SECURITY AWARENESS TRAINING

Mount Royal has two security awareness training programs for their employees. Which program you complete depends on whether or not you handle payment card data.

Basic Security Awareness Training Program for Employees

All staff and faculty members at Mount Royal University are registered in an online Basic Security Awareness training course. The course takes about an hour to complete. It covers everything you need to know to keep yourself, your family and Mount Royal safe from cybercrime. It tracks your progress, so you can complete it at your own pace, and it is fun and engaging.

Prefer to learn from a human? Take the Protecting yourself against cybercrime workshop instead. The workshop is an hour long. It includes lots of interaction, handouts and follow up exercises. Register for the workshop on the Employee Training portal found on MyMRU. Regardless of which training method you choose, all staff and faculty members are asked to complete their training both when they are hired and during the month of October every year.

Security Awareness for Payment Card Handling Training Program for Employees

To maintain our PCI compliance, all full-time employees who handle payment card data are required to complete the Basic Security Awareness training course as well as the Security Awareness for Payment Card Handling course. Casual employees who handle payment card data have their training streamlined and are only required to complete the Security Awareness for Casual Staff course. All of these courses are delivered online. The courses are mandatory and must be completed upon hire and during the month of October every year.

Access the Online Security Awareness Training Course(s):

  1. Login to Blackboard using your MyMRU username and password.
  2. In My Courses, click to select the training course.
  3. Notes

    • Which courses are listed depends on what type of employee you are (see information above).
    • If you do not have a security awareness course listed in My Courses, you have not been enrolled in security awareness training. To enroll, fill out the Registration for Security Awareness Training Form.

BEST PRACTICES FOR USING GOOGLE APPS

Best practices for using Google Drive

Best Practices for using Google Sheets/Docs

Permissions & Actions

Permissions & Actions Chart

Sharing Setting Locations

TWO STEP VERIFICATION IN GOOGLE CHROME

Two Step Verification provides an added level of security to your Google account. Once it is turned on, logging in to your account on a different computer requires your password and either a response to a message or a verification code that is texted to your phone. If you have an Android phone or an IOS device with the Google App installed on it, you only have to respond to a message on your phone. If your IOS device does not have the Google App installed on it, you will have to enter a verification code to access your account. Regardless of which method you use, Two Step Verification is not used when logging in from the devices you use every day.

To make sure that you can still get into your account when you don’t have your phone, print off a list of back up codes. The codes can be used to login to your account instead of responding on your phone or using the texted verification code.

Turn on Two-Step Verification for Chrome on an IOS Device that does not have the Google App:

  1. Open Google Chrome and click your profile photo. Click the Google Account button. The Google Account webpage appears.
  2. Under Sign-in and security, select Signing in to Google and select 2-Step Verification.
  3. Click the Get Started button. You may need to scroll down to find it. Reconfirm your password.
  4. On the drop-down menu, select the Text message or voice call option.
  5. Enter your cell phone number in the text box. Click the Next button. Google sends a text message with a verification code to your phone and the confirmation page appears.
  6. Check your phone for the verification code and enter it in the code.
  7. Click the Turn on button. When you next login to Google, you will have to enter your password and then the verification code that Google texts to your phone.

Turn on 2-step verification for Chrome on an Android device or IOS Device that has the Google App:

  1. Open Google Chrome and click your profile photo. Click the Google Account button. The Google Account webpage appears.
  2. Under Sign-in and security, select Signing in to Google
  3. The Signing in to Google page appears. Select 2-Step Verification. The 2-Step Verification page appears.
  4. Click the Get Started button. A dialog box appears asking for your password.
  5. Enter your password in the text box and press the Next button. Then use your phone as a second sign-in step page appears
  6. Click the TRY IT NOW button. The Google app on your phone will display the Trying to sign in from another computer? message.Tap Yes on your phone.

Note: Print out back up codes now by clicking Use Another Backup Option or use the method below at a later date

    To print off a list of backup codes:

  1. Open Google Chrome and click your profile photo. Click the Google Account button. The Google Account webpage appears.
  2. Under Sign-in and security, select Signing in to Google.
  3. Select 2-Step Verification.
  4. Scroll down to locate the Backup codes heading. Click SET UP. The backup codes dialog box appears.
  5. Click the Print button.

Note: Once you have printed off the backup codes, store them securely. These can be used to login when you don’t have your phone. Each code can only be used once.

DISABLING AUTOFILL

Chrome’s autofill captures, stores and inputs commonly used credentials such as logins, ids and credit cards.

How to Disable Chrome Autofill

  1. Click the three vertical dots in the upper right-hand corner of the browser window. Select Settings from the menu.
  2. Click Password. Turn off Offer to save passwords and Auto Sign-in.
  3. Click Payment Methods. Turn off Save and fill payment methods.
  4. Click Addresses and more. Turn off Save and fill Addresses. Close the webpage tab. The settings are updated.

LOGGING OUT OF THE GOOGLE CHROME BROWSER:

To log out of Google Chrome

  1. Click the three vertical dots in the upper right-hand corner of the browser window. The Customize and control Google Chrome menu appears. Select Settings from the menu. The Chrome Settings page appears.
  2. Click the Turn off button.
  3. Confirm logging out by clicking the Turn off button. Close the webpage tab. The settings are updated.

LOCK YOUR SCREEN

To prevent unauthorized access to your computer, your data and the Mount Royal University network, lock your screen whenever it will be unattended even if it is for just a few minutes.

To lock your Screen on PC:

Press L + Windows Button

To Lock your Screen on Mac

Press Control + Command + Q

WORKING REMOTELY SAFELY

General Guidelines for Working Remotely

Whether you are working from home, at a conference or at the cafe, there are some simple things you can do to stay cyber safe:

Visit encrypted sites Make sure the websites you visit are using an encrypted connection. Encrypted sites have https in the URL and display a lock icon.
Visit sites with valid authenticity certificates If you visit a website and the browser displays a dialog box stating that there is a problem with the site's authenticity certificate do not continue to the site. It may contain malware.
Keep software up to date Ensure software and apps including Windows and antivirus are kept up to date. Updates fix system vulnerabilities often used by cybercriminals to compromise your systems.
Install antivirus and firewall software Antivirus and firewall software should be on all your devices as well as your computer and/or laptop. Remember to activate the firewall.

Connecting to Public Wi-Fi

To stay safe when connecting to public Wi-Fi, follow these simple guidelines:

Check the name of the Wi-Fi connection Make sure it is spelled correctly. Criminals can set up their own hotspots or Wi-Fi access points with names very similar to legitimate ones to trick you into connecting to them.
Do not use a computer that is not your own to connect Public machines found in kiosks or hotels often contain keyloggers and malware that record the computer screen. Casual web surfing that doesn’t require you to enter a username, password or other private information should be fine.
Do not advertise where you work Keep branded swag, business cards and your campus card under wraps. Once a cybercriminal knows what network you have access to, it makes it easier for them to hack you.
Watch for shoulder surfers Cybercriminals love to shoulder surf and take photos of your screen to learn usernames, passwords and other information they can use against you later.

Working with Sensitive Data

If you need to work with sensitive data such as personal or financial information, it is recommended that you leave that information on the Mount Royal servers or in Banner or FAST and use the MRU Secure Remote Access Service (SRAS). SRAS allows you to connect to the network or your workstation using a secure VPN (virtual private network). When using SRAS, follow these guidelines:

Connect through the Terminal access pane. Connecting using the access pane connects you directly to your workstation.
Do not ignore security certificate warnings Cyber criminals will still try to compromise the encrypted SRAS connection. If your browser displays a dialog box that states, "This site's security certificate is not trusted" or "There is a problem with this website's security certificate" someone is attempting to hack the line, do not proceed to the site. The site is for authorized users only.

Note: To use the SRAS, you need an account. Contact the ITS Service Desk to have an account set up for you.