Information Security

A Nightmare on Shred Street 2: Data’s Revenge

Like any Hollywood nightmare, a sequel is always in the offing, and identity theft just isn’t going away. With that in mind, the second annual “A Nightmare on Shred Street” event was held on Monday, October 23. In support of Cybersecurity Awareness Month, Information Technology Services teamed up with Lethbridge Mobile Shredding to offer free shredding of personal documents, hard drive degaussing, and e-waste recycling at the University of Lethbridge.

In just four hours, this public event helped more than 100 people protect themselves from identity fraud by shredding over 2000 gallons of paper documents, as well as several hundred magnetic and other non-paper items (credit cards, cell phones, CDs, floppy disks, etc.) containing personal information. Over 3.5 cubic metres of electronic waste was collected and sent for recycling. A degausser was on site to demagnetize and erase 49 hard drives before recycling.

Donations for the University of Lethbridge campus food bank were gratefully accepted. The event raised $375 and collected 120 food items, which is enough for about seven hampers, to help University of Lethbridge students through the end of the fall term. Seven functioning laptops were also salvaged from recycling, with permission from the donors, and will be wiped clean and donated to the Operation Underground Railroad organization, which helps children escape from trafficking and slavery.

All of this more than doubles the numbers from last year’s event! Information Technology Services acknowledges the generous support of Lethbridge Mobile Shredding, DBS Environmental, Campus Safety, Facilities, and the many individual people who came together to make it happen.

Tis the season….to get scammed!

Once again the holiday season is upon us. This is a time where we celebrate family and friends, reach out to those in need and try to make the world a better place one little act of kindness at a time. Unfortunately, it’s also a time where those who don’t share our vision of “Peace on Earth” abuse the generosity and trust of people around the world by lying, stealing and destroying the financial lives of innocent victims. Cyberattacks are on the rise and the Christmas holiday season provides online fraudsters with ample ammunition to target online shoppers and those expecting various communications from mail and parcel delivery services.

In an effort to protect you during the holidays, the Information Management and Security Office would like to remind you of the following guidelines to help you keep your information and your computing devices safe and scam free.

Passwords

You certainly wouldn’t hang your house keys or car keys on your mailbox outside your house. Anyone could walk by, grab the keys and help themselves to your assets. Unfortunately, we don’t treat our passwords with the same kind of respect it seems. Passwords are the key to your online identity and improper usage or storage of them makes it easy for attackers to abuse your credentials and do things that would certainly land them on the naughty list. Some guidelines to remember for keeping passwords safe include:

1. DON’T REUSE PASSWORDS ACROSS WEBSITES. Although it’s tempting since passwords are hard to remember, it is a very poor practice to only have one password for your online identity. Not all sites are created equal so there may be some wiggle room in that directive but generally you need to have distinctly separate passwords on the following sites:

a. Banking
b. Email
c. Ecommerce sites that store your credit card or banking info (PayPal, Amazon, etc).

A password management tool like KeePass or LastPass can help manage your passwords and keep them safe. Many of them are free and will create a vault for you to store these precious assets in.

2. DO NOT ENTER PASSWORDS INTO WEBSITES THAT ASK YOU TO CONFIRM YOUR IDENTITY THROUGH EMAIL. Those emails that promise more space or a deactivation of your account are fraudulent. We refer to them as phishing attacks. These websites are often hosted in questionable locations that don’t have anything to do with the organization who supposedly sent you the email. Always check the address bar of your browser or hover over a link with your mouse to make sure you are where you think you are. For example, a uleth.ca login page will never be hosted on a site that doesn’t end in .uleth.ca (https://login.uleth.ca/cas/login, or https://adfs.uleth.ca )

For a complete training course on phishing, we encourage you to enroll in our online training materials available for all students, staff and faculty. Visit the Information Security webpage  for more information. Enrollment in these courses is easy.

Email Attachments

Part of our overall security strategy at the University is to restrict certain files from coming into your inbox. Certain attachments can be used to spread viruses, malware or ransomware. For example, you cannot receive .zip, .docm, .exe or .com files. All of these could contain potential risks and so we remove them before they ever have a chance to arrive in your email. However, we cannot control your personal email accounts or websites you may visit, which may host these types of files. We encourage you to never open a suspicious file from someone you don’t know or to click on links from non-trusted webpages that encourage you to download these types of files. When downloaded and running, these types of files can silently download malicious software onto your computer which could result in the complete loss of data or usage of your machine.

During the holidays there are some common scams that occur including emails which are attempts to trick users into thinking they are receiving a package or delivery. Because of the time of year we aren’t always thinking about whether or not we are actually expecting something and sometimes click on places we shouldn’t. A few years ago we had a huge spike in these kinds of emails and so we created a webpage that describes the attack in detail and how you can avoid it. Please review that summary here.

Ransomware
A new and very effective attack that is becoming increasingly popular is ransomware. This type of attack will hold your data ransom and demand payment (usually $200 – $400 per machine) in order to restore access. There is no technical solution that can fix ransomware once it has infected your computer and unless you have backups in place, you will be forced to pay or lose your data. Paying ransom can be complicated and doesn’t actually guarantee that you will be able to recover your data so the preference is to never get infected in the first place. Ransomware is typically delivered though malicious email attachments or files downloaded from the internet. Most infections can be easily avoided if you pay attention to what you click on and never allow untrusted applications or website to run programs on your system. Ransomware affects a variety of institutions and organizations. Recently, the University of Calgary and Carleton University in Ottawa had ransomware unleashed in their environment which caused huge interruptions to their research and teaching activities. These types of attacks could have serious implications on the University of Lethbridge and we urge all users to be vigilant in their computing activities to prevent similar incidents from happening here.

What can you do?
The Information Security program at the University of Lethbridge has created a variety of training and education opportunities to help you understand how best to protect your information. All University staff, faculty and students should be engage in these online and in person training opportunities. Any questions or concerns should be sent to ITS who will be happy to assist you.

Current training courses include:

1. Security Awareness (A general overview of good IT Security practices)
2. Phishing Awareness (A focused review of Phishing attacks and how to avoid them)
3. Data Encryption (How to encrypt and protect sensitive data in the event of loss or theft)
4. Data Storage Standard (All staff and faculty should take this every 2 years to determine where and how to store various types of data)

To schedule some in person training for your department, please reach out to Kevin Vadnais, 403-332-4056 or kevin.vadnais@uleth.ca, who will arrange a time to address the topics that affect your teams the most.

Hacker typing on a laptop

Cybersecurity Awareness Month

Cybersecurity Awareness Month (the month of October) coincides with Electronic Records Day (October 10 – sponsored by the American Council of State Archivists). Now that the Records Management Program has been combined with the Information Security and Business Intelligence programs, the Information Management and Security Office wanted to celebrate these events collectively and raise awareness about everyone’s role in Information Management.

We would like to give a special thanks to the Faculty of Management who were kind enough to loan us their popcorn machine during many of our events. The aroma of fresh popcorn helped us begin the conversation with many different people.

Information Booths
On the week of October 3 – 7, the Information Security Office set up booths in the UHall Atrium, and attempted to steal the identities of people brave enough to offer up their names to us. On average, we were able to uncover unknown personal information for approximately 75% of the individuals who spoke with us. The volume and type of data varied, from limited information to a complete package that would facilitate identity theft. It was an excellent opportunity to discuss tips and tricks with everyone that stopped by.

We kicked off Electronic Records Week (Oct 10 – 14) by releasing a number of new guides and information sheets to help faculty and staff manage their records. The topics addressed by these guides include: distinguishing between transitory and university records; managing email; electronic file and folder naming conventions; and managing information overload.

To get the word out, Records Management staff spent much of the week out and about at information booths across campus. We connected with faculty, staff, and students and offered advice for better managing both personal and university records. We used the opportunity to soft launch our Designated Records Officer (DRO) program when chatting with managers and executive directors. We were also promoting A Nightmare on Shred Street, which was held on October 31.

Life Balance Fair
On October 26, 2016, our Wellness Committee hosted the 10th Annual Life Balance Fair. This event aims to increase employee’s and students’ awareness of the importance of workplace and school health in order to optimize personal and organizational performance. We think that effective records management and information security best practices contribute to workplace health and attended as exhibitors to share this message with University staff. We continued to try to steal identities, distribute our new guides, recruit DROs, and promote A Nightmare on Shred Street.

During the month of October, we signed up about 20 people for records management training, including 15 DROs. We distributed over 50 paper copies of each of our new guides, even though we were directing faculty and staff to the electronic versions posted on our website.

A Nightmare on Shred Street
On October 31, 2016, the entire Information Technology Services department teamed up with Lethbridge Mobile Shredding to host A Nightmare on Shred Street. This event offered free shredding of personal documents (paper and non-paper), hard-drive and other storage media degaussing and e-waste recycling. While the the cold (~2°C) and driving rain put quite a damper on the event (pun intended), we collected two cubic metres of e-waste, about two dozen hard drives for degaussing and almost 15 large (96 gallon) shredding bins of personal papers. In the process we raised $170 and about two 121L garbage cans full of food donations for the campus food bank!

Next Year
If anyone has ideas on how we can make this annual celebration of Information Management and Security better for next year’s event, please reach out to our offices; we would be happy to hear your ideas. Until next year…

Information Management and Security Office Staff:
Ashley Haughton – Records and Information Manager
Vicki Lund-Tulloch – Business Intelligence Administrator
Darin McGee – Information Security Analyst
Cheryl Read – Records Technician
Kevin Vadnais – Manager, Information Management and Security Office

Microsoft Support for Older Versions of Internet Explorer Ended

ielogo1Microsoft will no longer be supporting any version of Internet Explorer other than the most current version (version 11).

Beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates. Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10. For more information, go to Microsoft’s announcement.

Any University computer system running Windows 7, Windows 8.1, or Windows 10 that is joined to the domain (you sign-in to the computer using your U of L username/password) has already been updated to Internet Explorer 11. Any Windows 7 or 8.1 computer not joined to the university domain or professional supplement devices may not have the latest version of Internet Explorer installed and action will be required on your part. Windows 10 computers running Edge or Internet Explorer browsers will already have the most updated version.

What should you do? To check the version you are currently running, open Internet Explorer and click on the gear icon gear_icon in the top right corner of the page and select “About Internet Explorer”. If your version is anything other than Internet Explorer 11, you will want to install the latest version.

To install the latest version, go to Windows Update windows_updatelocated in the Control Panel and select “Check for Update”. Internet Explorer will be one of the programs available to update. Select it and click “Install Updates”.

Why should you update? Without critical web browser updates, your PC may become vulnerable to harmful viruses, spyware and other malicious software which can steal or damage you data and information. Also many software vendors and websites, such as Office 365, no longer support older versions of Internet Explorer.

Please contact the ITS Solution Centre at help@uleth.ca or 403-329-2490 if you require additional information or assistance.

Android phones and the StageFright vulnerability

 

An issue was recently discovered on Android devices which could expose the user to potential cyberattacks. It is characterized by a specially crafted text message which attaches multimedia (video, music, pictures) data to the communication. By default, Android tries to process this information in the background so that when you open it up, it doesn’t buffer or cause delays with seeing the content. When the android device is attacked, malicious StageFright imagecommands are sent to the phone in the background and the user do not know they have lost control of the device. Risks of a compromise include stolen passwords, leaked contact information which are subject to attacks, data loss if files are stored on the device, and potential fraudulent transactions conducted in the user’s name without their knowledge or consent.

Unfortunately, fixes for android devices are pushed infrequently, but there are some steps you can take to prevent yourself from becoming a victim of this type of attack until your manufacturer releases an update.

There is an option in the text messaging application used to disable the automatic retrieval of MMS (multimedia) text messages. This allows you to determine if you trust the sender of the message before opening their communication. The steps for disabling may be slightly different for various versions of the Android operating system, but typically the user can find it by following these instructions.

Google Hangouts as default SMS:

  • Open Google Hangouts
  •  Choose Settings
  •  Select SMS
  •  Scroll down and turn off Auto Retrieve MMS

Google Messenger as default SMS:

  •  Open Messenger App
  •  Go to right hand of application and select the three dots
  •  Choose Settings
  •  Choose Advanced
  •  Turn off Auto-retrieve

Other (using default messaging app):

  •  Go to Messages App
  •  Select More
  •  Select Settings
  •  Select Multimedia Messages
  •  Turn OFF Auto retrieve

In order to see multimedia messages in the future, users will be required to click on the download button and the phone will process them as usual.

We are recommending that users watch closely for an update from the manufacturer that addresses this issue and apply it as soon as it is released. For additional information on the StageFright vulnerability, please visit the website: http://fortune.com/2015/07/28/stagefright-google-android-security/

For assistance, contact the Solutions Centre at 403-329-2490, or help@uleth.ca, or visit E610 in University Hall.

Data Storage Standard – what it is and why you need to care

Before your eyes glaze over, answer these simple questions:

  • Where do you store your University data?
  • Does it contain personal or highly sensitive information?
  • Do you use a cloud-based storage service like Dropbox or Google Drive?
  • What types of documents do you share with people outside of the University, or in another country?

As technology continues to evolve and our dependency on information sharing increases, it is becoming increasingly critical to ensure that academic and administrative staff classify, store and share their data appropriately.

The border between work life and personal life is becoming blurred.”

“People are demanding 24/7 access to their information—both personal and professional,” says Kevin Vadnais, Information Security Manager in IT Services. “Consequently, they have turned to cloud-based services which can provide constant availability to all of their information. The border between work life and personal life is becoming blurred. Perceived security and acceptable use of cloud-based solutions is often flawed and the University is taking steps to bridge that knowledge gap so that users are aware of the risks and benefits.

“There is also a difference between personal storage and work-related storage. Some personal storage solutions are free to a pre-set limit, and users pay over and above that, as is the case with Dropbox and Google Drive. Users are asked to either accept the end-user license agreement, or not use it. Most people do not take the time to read them and just accept the terms. Work-related, or enterprise, storage solutions are better protected through contracts between the enterprise or business and the cloud provider. Specific services are spelled out and privacy implications are assessed for that business or enterprise.”

To assist in educating the University community, IT Services has created and authorized a Data Storage Standard which is available on the University Policy website. This standard provides four points of guidance and expectations regarding the secure management of information with which individuals, departments and faculties have been entrusted.

We want people to balance the convenience of a cloud storage vendor with the risks of potential data loss, and to make the appropriate decision.”

“We want people to balance the convenience of a cloud storage vendor, such as Dropbox, with the risks of potential data loss, and to make the appropriate decision,” Vadnais adds.

Below are the highlights of the Standards. Faculty and staff are encouraged to not only review the document, but to download it or bookmark the page so that it is a constant reminder of their responsibilities.

  1. On-campus storage should be utilized for information that has specific requirements or constraints specifying it cannot be stored on systems outside of Canada, e.g. research funding requirements which mandate where resulting data is stored. These solutions typically include network shares (research drives, department shares, etc.), and P Drives.
  2. Cloud storage, commonly provided by third-party vendors such as Dropbox, Microsoft OneDrive’s personal and enterprise solutions, and Google Drive, etc., host users’ data in a robust data centre environment which is not located on campus. This environment typically resides in one or more geographic locations outside of Canada and, as such, subjects that data to the legal jurisdiction of the hosting country. Depending on the sensitivity of data being stored, additional security measures, such as encryption, may be required. (Selection of a third-party encryption tool is underway to support secure usage of cloud storage.)
  3. IT Services is currently developing online training on data storage and selecting the appropriate storage location for your data based on sensitivity. Staff and faculty will be asked to complete the training every two years, and again when significant changes are made to the data storage standard. This will ensure their knowledge is up to date on the latest technologies, threats, privacy implications, and best practices for data management. Training is not expected to take longer than 10-15 minutes.
  4. The use of email as a data management tool is a common practice at the University but is an unsustainable and risky strategy. Lost devices, compromised passwords, and human error (accidently sending the wrong information) can all lead to inadvertent data loss and possibly privacy breaches. While email is generally secure it is not appropriate for sending all types of data. Faculty and staff should become familiar with the data storage standard and use the appropriate storage and sharing technologies based on the data they are working with. The University is also exploring the use of email encryption services if sensitive information must be shared via email.

In addition to these four points, IT Services has implemented a data classification strategy to assist University users to determine the level of rigour that should be applied to specific pieces of information. These definitions classify the four types of data as follows:

  1. No/Low Risk – Category 1
    Information that is publicly available and poses little to no risk of negative consequences should it be seen outside the University:

  2. Medium Risk – Category 2
    Information typically used and shared in daily operational activities by University staff and faculty. This is not data we would normally publish outside of the businesses, but is not considered sensitive:

    • Meeting Minutes
    • Student coursework submitted to instructors
    • Preliminary research reports/results
    • Operational budget items (travel costs, office supplies, etc.)
  3. High Risk – Category 3
    Information that, if compromised, would be harmful to the University’s reputation or to an individual:

    • Employee/Student records
    • Payroll/Budget reports
    • Personally Identifiable Information (SIN’s, tax information, FOIP-related data)
    • Contracts and Terms
    • Passwords/Authentication information
  4. Critical Risk – Category 4
    Information in this category would cause significant damage to the institution if disclosed. Any data classified as a Category 4 should be given special attention as to its storage location, storage method and distribution channels:

    • Legal Proceedings/Appeals
    • Medical/Health information
    • Criminal Investigation results

(more…)

The coffee’s on Leslie – just in time for ‘phishing season’

 

The next time you see Leslie Gatner, Financial Analyst in Financial Services, the coffee’s on her. Gatner’s name was drawn to win the $25 Starbuck’s gift card for completing the online Phishing and Identity Theft course last month.

“We had a good response to the online course, but in my world, 100% completion would be ideal,” says Kevin Vadnais, IT Services Information Security Manager. He says he realizes it may not be realistic but it’s his goal nonetheless, especially with the holiday season looming.

“We’re coming into one of the busiest ‘phishing’ seasons with the upcoming holidays, so I would like to advise the University community to be vigilant.” Vadnais says the Christmas season logically lends itself to shipping scams by the bad guys. “Typically you will see emails from which you’re invited to download a .zip or .exe file that claims to have tracking information on a shipment. The email uses high-quality logos from companies like Canada Post, FedEx and UPS and, in addition, the grammar is far better than the usual phishing emails we see. Once the user clicks on the attachment, what it actually does is download malware on the user’s machine. The malware can contain a variety of threats: for example, Crypto locker is one that holds a computer hostage until a significant ‘ransom’ is paid, and there’s the threat of data theft. The bad guys can capture passwords when doing online banking, find personal data like social insurance numbers in tax returns, and both can lead to identity theft.”

As in all cases, Vadnais advises users to stop and ask themselves if it makes sense to simply click on an attachment, or go to the sender’s website instead to find tracking information. “Use common sense, if you’re not expecting a package, don’t click on a link that says you have one. One of the easiest clues is to hover your cursor over the link provided and compare it to what url shows next to it, or in the bottom of your browser. If it’s phishing or a malicious file, the destination in the link or image which pops up in the hover will not match what the browser text or image is showing. When that happens think twice about proceeding.”

URL hover image

 

 

 

Vadnais says the Information Security website is a good resource to check out if you’re wondering about an email. It contains some of the most current and common threats. He strongly encourages people to take the Security Awareness and Phishing and Identity Theft courses online, and more than once if required – just to refresh the memory. “They are excellent sources of information for everyone.”

Also contained on the site is a form users can complete to report a phishing attack. “The phishing messages we’re concerned about are those that appear in our inboxes, or slip by filters without the ***PHISHING MESSAGE*** alert in the subject line. We can take a lot of those sites down if we report them to the company whose image is being falsely used and alert organizations when we see one of their accounts being abused. This provides us an opportunity to take preventative measures to stop our accounts from being compromised.”

For more information, or to arrange a security session for your unit or department, please contact Kevin Vadnais at kevin.vadnais@uleth.ca.

Cyber Security Awareness Month wrap-up – it’s not too late to get your gift!

 

The IT Services Information Security Office and University Privacy Office extends a huge thank-you to the U of L community for its support of the recent events held in support Cyber Security Awareness Month.

About 150 students, faculty and staff stopped by the information booths set up in the UHall Atrium and Students’ Union building during the weeks of Oct. 14 and 20th, says Kevin Vadnais, Information Security Manager. “Everyone who took the 10-question quiz was awarded with a light-up yo-yo or pocket flashlight, and we still have more for those who didn’t get the chance at the booths.”CyberSecurity

Vadnais is encouraging everyone to take the online quiz, and they simply need to send him the answer to the bonus question via email at kevin.vadnais@uleth.ca to request one of the gifts. He adds that test-takers need to enter their name in the title of the screen to be eligible.

Earlier in the month, consultants for PricewaterhouseCoopers presented on Security Trends in Today’s Market at CASA which piqued great discussion among University and Lethbridge community members.

“We had a good response from the community both in the public and private sector. I think most were engaged in the topic and took away valuable information. This kind of event sets the stage for more related sessions in the future and promotes collaboration within the Lethbridge community. It’s everyone’s problem and everyone’s responsibility to educate and protect themselves, and those they may serve,” Vadnais adds.

Everyone is reminded to take the 10-minute phishing and identity theft course in order to be entered into a draw for a $25 Starbucks gift card. Completion of the course must occur by 11:59 PM on Oct. 31 to be eligible for the draw.

Faculty, staff and students are also strongly encouraged to take the security awareness course that is now a permanent feature on the Information Security website.

For more information, contact Kevin Vadnais at (403) 332-4056 or kevin.vadnais@uleth.ca.

Free cyber security seminar – Security Trends in Today’s Market

When was the last time you changed your password(s)? How secure is your company’s network – or your client’s data? Can you recognize a phishing scam?

October is Cyber Security Awareness month in Canada. In our highly connected world, awareness about faceless bad guys – or bad actors, as they’re known by IT security professionals – is as important as looking before crossing a busy street.

“Information security is everyone’s business,” says Kevin Vadnais, the University’s Information Security Manager. “Our organizations expect us to protect the data over which we have been given responsibility. Educating ourselves about the risks in our internet centred environment protects us as workers, clients, and citizens, as well as the businesses we operate.”

The Information Security Office at the University of Lethbridge is hosting a free security seminar for the Lethbridge community to help improve awareness of information security risks.  Join security experts from PricewaterhouseCoopers: Neil Karan, Alberta’s cyber security leader and director in PwC’s Risk Assurance Service practice, and Bryson Tan, national threat and vulnerability management practice lead, in a conversation about current and emerging trends in the information security landscape. Brief bios on the featured speakers are below.

“Rarely do we have the opportunity to ask the people on the front lines of information security what they encounter on a day-to-day basis. The presentation is a nice mixture of lecture and an interactive Q & A session,” says Vadnais.

The event takes place at CASA in the ATB Financial Community Room, 230- 8 St. South, on Thursday, Oct. 16 from 1-4 pm.

Attendance is free and anyone interested is welcome, however RSVPs (via ticket download) are required to ensure adequate seating. Light refreshments will be provided and a non-sponsored social event will follow at the Telegraph Tap House (310 6 St S, Lethbridge, AB T1J 0H4).

To reserve your space: https://uleth.universitytickets.com/user_pages/event.asp?id=440

For more info on cyber security in general, visit the the University’s Information Technology Services website. Also watch for upcoming announcements and activities on campus in support of Cyber Security Awareness month.

Neil Karan, PwCNeil Karan is the Alberta Cyber Security Leader and Director in PwC’s Risk Assurance Services practice, working out of the Calgary office.  Neil is responsible for executing threat and vulnerability management programs, digital foot printing, social engineering, security strategy reviews, and breach response initiatives.  

 

 

 

Bryson Tan, PwCBryson Tan is the National Threat and Vulnerability Management practice lead at PwC and is responsible for the development and delivery of services that include Cyber Resilience assessments, penetration testing, vulnerability assessments, source code assessment, platform security diagnostic services, wireless detection and evaluation and enterprise network security.

 

Important changes to U of L Email and related services

Standards

IT Services – Access Standards Released

Recently a number of significant documents (five in total) describing the University’s rules for granting and revoking a number of technology services were created by a University representative committee and authorized by the CIO. These documents describe the various services available to faculty, staff, students, alumni and outside entities that desire the use of the IT infrastructure of the University. The material is available on the University of Lethbridge policy website, which is publicly available here: http://www.uleth.ca/policy. To review, set the filter on “Information Technology” and the documents will appear alongside the password standard, acceptable use, and screen saver policies.

IT Services encourages all University users to review these documents to familiarize themselves with their contents. See below for a summary of major changes.

Major Highlights of the Data Access Standard documents

Employees/Administrative Staff

  • Effective immediately, University of Lethbridge employees will no longer be eligible for “email for life” when they retire. From the moment of termination, access to email will be removed. An automated message indicating failure of receipt will be active for 3 months. As always, we strongly encourage administrative staff not to use their uleth.ca address as their primary personal contact email. Many free services offer competitive, secure email products and should be used instead. Personal emails are permitted in uleth.ca accounts however, extensive use is not advised.
  • A separate staff drive (similar to the P: Drive) will be created for University business use in order to separate student data from University data. Once employment is terminated, access to this drive will be removed.
  • Exception cases exist where an employee is also a currently enrolled student.

All individuals who are currently receiving an email for life benefit will not have their services revoked. This affects only new retirements of administrative staff from May 1, 2014 and beyond.

Faculty

  • If not retiring in good standing, email access will be removed immediately. An automated message indicating failure of receipt will be active for 3 months. For those that retire in good standing, their uleth.ca email will be available for life.
  • A separate staff drive (similar to the P: Drive) will be created for University business use. Once employment is terminated, access to this drive will be removed (regardless of retirement standing).
  • Exception paths exist for reinstating access through department chairs, deans, and the University Provost.
  • Academic/research data will not be deleted, but this provision is only temporary until a data retention committee can identify a more permanent solution that better handles this type of information.

Students

There are no changes to current service practices, which include:

  • Access to email terminates approximately one year after the last registered class is completed.
  • Access to the personal drive (P: Drive) terminates approximately one year after the last registered class.

Please see the document for additional details.

Alumni

  • After graduation, a new email address, @alumni.uleth.ca, will be assigned and enabled for life, or until a removal request has been received. Instructions will be available to help transition content between student addresses and the new alumni addresses if desired.
  • No additional services will be available for alumni other than email/Bridge access. Access to services such as the library will determined according to individual policies and regulations.

External Groups

  • Temporary accounts require approval from a sponsor’s supervisor, unless they are a Dean, Executive Director or a higher ranked official.
  • All temporary accounts will auto-terminate based on the usage dates provided at the time of their creation.

If there are any specific questions about these new standards, please do not hesitate to contact Kevin Vadnais, Manager, Information Security Office.

Phone: 403-332-4056    Email: kevin.vadnais@uleth.ca