Purple leaf

Security Best Practices

Recently, large-scale ransomware attacks impacted thousands of computers around the world. The attack worked in the following manner: 
  1. Malware was delivered to one computer on a network (via spam and/or a compromised website, etc.); 
  2. The malware was then used to remotely exploit a known Windows vulnerability and spread ransomware across other computers within a network; 
  3. The ransomware software encrypted users' files and users were asked to pay a ransom to retrieve data stored on the computer. 

ICT has been monitoring the progression of these attacks very closely and has implemented security measures to prevent Laurier computers from being impacted. 
ICT would like to remind you of the following security best practices to protect yourself from cyber attacks: 

1. Think before you click!

Most high-profile cyber attacks began with someone clicking on an email link or downloading an attachment that was laced with malware. Please remember that if something seems too good to be true, it probably is NOT true! A healthy amount of skepticism when browsing the web and your inbox will go a long way toward keeping you free of malware.

2. Keep the operating system on your computer up-to-date

It may be tempting to click "remind me later" when prompted to update your computer software, but it is critical that you make sure that all your security programs, operating systems and other applications are updated frequently. Malware is known to take advantage of vulnerabilities in out-of-date applications.

3. Backup your data and keep a copy in a safe place

(away from your computer) Ransomware attacks will encrypt user files on a computer. When this occurs, a user can see the data but cannot not access it. A ransom is demanded in order to return access to users' data. However, please remember that these attacks are performed by cyber criminals and there is no guarantee that even if a ransom is paid that data access will be restored. A regular backup of your data is critical and it is very important to keep the backup copy external to your computer. This is the best way to ensure the safety of your data.

4. "S" is for secure communication

URLs that start with HTTPS are more secure than those that start with HTTP. Whenever you need to fill out a form requiring personal information online make sure the site you are on uses HTTPS for secure communication.

5. Throw password post-it notes away

Good security precautions require passwords to be longer, more varied, and changed frequently. Please refer to the ICT guidelines to password and passphrase selection to make a good, secure, easy to remember login credential.

For more information, refer to the accounts and passwords guidelines.

If you have any questions please contact the ICT Service Desk at support@wlu.ca.