1. Did you know?
  2. Passwords and security questions
  3. Phishing
  4. Portable storage devices
  5. Protection from ransomware and data loss
  6. Remote access to the campus network
  7. Remote working / studying
  8. Residence computer protection
  9. Updates and Upgrades

Did you know?

  • Over 80 per cent of the email sent to the Carleton email gateway from the Internet is SPAM.
  • Most simple passwords can be cracked in under 4 hours.
  • Each day ITS identifies 10 – 15 viruses on computers in our network.
  • 95% of cybersecurity breaches are due to human error.
  • 88% of all critical vulnerabilities over the last five years could have been mitigated by removing admin rights [Microsoft Vulnerabilities Report 2017].

Passwords and security questions

Passwords and security questions are one way of authentication (What you know). Authentication methods (What you know/ what you have/ What you are) are often used to access systems or devices, websites and services. Multi factorial authentication is a combination of two or more methods like a password (what you know) with a fob (what you have) or even your fingerprint (what you are) making the account more secure.

As in most cases passwords are used as an authentication method, it is crucial to have a strong password (passphrase or complex password) and storing it in the secure way, making sure others could not access systems or devices using your identity.

Learn more about passwords and security questions


Phishing is the act of contacting people via email, telephone, or text message while impersonating an individual or organization with the intention of stealing private information and data to commit identify and financial theft.

If you suspect that you have received a phishing email, DO NOT RESPOND TO IT.

Instead, report the phishing message.

Learn more about phishing and how to report it.

Portable storage devices

Your responsibilities to protect university data

Portable storage devices – USBs, memory cards, removable or external hard drives and CDs/DVDs, Smartphones, tablets, iPods – connect to a computer and provide file storage.

  • They can be easily lost or stolen.
  • Confidential information should never be stored on portable media unless it is protected from unauthorized access.
  • All confidential information should be stored on an encrypted secure storage media devices.
  • “Encrypted USB thumb drives” are available from ITS Hardware Services at ext. 4063.
  • Network drives should be used to store confidential student data, financial data, health records and research data.
  • If sensitive or personal information is stored on a portable storage device and it’s lost or stolen, this could lead to significant security and privacy concerns.
  • When given a USB drive or if you find one somewhere, do not connect them to your system as it might contain harmful content.

If you believe that there has been a breach of confidential information on portable media, please contact the ITS Service Desk at ext. 3700 immediately.

  • Do not use portable storage media for university information that is not otherwise publicly available.
  • Do not leave storage devices unattended and lock them in a secure area.
  • Remove confidential data from mobile devices once it is no longer needed for valid business purposes.
  • Please ensure that university-provided portable devices are returned to the ITS Service Desk when they are no longer required.

Learn more about risks of portable storage devices

Protection from ransomware and data loss

Ransomware is a type of malware (malicious software) that results in the encryption of computer files. Once files are encrypted, attackers demand a ransom from you in exchange for the decryption key.

Should a ransomware attack occur, DO NOT PAY THE RANSOM. Doing so is against university policy and also supports the efforts of the perpetrators. There is also no guarantee that the decryption key will be released to you after the ransom demand has been met.

Instead, take steps to make use of backup solutions to recover files in cases of data destruction or loss.


  1. All members of the CUNET domain have access to private (P:) and departmental (W:) network drives for the storage of important information. Files should not be stored on the computer’s local disk drive as these have no backup protection in case of failure. Both the P: and W: network drives are regularly backed-up and files may be restored should they be encrypted or lost.  Please contact the ITS Service Desk for questions or support regarding the use of network drives.
  2. Individuals who are not on the CUNET domain may be able to use departmental network storage solutions where available. When using departmental network storage, it would be advisable to understand how the data is backed-up, and how to request data restoration. Consult your faculty or departmental support unit for details.
  3. When centralized storage with backup services is not available, data can be backed-up using external media or your OneDrive space in the university’s Microsoft 365 cloud service. Where external or portable media is utilized, encryption can protect sensitive or confidential information on the portable media. This is in support of the Data and Information Classification and Protection policy, and the Mobile Technology Security Policy.
    : ITS Hardware Services Group provides secured USB thumb drives for securely storing backup copies of documents.
  4. When using portable media, disconnect the media once backups have completed; failure to disconnect a portable backup device can leave it vulnerable to malicious software such as ransomware.
  5. The synchronization of data between the user’s computer and the portable media device should be carried out on an interval that is sufficient to safeguard against losing any significant amount of data.

Additional Guidelines:

  1. Avoid clicking suspicious links and opening spam emails; it is always best to go to a website directly, not via links in emails.
  2. Be cautious of opening email attachments as malicious actors often use compromised accounts to perpetuate their phishing; if you are at all suspicious contact the sender to validate it is a legitimate email and attachment. If opening attachments, be additionally cautious of enabling macros in office documents.
  3. Removal of outdated browser plugins and add-ons can reduce the security exposure posed by plugins and add-ons.
  4. If for any reason you suspect you may be a victim of a ransomware attack, at the instance where you discover it, disconnect your computer form the network immediately and contact the ITS Service Desk.

Learn more about ransomware

Remote access to the campus network

Virtual Private Network (VPN) software is required to access university resources that are restricted to on-campus use. The Cisco AnyConnect VPN client software provides a secure encrypted channel between your home and the university campus network.

Learn more about the VPN client software

Remote working / studying

Working and studying remotely has some unique challenges, and cyber criminals are increasingly trying to take advantage of this, looking for looking for weak points in your devices, connections, accounts, and data storage. They may try to gain access to your devices or your data, so staying Cyber Secure when studying or working remotely is critical.

Learn more about staying secure when working or studying remotely

If you think an incident occured, or you have lost your work or study devices, please contact Campus Safety Services.

Learn more about incident reporting

Residence computer protection

Proper protection against computer viruses is necessary to support your academic studies.

Learn more about how to protect your computer

Updates and Upgrades

Keeping your software and operating systems upgraded, updated and patched is the single most effective way to protect yourself and your data from malware and other malicious activity.

Learn more about updates and upgrades