The University provides a number of tools to help protect your computer from threats to data and privacy.
UofT Information Security guidelines and policies: https://security.utoronto.ca/
OISE offers a range of how-tos and advice for staying secure: https://www.oise.utoronto.ca/educationcommons/cybersecurity
SentinelOne Endpoint Protection (anti-virus, anti-malware, compliance). Contact BIOTA to have this tool installed on your computer.
1Password password manager. Most account breaches occur because of password reuse across multiple services. 1Password is a tool to help generate and manage the use of strong, unique passwords for all your professional and personal accounts. Free for UofT faculty, students, and staff. See:
Set up your 1Password account (Faculty, librarians and staff)
Set up your 1Password account (Students)
Security Awareness Training
All faculty and staff are encouraged to undertake cyber security awareness training to help keep you safe from common threats. Please contact BIOTA if you wish to be signed up for the training platform.
Security Awareness and Training platform
We recommend signing up for a free monitoring service that informs you when your email address has been spotted in a public data breach.
One such service is “‘;–have i been pwned?” https://haveibeenpwned.com/
Windows Ransomware Protection
Windows Defender can limit access to important folders such as Documents only to applications on Microsoft’s “Safe” list, such as Office applications. To enable Ransomware Protection, open Windows Settings. In the ‘Find a setting’ box, type ‘ransom’ and select ‘Ransomware protection’.
In the Ransomware protection window, change the toggle in the ‘Controlled folder access’ section to ‘On’.
Phishing
From time to time you will receive email from from senders with pseudo-official titles (Help Desk, The Bank, Wealthy Benefactor…) that are transparently fraudulent. The very stupid ones are relatively easy to spot by their tortured grammar and general confusion. However there are more sophisticated attackers sending much more convincing messages intended to steal your financial information, account credentials, or infect your computer. An email itself cannot do this unless the recipient clicks a link to a malicious web site or opens a malicious attachment.
Before clicking any links in emails, hover your pointer over the link to reveal the web address (URL). If anything looks suspicious about the link, do not click. Contact BIOTA if you want us to vet the legitimacy of any message, link, or attachment.
When any web site asks for your username/password information, always check the web page address at the top of the browser window. Make sure the address belongs to the entity you intended to reach. Any site demanding a log in should be offering an encrypted connection; the URL will begin with “https://” — note the “s“. Your browser will warn you if there is anything inconsistent about the encryption certificate.
Things to bear in mind:
- There is no verification of sender name or address built into email. It is trivially easy to spoof the name of a sender. You may receive mail apparently from someone you know that is in fact malicious.
- Email is an insecure medium; never send confidential info (financial, password) in email.
- It is trivially easy to exactly replicate the look of a login web page (UTORid, banking, Facebook). The only way to be sure it’s the real thing is to examine the web address and encryption certificate carefully.
Be vigilant.
More information about how to protect yourself is available at: https://securitymatters.utoronto.ca/ Report suspected phishing email by forwarding to: report.phishing@utoronto.ca