Initiative features various resources for the university community to learn about cybersecurity
UVic’s CyberAware initiative is occurring the entire month of October. The initiative, which coincides with Canada’s Cyber Security Awareness month, gives students the opportunity to equip themselves with the tools necessary to make themselves more cybersecure.
Students can take the UVic CyberAware quiz, available on brightspace, to test their knowledge on cybersecurity measures. As well, a CyberAware booth will be set up by the fountain from Oct. 18-22 where students will be able to play games, win swag, and have conversations with cybersecurity experts.
The initiative was started in 2018 when UVic hired Engineering and Computer Science co-op student Anona Wiebe to develop an online program aimed at helping students develop cybersecurity awareness. Wiebe won Co-op Student of the Year and her program proved so successful that the University was able to create a case for continuing to run the program on a yearly basis. Earlier in the month, Nav Bassi, UVic’s chief information security officer, conducted a Q&A on UVic’s Instagram page to answer students’ questions on cybersecurity practices, careers in the field, and other related topics.
“It’s education and awareness. I think that that is where it starts,” said Bassi. “People want to protect themselves, they want to do the right thing. They don’t always know how.”
Bassi highlights key points where students can begin to take the steps to make themselves more cyber secure — the first being to create secure passphrases (a sentence that makes sense to you), instead of passwords, for all of their accounts. Bassi states that while many people still use simple passwords, which are easier for a user to remember, the simplicity compromises their cybersecurity.
“The longer a passphrase is, the harder it is to get. And the harder it is to break into an account that has a long passphrase. And so that’s how you balance the challenge of complexity — special characters, things like that, which are hard to remember — with something that’s easy to remember for you as an individual, but hard for somebody else to get into.” said Bassi.
Bassi elaborates that good password hygiene also includes not sharing passphrases with other people and refraining from reusing the same passphrase on multiple services.
Another measure of cybersecurity related to passwords is multi-factor authentication (MFA). MFA, for instance verification when logging in by texting a code to a cell phone, is a service that Bassi states UVic implemented on Oct. 18.
“[MFA] is a huge feature. A lot of organizations use it,” said Bassi. ” Some of the big players like Facebook, Twitter and Instagram, they offer multi-factor capabilities. Most Canadian universities either offer it or have plans of offering it. We’re really proud that we’re able to offer it for our entire community.”
Another method of cybersecurity that students can educate themselves on is phishing scams. Uvic maintains a blog called Phish Bowl. The blog serves two purposes: to inform the UVic community of circulating scams and for students to report scams they have experienced to help notify others. Bassi analyzes scams on a daily basis and updates the blog.
Bassi states, in regards to protecting yourself when using social media, to ask yourself what you are comfortable sharing and with what sphere of audience.
“It is a fallacy to think that you can use security settings on social media, to protect information,” he said. “If you really are concerned about somebody gaining access to information, one, I wouldn’t share it on any social media […] mistakes happen — there can be security issues, there can be bugs, things that we don’t know about right now, that we learn about later.”
A common mistake is to focus on the benefits of the technology we use, Bassi says, and delay thinking about the downsides until there is an impact. Cyber awareness is taking precautionary measures to prevent an impact in the future.