Canadian universities are no strangers to cyber attacks. In 2017, the University of Calgary paid a $20,000 ransom after a security breach on its computers. Edmonton’s MacEwan University lost $11.8 million from making online payments to a fraudulent bank account. The Carleton community also fell victim to a security breach in 2016, when numerous university computers were infected with a virus that attempted to hold files hostage.

Given the prevalence of such attacks, it’s essential to adopt strategies to keep your data out of the hands of strangers. Understanding the tactics used to gain information can help you remain several steps ahead of virtual predators.


Ransomware is a particular kind of computer virus, which threatens to withhold or publish data unless its victim pays a fee. The 2016 attack on some of Carleton’s computers is a good example; attackers barred access to files and sought payment in the form of bitcoin (a virtual currency).

An important protection against ransomware is to have back-ups. Carleton staff and students have access to network drives that are regularly backed up by Information Technology Services (ITS). This meant ITS was able to save an enormous amount of data during the attack.

You can also back up your files through external online services (such as Dropbox and Google Drive) and portable media. Make sure you disconnect the portable device once the backup is complete. Likewise, when using online services, disable the synchronization once the backup is complete. Your backups should be offline so that a ransomware infestation can’t creep into your backed up files.

See more on protecting your files on ITS’s site.


Phishing is an attempt to gain sensitive information by requesting it through communication of a seemingly trustworthy nature. Phishing scams often seek passwords or credit card information for malicious purposes.

Be suspicious of any emails asking for personal information. The university will not ask for a username or password by email, so any emails requesting this information are likely phishing attempts. Other clues that an email is a phishing attempt include subject lines in all capitals, spelling and grammatical errors within the email, and links pointing to email addresses unaffiliated with Carleton University.


 A computer virus is a form of malicious software that can modify computer programs’ coding, and – in turn – their operation. Viruses can perform a host of destructive functions, such as removing data, corrupting files and obtaining sensitive information.

All Carleton students have free access to anti-virus software. An up-to-date virus scanner can detect suspicious files before they damage your computer.

Be cautious about clicking links or opening files in an email. If in any doubt, contact the sender to verify that the file is legitimate. Also, remember that it is better to go to a website directly rather than click an email link.

For additional security, run a document or link through a reputable malware-detecting website such as VirusTotal, as recommended by the School of Computer Science.

Additional tips and tricks

For further protection of your online information, be sure to change your password regularly. ITS offers a helpful guide on creating secure passwords and plenty of additional advice on their Protect your Files page and in their many security tips.