Our IT Security Approach
IT security requires a thoughtful balance between securing the university community from the risk of cyber attacks and loss of information while allowing the openness required to support a broad range of academic, research and administrative activities.
Securing the Pack
Our goal is to minimize or eliminate the risks where there are vulnerabilities and work with members of the university community to find security solutions that meet their needs.
3700+
phishing emails reported each month
96%
decrease in compromised accounts over last 3 years
57%
decrease in malware infections over last 3 years
Protecting the university and members of our community against the threat of cyberattacks requires a proactive and continually evolving approach. Our IT Security strategy includes the following activities that combine technical settings with user awareness and education:
Device Management
What’s the risk? What are we doing?
|
Network Security
What’s the risk? One of the most damaging ways cybercriminals attack large organizations is by gaining access to communication networks to disrupt services, transmit malware or steal data. Once malware begins to spread and attack the network, preserving information and preventing the further spread becomes a great challenge. What are we doing? ICT segmented our network to create boundaries between devices and systems. This ensures users can have access to the information and systems they need while limiting the chance of infections spreading between multiple devices or gaining access to sensitive university information. Segmentation strengthens our defense against attacks by:
|
Safe Data Storage
What’s the risk? The university amasses a great amount of information in support of academic, research and administrative activities. Data breaches can have a devastating impact on the university and the individuals who have a vested interest in the safety of that data. What are we doing? Protecting data requires a holistic view of the types of information being collected across the university, the technology that process and store information and the people who are accountable for the input and management of information. To address this challenge, the university provides access to both departmental and individual storage services which gives users:
The USask Data Classifications should be used as a guide when choosing how to store or share university data and information. |
Cybersecurity Awareness
What’s the risk? Many IT security incidents occur when members of an organization unknowingly provide access or private credentials to cybercriminals. Providing university community members with information to detect cyber-attacks and methods to report threats greatly increases the security posture of the university. What are we doing? IT Security training is offered to all members of the university community. The self-administered training includes:
|
Multi-Factor Authentication (MFA)
Account Security
What's the risk? What are we doing? After the first authentication at login, users may choose to “Remember this Device” and will not be prompted again for approximately 90 days. |
Contact
Reporting Incidents
Phishing, spam, security threats or lost or stolen devices should be reported immediately to prevent the loss of personal or institution information.
Questions or concerns?
Please contact: IT Security, Risk and Compliance