Security Resources

• We will always send messages from a legitimate "@uregina.ca" email address.
• We will never ask for your password in an email.
• We would never require you to provide information in order to keep your email account. As long as you are a current student, faculty member, staff member, retiree or alumnus, you are entitled to have a working email account and we know your status.
• We will always provide a contact person, including name, position, and phone number.
• Legitimate messages will not ask for personal information.
• Check the message header to see the actual address the email came from.
• Trust your instincts. If the message seems strange and unexpected, it is likely spam.
• Hover over any links in the message to ensure they go to reputable domains.
• If you do inadvertently click a link from an email, always check the site that it takes you to, and watch for unusual additions to the URL.

• Disregard the message, and delete the email immediately.
• If you do not deal with the bank the message appears to be from, it is definitely spam.
• Never provide personal information via email. Email is not secure.
• Never open attachments on messages you are not expecting, or are unsure about.
• Never click a link in an email.
• If you are concerned the message may be real, do not respond to the email, do not click any links and do not open any attachments. Instead, go directly to the company website first and log in as you normally do instead of using any provided link. You can also contact the company or bank directly to inquire if you are unsure.
• If you are not sure about the legitimacy of a message, you can forward as attachment to report.phishing@uregina.ca to have the message evaluated.
• If you know the message is not legitimate, you can report the message to Microsoft. This will allow the sender or type of emails to be blocked. Other recipients can also be notified. Report the message to Microsoft first  or alternately email report.phishing@uregina.ca (forward email as attachment).

• Go to Information Services
• Scroll down and find "Change Password"
• Fill out the fields and click "Change Password".
• Report the potential account compromise to IS Service Desk

Note: This changes your uregina password for everything your username and password is used for; uregina Outlook email, WiFi access on your phone, tablet or laptop, logging into university-owned computers, and UR Courses.

Why does this happen?

• Spammers are getting more and more sophisticated in their use of technology, and are able to construct messages in such a way as to appear legitimate and get past our SPAM filters.

For additional information on Phishing, please consult the following websites:

• Recognize phishing scams and fraudulent e-mails (Microsoft Corporation).
• Phishing or Brand Spoofing (Royal Canadian Mounted Police).
• Internet Crime Prevention Tips (Federal Bureau of Investigation)
• Get Cyber Safe (Government of Canada - video)
• Phishing for Apple Users (Macintosh).

If you are unsure if an email is fraudulent or would like to report a phishing attempt to your @uregina.ca email account, please report the message to report.phishing@uregina.ca (forward as attachment) or contact the IS Service Desk:

• FootPrints Ticket Webform (employees only)
• Email: Service.Desk@uregina.ca
• Phone: 306-585-4685
• In person at ED137 or Archer Library

In your report, please include the email message you are reporting or inquiring about. This is most easily done by forwarding the message as an attachment to Report.Phishing@uregina.ca.

Windows

• See, University of Regina Windows Software Download and Info

Mac

• See, University of Regina Mac Software Download and Info

• Depending on which operating system your computer is running, you can use either Windows Defender or Microsoft Security Essentials to get protection against malicious software and viruses.
• If your home or personal computer is running Windows 10, you can use Microsoft Windows Defender. Windows Defender is built into the operating system, and does not require a seperate installation. However, it should be configured to ensure it is receving updates and is scanning frequently. For more information, please see Microsoft Windows Defender.
• Another good option is Sophos Home which provides a free version of Sophos for Windows.
• If your computer is running Windows 7 or earlier, most antivirus systems will not provide protection, as Windows 7 and earlier operating systems are no longer supported.
• Windows XP and Windows 7 are no longer supported and should be retired.

• Macs can be infected by a growing number of viruses and other malware.
• All registered students and employees have M365 and can download Microsoft Defender if you wish to use this security feature on a personal device.
• University-owned computers should only use Sophos (more info).
• You can download the recommended Antivirus for Mac from Sophos, free of charge. Mac OS X 10.6 and up is supported.

• Malwarebytes Anti-Malware for Windows is free Anti-Malware scanner software that detects and removes malware like worms, Trojans, rootkits, rogues, spyware, and more. 
• Microsoft Safety Scanner is a free Anti-Malware utility that checks for and removes malware from computers running most versions of Windows.  

• Malwarebytes Anti-Malware for Mac is a free Anti-Malware scanner that detects and removes malware like adware, and known Mac Trojans.

• Malware is short for malicious software.
• Malware infections stem from a number of vectors such as emails, websites, and downloads.
• Malware seeks to exploit vulnerabilities to capture personal information, user names and passwords, are used to take control of a computer or gain access to a network.
• It includes viruses, worms, Trojans, rootkits, spyware and adware.
• It can be used to steal information such as passwords and confidential data, corrupt files/data and, possibly, spread to other computers and the campus network.

Think before clicking

On websites

• If you are unsure, open another tab and research the software you are being asked to install.

In email

• Unless you completely trust the source, do not click on a link.
• If undecided, hover the mouse over the link and the destination address will be displayed at the bottom of the window. 
• Verify that it will take you where you expect.

In pop-up windows

• Some pop-ups will try to persuade you to install software or perform a free “system scan.”
• Often, they will use scare tactics to encourage you to use whatever they offer.
• Close the pop-up without clicking on anything inside, including the X in the corner. Use the Windows Task Manager accessed by pressing Ctrl-Alt-Del or right-clicking the Task Bar.

In software installers

• Some software installers will attempt to install malware with the intended product.
• Pay close attention to what you are clicking and, if unsure, cancel the install.

• Anti-virus software, such as Sophos, provides a notification or warning.
• Anti-malware software, such as Malwarebytes, providing a notification or warning.
• Slow system performance.
• Web browser takes you to sites you didn't intend.
• More than normal amount of pop-up ads.
• The Home page of your web browser has been changed.
• Toolbars appear that you didn't install or request.
• You lose ability to access files to which you previously had access.

• Turn off WiFi.
• Unplug the network cable; and
• Contact the IS Service Desk
  • FootPrints Ticket Webform (employees only)
  • Email: Service.Desk@uregina.ca
  • Phone: 306-585-4685
  • In-person at ED137 or Archer Library

• Once a computer has been infected with a virus, the first step is to run an Anti-Virus program to clean, or disinfect the machine.
• If the first option does not eliminate the virus, please contact the IS Service Desk. They can assist with virus removal.

• Default-deny means that network traffic, which is not specifically allowed, will be denied.
• At the firewall level, it involves defining permissible ports and protocols and turning everything else off.
• This change impacts the internet (border, edge, or perimeter) firewall, which stands between the University of Regina's internal network and the public internet.
• Firewalls protecting the campus network control incoming network traffic. Firewalls use security rules to determine which traffic is allowed.

• Work began on this initiative in 2019, with completion occurring in mid-2021. 
• Effective July 9, 2021.
• U of R network-connected devices are subject to a strengthened border firewall poster, known as “default-deny.”
• This best practice approach to securing enterprise environments means that only approved network services, such as applications or websites will be exposed to the internet.
• This approach better protects endpoints from threats originate on the internet.

• Secure network services are essential for the University's operational goals.
• Firewalls are the first line of defense against cyber-attacks and are a critical component of information security.
• Also, firewalls provide a point where security controls can be implemented across the campus computing environment.

The outcomes of this change include:

• Reducing malicious and anomalous or unusual traffic, reducing information security risks and network/hardware utilization.
• Many information security standards suggest alignment with border perimeter controls as a means to reduce the attack surface of internal systems.
• Improving the ability to audit firewall rules and validate internet exposure to internal networks.
• Provides clarity on how a service owner can submit a request for a network port to be exposed on the internet.

This initiative aligns with several prior changes to allow remote access services and applications only available on campus by default.

• Limit internet traffic into the campus network to traffic which an internal system has requested.
• Unsolicited traffic of an external origin will not be permitted to cross the network perimeter to reach internal systems.
• This approach helps protect internal systems from vulnerability exploits, denial of service attacks, and password guessing attacks. 

• Owners of existing services have been contacted, and exceptions have been established to permit the service to remain accessible.
• Existing services should not be impacted. 

• No, devices on the campus network can connect to the internet and are able to access external services as usual. For example, web browsing is not affected.
• Most users will not notice anything.
• This is thanks to the implementation of ‘stateful firewalling,’ which allows known active connections originating from a device connected to the campus network to pass the firewall.

• Firewall posture impacts both TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

•  No, services located in the network zones corresponding to data centres are not impacted.
• It impacts only subnets which provide connectivity to endpoints such as desktops and wireless.