Cyber Security Awareness

Online (Cyber) security is an issue that continues to grow in importance as more of our personal information is stored online. Criminals use viruses and phishing and hacking techniques to try and obtain personal and institutional information and access computing resources for criminal purposes.

While York employs a variety of measures to help protect against these threats, it is also essential that individuals are aware of the issues and take precautions when using computing resources. The security awareness initiative is intended to help promote and provide helpful resources and training to York community members.

3 Ways to Boost your Cybersecurity Awareness

1 Take a Cybersecurity Course

2 Join the National Cybersecurity Alliance!
Get involved and promote a safer, more secure internet. Click here to for information on how to join the National Cybersecurity Alliance!
3 Follow Infosec's Social Media Profiles
We've embraced social media as a means to engage York students, staff and faculty members. You can follow our Facebook, Instagram, and Twitter for up-to-date alerts on all security news and threats.


5 Signs of Phishing

1 External Addresses
Emails from unknown external email addresses always require validation. If you're not sure if an email is coming from an external sender, look at the sender's address ("From" section). An official email from York University should have at the end of the sender's email.
2 External Links
Phishing links will often route you to an external site. If you are unsure if a link is safe, hover (don't click) your cursor over the link (www. address) to check for an external or unexpected destination. Safe links should point to the www. address of the sender or to a reputable site. Legitimate mail from York University will include links to internal ( sites.
3 Requests for personal or financial information
Be suspicious of any email that asks for personal or financial information. Unless you can verify the email is from YorkU's HR department, any email requesting this sort of information is likely fraudulent.
4 Requests for urgent action
Fraudsters and phishers incorporate a sense of urgency to scam as much personal information as possible before they are caught and taken off-line. UIT Information Security sends a cease and desist notice to any websites that are used for phishing.
5 Poor spelling and grammar
Phishing emails will generally contain poor spelling and grammar. Unlike fraudsters, York University and other reputable senders will revise their communications before sending them out.


Dos and Don'ts of Passwords

1 Do use long passwords/passphrases
Password length and complexity have been found to be a primary factor in characterizing password strength. Opt for a long passphrase or use a Password Manager.
2 Don't use simple passwords/passphrases
Password cracking tools are effective at helping attackers in guessing your password. Passwords or passphrases to avoid include personal details, common expressions, song titles or lyrics, movie titles, and quotes. While you may trust that Rick Astley is "Nev3rgonn@GiveUup", he might not keep your account safe. HaveIBeenPwned Top 100,000 cracked passwords.
3 Do use different passwords for different accounts
Avoid using the same password for more than one account. This way, if a hacker cracks it, they cannot have access to information on other accounts.
4 Don't write your passwords down
Avoid writing your passwords down and hiding them under your keyboard or posting them on your monitor for everyone to see.
5 Do change your passwords regularly
You should change your passwords regularly to avoid any data breach. Using the same passwords for a long period of time can put your personal information at risk in the event of a data breach.
6 Don't give out passwords
Do not share passwords, passphrases, passcodes with others.