fbpx Gabriel Dumont Institue

News

IT Update – Cyber Security

By Gareth Griffiths

Jan 12, 2023

Posted in: ,

To bring further awareness to cyber security, the Gabriel Dumont Institute (GDI) IT department will be writing a series of articles around this topic over the next three months. Cyber Security is one of the biggest threats to the organization and something that impacts all staff. Every staff member needs to be vigilant in order to protect the organization.

The term cyber security covers a vast number of different threats and incidents. From phishing emails asking for personal info to ransomware, viruses, and hacking. We will cover some of these areas and what the GDI IT department is doing are doing to help protect all students, staff, and faculty against it.

Phishing

The most common cyber security threat is phishing emails. This type of email asks the recipient to provide personal, financial, or security information such as username and password, personal data, banking info, etc. There may be a file attached or a link to follow that quite often have a virus embedded into it.

Some of the common subject matters for phishing emails are courier delivery, banking or account compromise, and CRA refunds. Phishing emails usually look reasonably official and legitimate. Here are a list of things that can help identify a phishing email:

  • Email address: Normally sent from a compromised email host or a domain created to sound very similar to the actual domain. Watch for the email domain (part after the @ sign) not matching the company name. For example a courier email from UPS will end in ups.com and not upsnotifier.com, RBC emails will be rbc.com and nothing else.
  • Language: Most of these emails are sent through some kind of auto translator that will be in English but some of the phrasing and grammar will be slightly off.
  • Requests for personal info: Reputable organizations like banks, etc. will not ask for personal info via email as it is not secure.
  • Suspicious attachments or links: If you are not sure, don’t open an attachment.

A received email should pass a ‘sniff’ test. If there is anything odd about it, do not open it or click on a link and report to IT to take a closer look.

2 Factor Authentication (2FA or MFA)

Passwords are the main source of cyber security threats and intrusions. So many people either use insecure passwords, write them down, or reuse the same password throughout many systems.

Many systems employ multi-factor authentication (MFA) to alleviate password problems (you have probably seen this with online banking and Facebook). Multi-factor authentication occurs after successfully logging into a website. You are then prompted to perform an additional action, such as calling your cell phone, sending a text or email, and many other methods. This extra layer of authentication is very effective as no connection is allowed and will be refused without this additional information.

Here at GDI, we are embarking on this 2FA path. We have just purchased licenses to use a product called Cisco Duo. This will mean that logins will require authentication by an app installed on a phone or via another token. We have been testing this product, and it has worked very well. Initially, we will first be using this product to secure VPN connections to the main networks, then we will work on evaluating how to incorporate this product into our Microsoft 365 login systems (which are used as the single sign-on source for many other systems).

The initial rollout to VPN connections should be completed by the end of September, with further testing on other systems to continue.

DNS Firewall

Another system change GDI IT made to help with cyber security is the introduction of a DNS Firewall through the Canadian Internet Registry Agency (CIRA). This is a monitoring service that checks all incoming and outgoing traffic to our main office connections and will block website requests from known bad sites or sites that contain viruses, phishing attempts, or malware.

The DNS Firewall was implemented at the end of July in Regina, Saskatoon, and PA. Since then, it has shown an over 100,000 web requests per-day and is reporting over 450 malware or phishing blocks.

Cyber Security Awareness Training

We have been running Cyber Security Awareness training from D-Zone for the last few years. When a new staff member starts, they are automatically enrolled in the introductory courses and a phishing simulation.

If you haven’t already, please complete the initial training and any subsequent training sessions to ensure we can maintain a low risk score. This is an important tool in our fight against Cyber Crime.

Back to News

Gabriel Dumont Institue

GDI is a Saskatchewan-based educational, employment and cultural institute serving Métis across the province

Search GDI

RSS
Follow by Email
LinkedIn
LinkedIn
Share