Computer Security Guideliens

The following guides the secure use of Loyalist College issued or personal devices that the College’s system.

1. Passwords
  • Loyalist users are required to choose passwords that are not easy to guess, or are easily obtained though tools Commonly used items like “Loyalist” “Password” “12345” “qwerty” “secure” or the birthdays or names of the user and their family members, pets, etc. are strongly discouraged.
  • A user’s Loyalist College system password should not be the same as the user’s social media or personal online accounts (e.g., Facebook, Gmail, or online banking password).
  • Where possible and when other methods of creating and securing passwords do not exist Loyalist will force users to reset their passwords every 120 days.
  • Passwords for Loyalist College systems may not be stored in non-encrypted formats, such as Excel spreadsheets or Word documents. The use of secure password management software, such as KeePass, Password Safe or LastPass, are highly encouraged.
  • Passwords should not be shared with any other person, including other users of Loyalist College. Staff are explicitly prohibited to share their password with other staff members, even when attempting to assist the College (for example, for vacation coverage).
  • Users are not to provide their password to anyone who contacts through phone or email claiming to be from Loyalist College ITS. ITS will never ask for a user’s password. (Password requests should be reported to the Loyalist Service Desk)
2. Sending Sensitive Data via Email
  • Sensitive or private data should not be transmitted via email.
  • Passwords to College systems may be sent via email where there is no other communication method available AND when the password is set to force a change at the first use.
  • Users may contact the Loyalist Service Desk for guidance when unsure of whether or not information is considered personal.
3. Email Scanning & Security

E-mail can serve as a medium for e-mail viruses and other malware attacks. Unsolicited e-mails can lower productivity. Furthermore, unencrypted e-mail may lead to information leaks that can disclose proprietary information or lead to litigation and negative publicity. To lower the risks inherent in e-mail:

  • Users should not open any email attachment, or follow any URL unless the message and the contents were expected. Email names & addresses can be fabricated and alone are not considered to be a reliable indicator of a safe email.
  • To help identify messages where the sender has been fabricated to look like a Loyalist College sender ITS will tag all external messages with a messenger header similar the message below.
    • CAUTION: This message is from a source outside of Loyalist College. Please be cautious following links or opening attachments. Do not open attachments you are not expecting.
      • If the message contains text indicating that the message has been validated by ITS, or that links and/or attachments are safe to open, and should be reported to the Loyalist Service Desk without clicking any links, or opening any attachments. ITS will NOT tag a message confirmed that it is safe to open.
  • On occasion, Loyalist College ITS staff may be required to work with our anti-spam vendors to resolve issues, which may result in the vendor reviewing email messages specifically connected to the open issue. All vendors and Loyalist College ITS staff respect the privacy of everyone’s email and keeps all information confidential.
  • Microsoft Office documents containing macros that are attached to an email will be blocked. Temporary exceptions may be granted if a Dean/department head makes a written request to the Manager, Service Desk and IT Technical Services, detailing the specific business need.
  • Users with any doubts about the validity of a message should contact the Loyalist Service Desk prior to opening the message, attachment, or URL.
4. Software Installation and Updates
  • Only ITS personnel can install and update software onto a Loyalist College issued device. ITS will install only current and up to date software because outdated software is another major attack vectors for computer security risks.
  • Department/users requiring any additional hardware or software should contact ITS in advance of the date needed, to allow time to implement the request. In addition, the department/user must plan to budget for annual maintenance costs (if applicable) to keep the product updated. If updates are not purchased, the software package may be removed or disabled, particularly if a known vulnerability is disclosed by the manufacturer or global security community.
  • For Loyalist issued computers, any non-standard software must be configured to automatically update. Where this is not possible, the department/user requesting the non-standard software must discuss update requirements with the Loyalist Service Desk before the software package is installed. ITS staff will review auto-updating options on all lab computers.
5. Portable Storage Devices
  • It is recommended that all removable devices used, especially on College issued laptops, are encrypted and have a PIN to protect its access.