As you may already know, the University of Winnipeg was the victim of a recent cyber attack which led to the leak of personal information of staff and students. While the details of what occurred are still unclear, this event serves as an opportunity to remind the University community that cyber security threats are constant and we must all remain vigilant to protect ourselves and the U of G from these threats.

Security Improvements

In the fall of 2022, U of G experienced our own IT incident and since that time we have made significant improvements to our resiliency and security posture. Cyber security is a journey not a destination, however the following are examples of recent initiatives to better protect the University from cyber security threats:

  • Improved security monitoring and detection for anomalies and events.
  • Automated threat intelligence feeds from security partners and the higher education community such as CanSSOC.
  • Migration to a new anti-malware solution for all Managed Servers and endpoints.
  • Multi-factor authentication (MFA) is now required on all accounts.
  • Migration of all applications from our legacy Single Sign-on infrastructure to Microsoft Entra requiring MFA by default.
  • Strengthened controls around remote access and privileged access to systems.
  • A full review of the University’s Cyber Security Incident Response Policy along with updates to several related security policies, standards and guidelines.

Protect Yourself and the University

The education sector continues to be one of the most targeted by cyber criminals. Cyber security is a shared responsibility at the University of Guelph and all members of the University community have an important role to play. Here are steps that all members of the University community should take to protect themselves and the University:

  • Use a strong and unique password for all your online accounts. Never share your password with others. The Computing & Communications (CCS) Help Centre will never ask for it.
  • Enable multi-factor authentication on all accounts that offer it. For greater security, use the Microsoft Authenticator app instead of SMS text messages.
  • Know how to spot a phishing message and verify the authenticity of messages requesting sensitive information.
  • Keep all your devices updated with the latest security patches.
  • Consider the benefits of having your computer standardized and managed by the University.
  • Take cyber security awareness training to stay current on the latest threats. Training is available for all students, staff, and faculty via CourseLink.

CCS and the Information Security team are here to help. Please report any suspicious activity or concerns to the CCS Help Centre immediately and feel free to reach out at any time with questions.

Stephen Willem
Chief Information Security Officer