Skip to main content

Top 10 Computer Security Tips

software install Install Operating System and Software Updates

 

Get and install all critical updates for your Operating System.

Periodically there is a release of “patches” or “updates” for versions of your operating system. Some of these are deemed "important' and “critical”, and if left unapplied may leave your computer vulnerable to internet worms or other attacks designed to exploit these flaws. It is important to keep your computer patched (up to date).

We recommend you set up your PC or MAC to automatically check the Microsoft or Apple site to download and install patches, so that you won’t risk missing an important or critical security patch, or you can do this manually.

Operating Systems and Update Instructions
Update
Automatically
Update
Manually
Windows 2000/XP Windows 2000/XP
Windows 7 Windows 7
Windows Vista Windows Vista
MAC OS - X MAC OS - X

 

Operating System and software updates should only be done through the above methods.  Be aware that malicious websites may show pop-ups and disguise malware as “critical software updates”.  See Do Not Download or Install Unknown or Unsolicited Programs or Files for additional information.

anti-virus Use Anti Virus Software

  • Make sure your computer has current anti virus software.
  • Set your anti virus software to scan your computer for viruses daily. You should be able to automatically scan for a large variety of files including email attachments and Internet downloads.
  • Update your anti virus definitions regularly. Your computer must be connected to the Internet and turned on to automatically update your virus definitions.

 

If you do not have anti virus software, Sophos is available for FREE for Ryerson faculty, staff and students and can be downloaded from Software Download page. Sophos can be used on your home and office computer. Sophos will automatically check to see if it needs an update as soon as you log on to the Internet.

Link to top of page

password Protect Password

There are several different forms of password protection. Use complex, hard to guess passwords and change these regularly for your accounts. Password protect your computers, laptop and mobile devices. Also setup screensavers with passwords. Do not share these passwords.

Tips on selecting a password

  • Use passwords that are difficult to guess.
  • Do not use dictionary words in any language or part of your name or anything that is easily associated with you.
  • The greater variety of characters the better. Use a mixture of uppercase, lowercase letters, numbers and symbols.
  • Never use keyboard patterns such as "asdfgh".
  • Use 8 characters or more.
  • Using a passphrase is a good technique for remembering long passwords, so you don't have to write it down. i.e.: Ilike2eatIscream.
  • Use different passwords for each of your computer accounts. If a password is compromised the hacker will not gain access to all your accounts.

 

Link to top of page

E-mail spam Be cautious - Email Spam/Phishing

Email Spam

Email spam is unsolicited mass email. Some spam email can contain offensive content or it may have an attachment that contains a virus that has the potential to harm your computer or the network.

All incoming outside email messages are passed through the Ryerson mail filters to determine whether they are legitimate senders or from "spammers".

Appropriate measures will be taken to try and reduce the amount of incoming spam and reduce the number of messages that have been falsely flagged as spam.

Currently, incoming outside email messages passed through the Ryerson mail filters which are considered to be spam are quarantined and not delivered to your mailbox.  This may cause potential problems because some legitimate messages are falsely flagged as spam, quarantined and the users don’t know about it.  Currently, users contact CCS to check if a message they were expecting has been quarantined and if so CCS will manually release the message from quarantine.

Starting late March 2017 users will be able to manage their spam messages.  Ryerson’s email system will no longer quarantine messages for users.  RMail users will see a new folder called "Spam" in their mailbox and all spam messages will be delivered to that folder.  If a message is not spam users should report it to notspam@ryerson.ca.  They will also be able to move the message from the "Spam" folder into their Inbox or any other folder.  The system will automatically remove messages in the Spam folder that are older than 30 days.

To protect your computer from spam, you should always take precautions including:

  • Only open email from familiar contacts
  • Update your antivirus protection regularly and make sure email filtering is selected
  • Filter out unwanted spam messages by adjusting your email settings

Phishing

Ryerson is receiving an increasing number of "phishing" emails. Phishing emails are designed to deceive you into giving away confidential information like your Ryerson username and password, credit card number or bank account information. This page provides guidance on how to recognize phishing emails so you can report them and delete them.

Common traits of phishing emails:

  • The sender's address is suspicious.
  • The "To" field is blank or for another person.
  • The email includes typos or grammatical errors.
  • The message contains an urgent request for personal information.
  • The message requires immediate action to avoid a problem like losing access to your Ryerson account.
  • When you hover over a link or button in the email, it directs you to an address (usually suspicious) unrelated to the text in the link.
  • We've provided some samples to help you detect phishing emails. Many of these examples are derived from phishing emails that were sent to Ryerson email addresses. The links in these examples have been slightly modified to make them less dangerous but please don't attempt to visit these sites.

Suspicious Senders

Here is an example where the sender is pretending the email is from a ryerson address, but the actual address is really from uniswa.szabc.

Example 1: From: 'no-reply@ryerson.ca' <pjmusi@uniswa.szabc>

Here is an example of an email that claims to be from FedEx where the actual address is from specweldfab.revitalsite.comabc.

Example 2: From:	FedEx International Ground <richard.shepherd@specweldfab.revitalsite.comabc>

It’s always worth taking a moment to carefully check the full email address of the sender.

Urgent Requests for Personal Information

Here is part of an urgent request that included a link to a fake Ryerson login page:

Urgent request 1: 'Due to high numbers of inactive library accounts on our server, you are urged to validate your library account within a week after receiving this e-mail'

Here’s another example of an urgent request:

Urgent request 2: We would be shutting down several RYERSON MAIL Accounts. You will have to confirm your RYERSON MAIL Account.
So you are required to provide us with the following information.

Full Name:
Username:
Password:
Telephone

Both of these fake messages include tell-tale grammatical errors and demand you take action to avoid losing access to your account.

Suspicious Links

Hovering over a link with your mouse and carefully checking the URL is one of the best ways to detect a phishing email. If you are using a tablet or smartphone carefully press and hold the link, rather than tap, to reveal the true URL. Here's an example of a link that goes to a fake Ryerson login page hosted in a server in another country.

If you hover over the link without clicking you will see a very long URL (it may appear in the bottom-left of your browser) like this:

Suspicious Link with long URL

It may remind you of what you see in the location field of your browser when you log into the my.ryerson.ca portal. But it is not the same. Here is the valid address that you see when you login to my.ryerson.ca:

https://cas.ryerson.ca/login?service=https%3A%2F%2Fmy.ryerson.ca%2FLogin

Aside from the fact the fake link is longer, how can you tell which one is a link to a server at Ryerson and which one is not?

  1. The legitimate URL has a forward slash after cas.ryerson.ca/, the fake one has a forward slash after cas.ryerson.ca.eduq.tkabc/.
  2. Another give away is that the fake URL starts with http:// while the valid one starts with https://. Ryerson login pages will always start with the secure https://

Here is fake URL that has been well-crafted to look like a Ryerson address:

https://cas-ryerson.com/login?service=https%3A%2F%3Fmy.ryerson.ca%2FLogin

Notice how a hyphen has replaced the dot. A valid Ryerson host name that isn’t simply http://ryerson.ca must end with .ryerson.ca/

Let's look at two fedex URLs. Which one takes you to a Fedex site and which one to somewhere more dangerous?

  1. https://www.fedex.com/apps/myprofile/loginandcontact/?locale=en_ca
  2. http://www.fedex.info.szabc/apps/myprofile/loginandcontact/?locale=en_ca

To tell the difference, locate the first forward slash after the https://:

  1. https://www.fedex.com/apps/myprofile/loginandcontact/?locale=en_ca
  2. http://www.fedex.info.szabc/apps/myprofile/loginandcontact/?locale=en_ca

The first link takes you to the real fedex.com site. The second just has fedex in the name.

If you aren't sure about a link, type a link that you know is correct like my.ryerson.ca or fedex.com into the location bar of your browser instead of clicking.

What About Google Apps Links?

The Ryerson community makes extensive use of Google Apps including Drive, Calendar, and Groups. The URLs for these applications can be very long but they all start with a host name that ends with .google.com:

  • https://drive.google.com/
  • https://docs.google.com/
  • https://calendar.google.com/

The host name always ends before the first forward slash with .google.com/

Some attackers have used personal Google accounts and Google Forms to try to get people to "login" to a Google Form. This is relatively easy to spot because Google Forms don't look like Ryerson's or Google's login screens. Google has even added a warning at the bottom of every Google Form that says: "Never submit passwords through Google Forms."

To Report a Phishing Email

email/internet Be Cautious when using the Email/Internet

Cyber criminals will use any means to get your personal information.  They use various methods to trick people into providing their userids and passwords.  This allows them to access accounts and steal identities.

These schemes can be offered to you by Email, web pages, or participating in social network sites. Be cautious when providing private information. Personal information can be deceptively gathered using games, quizzes, and questionnaires or just chatting.  Here are some tips:

  • Pop-up windows or links in emails or web sites can invite you to a variety of locations.  Use caution before clicking on a link.  Hold your cursor over the address/URL, before clicking, to verify the destination.
  • Ensure that there is a padlock icon in your browser’s address bar when you provide passwords or personal information.
  • Simply opening a malicious web page can infect a computer that is not securely protected.
  • Enable your browsers pop-up blocker.
  • Social networking sites such as Facebook, Twitter, Blogs keep your information forever so when entering private info, be wary that this can be searched by anyone. Keep in mind that once you place something on the internet, it is there forever.

Trust your instincts, if you are wondering why personal information is needed then it may be a warning sign.  A good rule is to locate a site on your own, search for the institution and find your own way there.

Link to top of page

secure data Send Restricted Data Securely

What is Restricted Data?

The data that is generally restricted by the owner or the proprietor by means of a policy or a law, in terms of its access and/or transmission by public is considered Restricted Data. Personal information, such as  Social Insurance Number (SIN), Credit Card information, Student Records, Banking Information, Passwords, etc. generally falls under the restricted data category.

The secure transmission and/or access of restricted data can be accomplished via communication methods that use electronic encryption such as RU-VPN2, email encryption, ssh, sftp and Eduroam.

  • RU-VPN2 is Ryerson’s Virtual Private Network used by faculty and staff to connect to administrative sites such as RUFIS and CFAPS.  RU-VPN2 creates a secure tunnel enabling authorized users to access administrative systems off-campus or wireless connections to secure sites.
  • Do not send restricted data via Email, this is not a secure method of communication.  If you must send sensitive materials and cannot use a phone or paper, make sure to use Email encryption.  Check your email client for the option to encrypt your message.
  • Avoid using Instant Messaging (IM) applications to transmit restricted data – most IM applications are not secure.
  • Use SSH (Secure Shell) and SFTP (Secure File transfer) to connect to the Ryerson web servers.  SSH is a secure terminal emulator and FTP client used to access a remote host that supports SSH. Use SSH instead of Telnet for terminal access to Ryerson servers. Use SSH FTP instead of WS-FTP for secure FTP access to Ryerson servers.
  • Eduroam, EDUcation ROAMing, is a collaborative wireless network that allows faculty, staff, and students to securely access the Internet while visiting another member educational institution. You need to install the Secure W2 client to use this application.
  • If Restricted Data is to be communicated over a phone, verify the listener’s identity and ensure your conversation cannot be easily overheard, for example, avoid public areas and the use of a speakerphone.

When browsing, make sure the URL uses “https” which means the information you enter is being encrypted during transmission, including your password. Check that the lock icon is visible on your browser.

Link to top of page

peer sharing Do Not use Peer-to-Peer File Sharing

Although is perfectly legal to share files like photos and pictures with family and friends, the general authorities consider that Peer-to-Peer (P2P) file sharing is mostly used to share illegal content such as a copyright material. Furthermore, being part of the P2P network puts your computer at a higher risk because then your computer will be open to viruses, spyware or threats.

Instead, CCS recommends using one of the secure transfer methods such as  RU-VPN2, email encryption, ssh or sftp as described under Secure Connections section.

Link to top of page

unsolicited files Do Not Download or Install Unsolicited Files

As a general rule do not download or install unknown programs or files from unknown sources.

  • Do not open emails or attachments from unknown sources.  If you do not recognize the sender do not open the attachment. 
  • Do not click on free downloads in emails, pop-up messages or web page ads, without using caution.
  • Be very careful when downloading free software or files.  Viruses and spyware may be unknowingly included in the download package.
  • Use anti virus and anti spyware software.
  • Read the download agreement thoroughly to see what you are agreeing to before pressing the “I agree” button.

Link to top of page

firewall Turn On Your Computer's Firewall

A firewall is software or hardware that checks network and internet traffic coming to and leaving your computer. A firewall will either block or allow this traffic based on your firewall settings. Without a firewall, your computer is more likely to be infected by damaging viruses.

All new computers now come with firewalls built in. Each computer will have different firewall settings, allowing access to certain users, applications and ports. All CCS supported computers are equipped with software firewalls.

To learn how to change your firewall settings, select your operating system:

Link to top of page

lock/log off Protect Yourself when using a Public Computer

Lock your computer screen when you are away:

  • When using public computers log out of online services (e.g. social media sites, online banking, email) once finished.
  • Before leaving your computer make sure to log off/shut down. You can also put your computer to sleep or start a password enabled screen saver.
  • Press Ctrl > Alt > Delete or Windows key > l (lower-case "L") on a Windows PC; Apple menu or power button on a Mac.
  • Set your computer to sleep, log off, lock or enable a screen saver, if it idle for more than 10 minutes.
  • Set your computer's Power Options, to prompt for a password when your computer resumes from standby.
  • Disable auto-login.

Logoff from public computers once you are finished with your work.

Link to top of page

 

CONTACT THE HELP DESK

Students

Phone icon416-979-5000 x6840

Email iconhelp@ryerson.ca

Maps iconKerr Hall West, Room 71

Faculty/Staff

Phone iconx6806

Email iconhelp@ryerson.ca


More iconMore help options

 

CCS SERVICE ALERTS