Computer contaminants including viruses, trojan horses, worms, spyware and adware are collectively referred to as malware.  Most malware is delivered to target computers via email or interaction with infected web pages.  Malware can be designed to spy on unsuspecting users by monitoring their web surfing habits, stealing files or passwords, or even surreptitiously enabling web cameras.  Other malware may enable a controller to issue commands on the infected computer, including it in what is known as a “bot-net”.

McMaster University students, staff and faculty are encouraged to actively prevent the spread of malware. Students are also encouraged to install and maintain trusted anti-virus/anti-malware software, and to use this software to periodically scan their computers, laptops and smart devices.

Staff and faculty members are instructed to install the approved Trend Micro OfficeScan client onto their computers, laptops and smart devices.  Visit https://antivirus.mcmaster.ca/ to download the installation package now.  Also, staff and faculty members are instructed to report virus infections to the UTS Service Desk.

Also, always remember to practice safe email and web surfing habits.

Whether you are a student, staff or faculty member, your MacID gives you access to the information and services you require to succeed at McMaster University. Only YOU are permitted to use YOUR MacID; likewise, YOU are only permitted to use YOUR MacID.  The same is true of any access account.

If you suspect that someone may be using your MacID or other user account to access McMaster University assets, this should be reported immediately to the UTS Service Desk.

Students, staff and faculty members are instructed to safeguard their account information, including but not limited to MacID.  Also, all are encouraged to practice smart password management including using different passwords for different accounts and creating strong passwords.

Commonly known as SPAM, unsolicited email in its most benign form isn’t much more than an annoyance and a waste of resources.  However, SPAM can be used to carry malicious software, direct unsuspecting users to malicious web sites, or spread inappropriate content.

Phishing attacks are specially crafted email messages that entice users to visit malicious web sites.  These web sites are designed to appear as though they are trusted; i.e., the malicious web site may have the exact same colour scheme and layout as your bank’s web site.  Once at the web site, malicious software may be downloaded to the victim computer, or personal information may be requested.  Banks and other large institutions will never request personal information from clients via email.  Click here to learn more about phishing.

Students, staff and faculty members are encouraged to always practice safe email habits, and report suspicious email messages to is-spam@mcmaster.ca.

It is strictly forbidden to use McMaster University information assets to send unsolicited email.

In the event that a computer, laptop or smart device is lost or stolen, students are instructed to report this to:

McMaster Security Services
905-525-9140 ext 24281, or 905-522-4135
Dial “88? from any University phone
security@mcmaster.ca
http://security.mcmaster.ca/

OR

Hamilton Police Services
(905) 546-4925
Dial “9-1-1”
http://www.hamiltonpolice.on.ca/HPS

Staff and faculty members should report lost or stolen computers, laptops and smart devices to the UTS Service Desk, who will in turn involve the appropriate authorities.

All McMaster University constituents are encouraged to share appropriate data, information and knowledge; there are many web sites hosted on McMaster University servers that are accessible to the public internet.  Suspected incidents of unauthorized access to these web sites with the intent of defacing or extracting information should be reported to the UTS Service Desk immediately.  Staff and faculty members are encouraged to refer to Public Facing Server standards for recommended preventative action and server configuration guidelines that will help safeguard the information that is made publicly accessible.

Network scans are used to enumerated available services on the servers in the network; Similarly, network scans are also used to the enumerate vulnerabilities on the network.  It is for this reason that all network scans are considered reconnaissance activity, and will be treated as a precursor to an attack.  Unless specifically authorized, students, staff and faculty members are forbidden from performing network scans of McMaster University information assets.

McMaster University students, staff and faculty members are strongly encouraged to report any violations of municipal, provincial, federal or international law, or industry regulations directly to:

McMaster Security Services
905-525-9140 ext 24281, or 905-522-4135
Dial “88? from any University phone
security@mcmaster.ca
http://security.mcmaster.ca/

OR

Hamilton Police Services
(905) 546-4925
Dial “9-1-1”
http://www.hamiltonpolice.on.ca/HPS

Use of McMaster University technology assets in the commission of an illegal act will be investigated by IT Security using the Information Security Incident Response Procedure.  Such incidents should be reported to the UTS Service Desk, who will involve the appropriate authorities.

Denial of Service incidents prevent users from accessing services in the intended manner.  Whether deliberate or unintended, a denial of service depletes a server or service from resources, thus rendering it unusable. Students, staff and faculty members are forbidden from performing actions that would prevent other users from accessing a McMaster University information service. Students, staff and faculty members are encouraged to report problems accessing McMaster University services to the UTS Client Service Desk.

The Ontario Freedom of Information and Protection of Privacy Act (FIPPA) compels McMaster University to assure the protection of the privacy of individuals as it relates to personal information held by the university.

All information security incidents focused on confidentiality and integrity are to be assessed and analyzed as they relate to FIPPA.

The Ontario Personal Health Information Protection Act (PHIPA) compels McMaster University to assure the protection of the privacy of individuals as it relates to personal health information held by the university. All information security incidents focused on confidentiality and integrity are to be assessed and analyzed as they relate to PHIPA.

The Payment Card Industry Data Security Standard governs standards of protection as they relate to the handling of payment cards and the collection and handling of payment card data. Examples of PCI specific information security incidents include:

• Debit Card Fraud;
• Credit Card Fraud;
• Theft or tampering of point of sale (POS) devices;
• Inappropriate or unauthorized access to PCI virtual terminals;
• Unauthorized or inappropriate access to systems hosting payment card data;