Employees

Information Security is a shared responsibility.

As a McMaster employee, you have a central role in information security. You work with McMaster’s data every day, and you have access to sensitive systems like Mosaic, email and WiFi. You might have access to very confidential information like student records, hiring information, or even health information. Because of that, it is important that you understand how to protect the information and systems that you can access.

Passwords

Choose a strong password for your MacID credentials, and keep it protected!

A good password is one that is easy for you to remember, but difficult to guess. MacID passwords must be at least 8 characters long (we recommend 12), and use a mix of letters, numbers and symbols.

Never share your MacID password, not even with your manager or your most trusted co-worker. When you share your MacID password you’re not just letting them access those files on the network drive, you’re giving them access to all of your personal information in Mosaic, emails, and more. Protect your MacID password and keep your information secure.

Phishing

If you have email, then it is very likely that you have received a phishing email; more likely many.  Phishing emails are messages that appear to be from legitimate and trusted senders like your bank, asking you to click a link or open an attachment.  They often appear to be very important, requiring you to take immediate action or risk losing access to something valuable.  Ultimately, you end up with malware on your computer or losing control of your email.  Phishing emails are often difficult to detect because they are designed to look legitimate and they prey on your excitement and fear.

  • If a message sounds too good to be true, it is;
  • Never follow links unless you know where they go;
  • Never open attachments that you weren’t expecting, especially from someone you don’t know.

If you receive what you think is a malicious message, be sure to report it to “is-spam” and let the experts at on the IT Security team take a look.

Be careful when opening attachments or clicking links in your email. If someone sends you an email with attachments or links without any context, you should delete the email right away. If you’re not sure if the email is real, please confirm with the sender before you open it.

Privacy

Know your Data! Confidential and sensitive information like health and financial records should be handled with great care, and established procedures should be followed to ensure confidentiality and integrity.

Employees should always have a clear understanding of the information they are handling. Don’t send sensitive information over email, keep a clean desk, and lock up sensitive data when it isn’t in use. And don’t forget to lock up or log out when you are away from your desk!

Physical security

Mobile devices including tablets and laptops with university data on them should be secured and protected at all times. All mobile devices should be encrypted using the set standards and should never be left unattended in public. Connecting to public wifi should be avoided at all times or should be used along with McMaster provided VPN services. If you think your device (like a phone or laptop) is lost or stolen, you need to let your local IT team or UTS know right away.

Reporting incidents

How we react when something goes wrong is critically important when dealing with information security. The Information Security Policy requires all members of the McMaster community to report known or suspected IT Security and Privacy Incidents to the appropriate authorities.

Take the time to learn how to identify Information Security and Privacy incidents, and how to report them. Watch for IT Security alerts and notifications sent via email, or posted to the @McMaster_ITSec twitter feed and the McMaster IT Security Facebook page. Reporting incidents is not embarrassing or cause for punitive action; reporting incidents fully and quickly is a helpful, positive act that helps keeps our information safe.