitive data remains secure even in the event of loss or theft.
  •                
  • REPORT! REPORT! REPORT! Report information security incidents promptly to security@ubc.ca.
  •            
               
               
                   

    Go even further...

    For a much more in-depth look at privacy and information security, review the following:

    Complete the full Fundamentals training to learn how to protect yourself and others
    Information Security Standard #3: Transmission and Sharing of UBC Electronic Information
    Policy SC14, Acceptable Use and Security of UBC Electronic Information and Systems [PDF]
    Stream a privacy and information security workshop on demand