Cybersecurity is about safeguarding McGill’s privacy and information.
Protecting University data and creating a cybersafe space for all activities at McGill enables us to support the McGill community while meeting our legal and regulatory responsibilities.
Each of us has a role to play in meeting this objective. Here are some guidelines and resources to help you adopt cybersecure habits and achieve our goal.
Protect your identity
- Learn to recognize phishing scams that attempt to steal your personal information.
- Strengthen your Password:
- Create a strong password that is unique to your McGill account.
- Use a different password for each platform or system.
- Enable two-factor authentication on your McGill account. 2FA is required for all McGill accounts by the end of 2021. Don’t delay, enroll now at mcgill.ca/2fa *New staff are automatically enrolled
Secure your devices
Follow some basic safety tips to keep your devices safe:
- Enable the lock feature and password-protect to help prevent unauthorized access.
- Apply regular updates: How updates secure your device (Government of Canada)
- Encrypt your devices whenever possible.
- Install antivirus software:
Access McGill's systems safely
- McGill's Virtual Private Network (VPN) allows you to connect to restricted sites and resources. Some key systems require VPN to access remotely because they store sensitive information accessible only to authorized users.
- To learn more about which systems require VPN, see When to use VPN and Remote Desktop (RDP)
- Ensure your device is secure when connecting to McGill remotely (see Secure your devices)
Safeguard McGill's data
Only use McGill-approved storage and collaboration solutions for storing McGill organizational data. All software solutions must comply with the McGill Cloud Directive .
For more information, see IT Policies, Regulations, Directives & Standards.
See McGill's cloud services website for details, such as:
- Cloud solution approval process
- Types of data and what can be stored in the cloud
Protect websites and users' data
If you design or manage a website at McGill, ensure that it is secure and that your visitors' privacy is protected.
Be aware that hackers often study an organization, learn its financial approval processes, and target approvers. Some signs of attempted fraud may include:
- An urgent email asking you to approve a request without going through the standard process
- The email address of a message appears to be from McGill but is not - see Learn to recognize phishing scams in the IT Knowledge base.
For more information, the following resources are available:
- McGill Procurement Services publishes warnings of possible fraud and contact information for reporting fraudulent activity.
- Government of Canada - Protection from frauds and scams
IT Security Awareness: online training and workshops
Learn about key threats and behaviours that create risks to our organization and how to protect against these. Register online through myCourses or request a customized training session for your team.
Report security incidents
Remain vigilant against cyber threats by staying informed and reporting any suspicious activity to the IT Service Desk.