IT Security
What do we do?
IT Security, as part of the IT Services portfolio, is òòò½ÎÑ's center of expertise for cybersecurity advising and activities including assessment, auditing, monitoring, investigation, technology selection, awareness training, and incident response.
Our goal is to protect the institution's staff, students, infrastructure and sensitive data from unauthorized access and threat actors while supporting the key security principles of Confidentiality, Integrity, and Availability.
We are here to help! If you have questions or concerns, want to report a suspicious email, cyber-threat incident or activity, or have possibly clicked a bad link or responded to something questionable, simply email ITSecurity@okanagan.bc.ca and we'll be happy to assist.
Why is Cybersecurity important?
With an increasing number of users, devices and software programs in a modern enterprise such as òòò½ÎÑ, combined with the increased deluge of data - much of which is sensitive or confidential - the importance of cybersecurity continues to grow. The growing volume and sophistication of cyber attackers and attack techniques compound the problem even further.
Incident response
Please report the incident to IT Security immediately or contact the IT Helpdesk by phone (250-762-5445 ext. 4444). Do not delete the email or forward it to anyone else. The security team will contact you as soon as possible.
If you receive a suspicious email, please forward it to IT Security. Reporting these emails helps us identify potential threats and protect the entire òòò½ÎÑ community from phishing attempts and malware.
Please and report the incident to IT Security. You can also contact the IT Helpdesk for assistance at 250-762-5445 ext. 4444.
Types of Cyber Attacks
Cyber attacks come in all shapes and sizes. Some may be overt ransomware attacks (hijacking important business products or tools in exchange for money to release them), while some are covert operations by which criminals infiltrate a system to gain valuable data only to be discovered months after-the-fact, if at all. Threat actors/hackers are getting craftier with their malicious deeds and here are some of the basic types of cyber attacks affecting thousands of people each day.
Malware is used to describe malicious software, including spyware, ransomware and viruses. It usually breaches networks through a vulnerability, like clicking on suspicious email links or installing a risky application. Once inside a network, malware can obtain sensitive information, further produce more harmful software throughout the system and can even block access to vital business network components (ransomware).
Phishing is the practice of sending malicious communications, usually emails, designed to appear from reputable, well-known sources. These emails use the same names, logos and wording as a CEO or company to dull suspicions and get victims to click on harmful links. Once a phishing link is clicked, cyber criminals have access to sensitive data like credit cards, social security or login information.
Social engineering is the process of psychologically manipulating people into divulging personal information. Phishing is a form of social engineering, where criminals take advantage of people's natural curiosity or trust. An example of more advanced social engineering is with voice manipulation. In this case, cyber criminals take an individual's voice (from sources like a voicemail or social media post) and manipulate it to call friends or relatives and ask for a credit card number or other personal information.
Adversary-in-the-Middle attacks happen when criminals interrupt the traffic between a two-party transaction. As an example, criminals can insert themselves between a public Wi-Fi and an individual's device. Without a protected Wi-Fi connection, cyber criminals can sometimes view all of a victim’s information without ever being caught.
Preventative measures
Cybersecurity is a shared responsibility and everyone at òòò½ÎÑ plays a crucial role in protecting our digital assets. Here are some preventative measures that students, faculty, and staff can take to enhance our cybersecurity posture:
Remember, cybersecurity is not just about technology; it's also about awareness and behavior. Stay informed about the latest threats and follow these preventative measures to protect yourself and our institution.
IT Policies and Standards
The purpose of IT security policies and standards at òòò½ÎÑ is to safeguard the institution’s staff, students, infrastructure, and sensitive data from unauthorized access and cyber threats.
Use of Information Technology Resources Policy
IT Security Standards - All Users
IT Security Standards - Management and Technical
FAQs
Please and report the incident to IT Security. You can also contact the IT Helpdesk for assistance at 250-762-5445 ext. 4444.
The IT Security team will review your account and take additional steps as necessary.
MFA is a technology designed to enhance the security of the identity validation process.
Your identity information is your username, which is validated by your password (first factor of authentication). òòò½ÎÑ will be requiring an additional factor by way of an application on your mobile device or a hardware token. Please refer to our for more details.
- Consider making it at least twelve characters-the longer the password, the stronger it will be.
- Use a combination of letters, numbers, and symbols.
- Avoid commonly known words and phrases.
- Don't use personal words like children's and pet's names, phone numbers, or any details that might be easily found online, such as on your social media profiles.
- Never reveal or share your passwords with others.
- Consider using a password manager like , , or .
Please refer to òòò½ÎÑ’s Knowledge Base article on .
Cyber security refers to the practice of protecting systems, networks, and data from theft, damage, and unauthorized access. In essence, it's the same thing security at the entrance of a building does; controlling and protecting those who enter/access the premises.
Cybersecurity is essential for protecting your personal information, sensitive data, and online privacy. With increasing threats like hacking and phishing, a strong cybersecurity posture helps safeguard against identity theft and unauthorized access. By understanding and prioritizing cybersecurity, you can contribute to a safer digital environment for yourself and the entire òòò½ÎÑ community.
Phishing | Fraudulent attempts to obtain sensitive information, for example by impersonating a bank and sending an email, asking you to reset your online banking password. |
---|---|
Malware | Software designed to disrupt, damage, or gain unauthorized access. |
Adversary-in-the-Middle Attacks | Unauthorized interception of communication between two parties. |
Strong Passwords |
Use complex passwords and change them regularly. |
---|---|
Multi-Factor Authentication (MFA) | Enable MFA for accounts when available. |
Beware of Phishing | Always verify email senders and never click on suspicious links. |
Keep Software Updated | Regularly update your operating system, applications, and antivirus software. |
There are multiple layers of protection in place, such as firewalls that automatically detect and block threats. Data encryption makes confidential data unreadable to unauthorized users. The IT Security team continuously monitors networks and systems for threats and employs measures to safeguard accounts against unauthorized access.
Keep an eye on òòò½ÎÑ's IT Security website.
For staff, our is a great tool which gets updated regularly.
Some other great resources:
- by the Canadian Government