We are always told not to stay outside when there is a storm because a lightning strike can have serious consequences. But since we never know where and when it will fall, we let our guard down thinking that it can only happen to others. The same phenomenon occurs with cyber security, and the month of October is particularly suitable for remembering the devastating effects of cyber attacks on the reputational, financial and personal level.
Éric Ouellet, Assistant Provost for Information Security and Head of Organizational Information Security, is responsible for raising awareness among the university community about good information security practices.
What are the most common methods used by fraudsters?
In about 70% of cases, phishing is used. Fraudsters illegally pose as a trusted company to obtain personal information. For example, in e-mail, this strategy is used to infiltrate a workstation or system. We have to be especially careful because the methods used are more and more sophisticated. Using very simple tools, fraudsters can discover the flaw and enter the system. Social engineering is also one of the techniques used. It consists of understanding how the institution works to prevent certain processes in place and accessing information without authorization.
What are the ways to protect yourself?
- Outdated systems will be much more vulnerable to attacks, so you need to update them regularly.
- Having strong, complex and varied passwords and favoring password managers are good practices to adopt.
- When using apps that contain financial or personal information, use two-factor authentication.
- Social networks can reveal a lot of information about yourself. Therefore, you must be careful about the personal information you share there.
- It is recommended to have an antivirus program on each workstation, regardless of the device you are using.
What to do when you are a victim of fraud?
It is necessary to report when we experience an incident of this type, whether it is about personal data or information security. At the University of Sherbrooke, the Information Security website explains in detail the procedure to follow to report an incident.
The instructions for reporting an incident are very clear. Rapid support will be provided, each individual will benefit from the support and will be directed to the appropriate resources.
Scams occur more often than we think and awareness is needed so that we can protect ourselves from virtual storms.