Information Security

UIT Information Security provides resources and services university-wide to help protect York's information assets and infrastructure from cyber threats. Services include vulnerability testing, monitoring, security incident handling and security consulting.

Information Security Website>>

Submit a Service Request

Featured Services

Overview:

2FA is required for all active student, staff, faculty, sponsored affiliates accounts and retirees to promote a safer online environment and to help safeguard York and the community's information security and privacy. Two-factor, two-step, or multi-factor authentication (MFA) is a security process that requires you to use two different authentication factors (methods) to verify your login. Think of your first factor as the lock on the front door of your house and the second factor as the door's deadbolt. The first factor is your Passport York password, and the second factor is a push notification, a code or call sent to your cellphone or a physical security key inserted into your computer. Two-factor authentication is the most effective way of protecting both your credentials and the resources you access with those credentials. With two-factor authentication, you can ensure that all your data remains safe, even if your password is compromised.

How do I Access it?

UIT recommends enrolling your smartphone with the Duo app for ease of use and best experience. If you don't have a smartphone, you can order your Duo hardware token at the YorkU Bookstore. When completing your Duo token order, please use your York University email address.

For more information on Duo 2FA set-up, instructional videos, and general issues and troubleshooting, please visit the Duo 2FA page on the Infosec Website:

Duo 2FA Page>>

Overview:

York University community members are frequent targets of phishing attacks. You—the user—have an important role to play in keeping your data safe from compromise. The “Report Phishing” button on your Outlook or Gmail will automatically report suspicious messages to the Information Security team.

How do I Access it?

Instructions on how to report phishing via email can be found on the UIT Information Security website:

Report Phishing>>

Overview:

SSL Certificates are small data files that digitally bind a cryptographic key to an organization's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser. Any server containing sensitive data should have an SSL certificate.

How do I Access it?

To request an SSL certificate, please go to the Information Security website:

SSL certificates>

What are Spyware & Adware

Spyware is software that, in general, is surreptitiously installed on your computer. It covertly installs itself on your computer through vulnerabilities in the operating system and/or the web browser, or by piggybacking on other program installations. Frequently, the piggybacking is associated with socalled free downloads such as games, music, screensavers, emoticons and peertopeer software. The general purposes of spyware are to steal personal information without your knowledge (e.g. username and passwords), monitor your computing habits (e.g. websites visited), and vandalize your data.
Adware, much like spyware, is installed by stealthy means. Adware is financially supported malware, where displaying advertisements through annoying popups is the most common format. These advertisements can range from innocuous cell phones to pornographic content. In addition to the popups, some adware also collects computing habits like spyware which is transmitted to remote databases. Adware is known to alter system files, slow down your Internet connection and often impairs the processing power of your computer.
The distribution of spyware and adware has become far more deceptive recently. By burying consent for installing their programs in the End User License Agreements (EULA), distributors of these programs are claiming legitimized installations. If you do not read nor fully comprehend the EULA and privacy statements you agree to, you may be unknowingly allowing the spyware and adware to be installed with consent.

Common Symptoms of Spyware & Adware

Unusually slow or sluggish processing (including slow booting and web browsing)
Random advertising popups
Computer takes longer to bootup
Unusual system instability (including consistent system hangs and more computer crashes than usual), or
Odd browser behavior such as:
- Inability to browse web pages at all
- Redirection to search sites you have never seen,
- Gaining a toolbar you did not intentionally install
- Having your default home page changed.
- Web pages are automatically added to list of favorites
- Popup advertising windows appear when the browser is not open or over Web pages that do not normally have popups.
- Difficulty logging into secure websites like MyMail/MyMail

Preventing Spyware & Adware

1. Know what you are installing. As stated above, piggybacking is a common installation vector, as is consent through the EULA.

2. Make sure your computer has the latest operating system patches and security updates.

3. Do not click on suspicious links.

4. Ensure you have your AntiVirus/AntiSpyware/AntiAdware software up to date
(antivirus and antispyware software are becoming merged).

5. Increase the security setting for your browser to medium or high level.

Learn More

Not finding what you are looking for or need technical assistance? We are here to support you!

Visit us

Submit a Service Request