Our IT Security Approach

IT security requires a thoughtful balance between securing the university community from the risk of cyber attacks and loss of information while allowing the openness required to support a broad range of academic, research and administrative activities.

Securing the Pack

Our goal is to minimize or eliminate the risks where there are vulnerabilities and work with members of the university community to find security solutions that meet their needs.

3700+
phishing emails reported each month

96%
decrease in compromised accounts over last 3 years

57%
decrease in malware infections over last 3 years

Protecting the university and members of our community against the threat of cyberattacks requires a proactive and continually evolving approach. Our IT Security strategy includes the following activities that combine technical settings with user awareness and education:

Device Management

Device

What’s the risk?
Endpoint devices (i.e. laptops, desktops, and network-enabled equipment) have direct access to sensitive systems and data resources. A compromised endpoint jeopardizes these sensitive resources and can be used as a gateway to attack other devices on our network.

What are we doing?
Standard security settings are applied to all university devices. These settings provide an increased level of protection to the university’s IT assets by:

  • Allowing the university to respond quickly and efficiently to an ever-changing risk environment by enabling automated patching processes for operating systems and institutional software against known vulnerabilities;
  • Limiting direct communication between endpoint devices to prevent the rapid spread of malware;
  • Limiting the ability for compromised software to install on university devices.

Network Security

Network What’s the risk?
One of the most damaging ways cybercriminals attack large organizations is by gaining access to communication networks to disrupt services, transmit malware or steal data. Once malware begins to spread and attack the network, preserving information and preventing the further spread becomes a great challenge.
 
What are we doing?
ICT segmented our network to create boundaries between devices and systems. This ensures users can have access to the information and systems they need while limiting the chance of infections spreading between multiple devices or gaining access to sensitive university information. Segmentation strengthens our defense against attacks by:
  • Limiting the spread of malware;
  • Protecting sensitive resources by only allowing trusted access to them;
  • Allowing for additional security controls to be added to specific areas to manage increased risk without imposing the settings on all users.

Safe Data Storage 

Safe File What’s the risk?
The university amasses a great amount of information in support of academic, research and administrative activities. Data breaches can have a devastating impact on the university and the individuals who have a vested interest in the safety of that data.

What are we doing?
Protecting data requires a holistic view of the types of information being collected across the university, the technology that process and store information and the people who are accountable for the input and management of information. To address this challenge, the university provides access to both departmental and individual storage services which gives users:
  • Individual file storage for all faculty and staff that can be accessed from on campus or remotely.
  • Individual file sharing to make it easy to share files with people on and off campus in a safe and secure manner.
  • Departmental storage for departments and units to support collaboration and the sharing of files.
  • Document workflow and collaboration to help share the editing and management of documents and assist with day-to-day business, as well as long-term retention and storage of electronic documents, through SharePoint Online.
  • High-capacity storage for researchers through DataStore.
  • Shared data storage for research groups to create a collaborative space and share large files through DataShare.

The USask Data Classifications should be used as a guide when choosing how to store or share university data and information.

Cybersecurity Awareness

Security Ed What’s the risk?
Many IT security incidents occur when members of an organization unknowingly provide access or private credentials to cybercriminals. Providing university community members with information to detect cyber-attacks and methods to report threats greatly increases the security posture of the university.
 
What are we doing?
IT Security training is offered to all members of the university community. The self-administered training includes:
  • Online IT security training resources and videos;
  • Information about protecting themselves from becoming the victim of cyber attacks;
  • Methods for reporting security incidents at the university.

Multi-Factor Authentication (MFA)

Account Security

multi.png

What's the risk?
Remote teaching, learning, and working makes us more vulnerable than ever to cyber attacks. As a USask community member, you have access to sensitive information about students, staff, university or research data. Passwords are increasingly easy to compromise. Using MFA keeps your account secure even if your password is compromised and drastically increases the security of your account.

What are we doing?
Using a phased approach, MFA was expanded to all members of the USask community for all applications that use NSID login.

After the first authentication at login, users may choose to “Remember this Device” and will not be prompted again for approximately 90 days.

Contact

Reporting Incidents

Phishingspamsecurity threats or lost or stolen devices should be reported immediately to prevent the loss of personal or institution information.

Questions or concerns?

Please contact: IT Security, Risk and Compliance