Cybersecurity at McGill

Welcome to a new term! We wish you a successful, cybersafe year.   

Whether you’re new to McGill or returning, take a minute to refresh your cybersecurity knowledge: 

In this article:

• Passwords
• Phishing awareness 
• Social media safety
• Use QR codes safely
• Additional resources / links

 

Passwords

Password best practices

One of the best ways to protect yourself online is to use a strong, unique password for every account. In our current cybersecurity awareness campaign, we ask members of the McGill community: How is a password like a toothbrush?  

• Choose a good one: Get the most value out of your password by creating one that is difficult to guess. Ideally, this would contain a combination of upper- and lower-case letters, numbers, and special characters. 

• Do not share it: You wouldn’t share your toothbrush (right??). The same applies to passwords: Only you should know it.  

• Only use it for one thing: You don’t scrub your shower and your teeth with the same toothbrush (we hope). Think “one password, one account”. Do not use your McGill password for any other account. If one account becomes compromised, the rest of your accounts will be easy to hack if they have the same password.  

Consult the IT Knowledge Base article Strong Passwords – Guidelines for additional tips on creating strong, unique passwords.  

Password managers

Most of us have many online accounts, resulting in a large volume of passwords that we can’t easily remember. A password manager addresses this issue; it helps securely create, store, and retrieve your passwords.   

For more information about password managers and selecting the right one for you, consult the following resources:  

• Why a password manager will help you save time  

• How to choose the right password manager for you  

 

Phishing awareness

Phishing is the fraudulent process of attempting to acquire sensitive information by pretending to be a legitimate/trusted organization or institution.  

Phishing comes in many forms, including but not limited to: Email, instant messages, fake social media posts, texts, and phone calls. These often contain messages urging you to click on a link that leads to a fraudulent website, where you will unwittingly provide the desired information. The cybercriminals may then use your data to steal your account, harvest your personal information, or carry out attacks that impact the McGill community or your own personal and sensitive information. 

It’s incredibly easy to make an email or website look legitimate: Within minutes, a cybercriminal can copy/paste information from a website, including graphics and email signatures – anything public is at their fingertips. 

Be aware that McGill will never ask you to verify confidential information by clicking a link in an email message.  

ATTENTION: 

If you have already clicked a link or opened a file attachment in a suspicious email, please contact the IT Service Desk immediately by calling 514-398-3398. 

You can quickly report a suspicious email by using the Report Message, Report Junk, or Report Phishing buttons in any Outlook app, including Outlook on the web (https://outlook.com/mcgill.ca). 

Note: If the email is already in your Junk Email folder, you do not need to report it. 

For more details, see Report suspicious emails. 

 

Social media safety

Social media is a great way to stay in touch with friends, family, and colleagues, but can have serious consequences when used without taking precautions. 

Check out the following links for tips on safe sharing:  

• Protect your privacy when using social media 

• How to avoid sharing too much information online 

 

Use QR codes safely

QR codes are everywhere: They are extremely popular, as they enable you to access websites without having to type an address, and anyone can make one in less than a minute. Unfortunately, their convenience also makes QR codes useful to criminals and scammers. As with phishing attacks, the goal of fraudulent QR codes is often to trick you into providing sensitive information.  

When you scan a fraudulent QR code, you will be taken to a page that may appear legitimate but was created with the goal of harming your device or stealing your data.

Depending on how the cybercriminals set it up, your device could be compromised just by visiting the site. It could become infected with malware that can monitor your online activities, lock access to all your files, and steal your personal information. 

How can you protect yourself?  

Use an app that is preloaded on your device, such as the built-in QR scanner that is inside almost every smartphone camera.   

These scanners display the site link before opening it, allowing you to first check it, then close it before it opens if it doesn't match what you're expecting. For example, if you're scanning a QR code expecting to go to the McGill IT site, it should show up as mcgill.ca/it.  

Do not use a third-party app, even if it can be found on the Google or Apple app stores. 

If you visit a page from a QR code and it wants you to enter any personal information, close the page immediately. 

When in doubt, type it out! 

 

Additional resources / links

• Get Cyber Safe: Resources from the Government of Canada