Blog from February, 2020

Pink Shirt Day is February 26, 2020.

Bullying is a major problem in our schools, workplaces, homes, and over the Internet. Each year, on Pink Shirt Day, people are encouraged to wear something pink to symbolize that we as a society will not tolerate bullying anywhere. 

Bullying is an age-old problem for students and society in general, but the anonymity of Internet communications is bringing the harmful practice of bullying online, as some are using these communication tools to intimidate and threaten others. Because of this, many Internet Service Providers and social media sites are working to put a stop to this destructive behaviour. 

Cyber bullying occurs when a person is tormented, threatened, harassed, humiliated, embarrassed or otherwise targeted by another person using the Internet, interactive and digital technologies or mobile phones. Cyber bullying most often involves minors but can occur between adults or adults and minors.

RRU’s Security Awareness program and Cyber Security Ambassadors recognise that cyber bullying is a concern not only for students but for those of our faculty and staff who are parents.  In recognition of Pink Shirt Day we’d like to provide some resources that will help you better understand cyber bullying, learn how to talk to your young people about cyber bullying and learn where you can get help if you or someone you know is being targeted by a cyber bully.

Learn about Pink Shirt Day and how it all started.  Yes, it's a Canadian invention!  Here's the link: https://www.pinkshirtday.ca 

A similar site Pink T-Shirt Day has more related resources:  http://www.pinktshirtday.ca/ 

CBC has a great kid-friendly site set up for Pink Shirt Day.  Check it out here: https://www.cbc.ca/kidscbc2/the-feed/what-is-pink-shirt-day

Microsoft has an awesome site for kids that looks at many aspects of cyber bullying.  They've got a ton of resources!  Here's the link: https://www.microsoft.com/en-us/digital-skills/online-safety?activetab=protect-whats-important%3aprimaryr3 

The Edmonton Police Service has an excellent page on the topic of cyber bullying:  http://www.edmontonpolice.ca/CommunityPolicing/FamilyProtection/ChildProtection/BullyingAndCyberbullying.aspx  

ProtectKidsOnline.ca is designed to assist parents/guardians in protecting their children on the Internet: https://protectkidsonline.ca/app/en/ 

NeedHelpNow.ca helps teens stop the spread of sexual pictures or videos and provides support along the way: https://needhelpnow.ca/app/en/ 


Downloads

                       

Video - Top Three Online Threats

It's one of those really cool but hardly noticed features of Outlook and many other email clients.   You write an email, click in the "To:" field and start to type the name of the person you want to send it to and almost like it's reading your mind Outlook auto-magically presents the name of the person you want to send the email to.  Sometimes typing two or three letters is enough to bring up the name you're looking for.  However, (there's always a "however", isn't there?) this feature - known as auto-complete - has a dark side that I'll bet many of you have experienced.  Sometimes the name auto-complete shows you isn't  the name of the person you wanted to send the email to.  Click Send without noticing this and the result can be everything from minor embarrassment or inconvenient to a major privacy breach that impacts the whole university.

Okay, we've all seen or experienced this.... is it a problem?  Well, consider:

  • In 2018, the Verizon Data Breach Investigations Report listed email auto-complete as the cause of 8% of ALL data breaches world-wide.
  • Closer to home, Royal Roads has had 5 privacy incidents in the past 5 months where email auto-complete was the cause.  
  • When an organisation exposes personal or sensitive date inappropriately, it can experience an impact to its reputation, and a financial cost related to remediating the damage caused by the inappropriate exposure of the data.  
  • Considerable staff time can be involved in cleaning up after data is disclosed in this manner.  

Alright, it's a risk with potentially a big impact to the university. Does this mean that RRU is turning off email auto-complete?  The answer is no, not at present.  What we're doing instead is launching an education campaign with some tips and tricks that will help you use this very convenient Outlook feature in a safer manner.

Speaking of tips and tricks, here's a few things you can do:

  • Create a 1 minute delay-send rule in Outlook.  We like this tip the best because most people who get tricked by auto-complete realise what has happened seconds after clicking Send.  However, if you have a 1 minute delay-send rule, you can catch the email in your Outbox before it goes out.  Please see the section "Delay the delivery of all messages" on: https://support.office.com/en-us/article/delay-or-schedule-sending-email-messages-026af69f-c287-490a-a72f-6c65793744ba
  • Disable the automatic name checking / auto-complete feature in Outlook.  The catch with doing this is that Outlook will still automatically resolve a partially completed name. It does not do this immediately but, scarily, it does it when you hit Send. If you want to give this a try it's pretty simple.  in Outlook go to: File > Options > Mail and under Send messages un-check „Use Auto-Complete“.
  • Remember these three words every time you compose an email:
    • WRITE: Compose your email.  Leave the To: / Cc: / Bcc: fields blank.
    • CHECK: Fill in the To: / Cc: / Bcc: fields and check that the recipients are correct.
    • SEND: Send your email

To recap, while it may be hard to believe that a helpful feature like email auto-complete could represent a risk to the university the numbers show that it indeed can.  We - the RRU Community - can prevent this risk from becoming a reality by being careful now we use email  auto-complete and taking advantage of some of the tips shown above.  

REMEMBER - WRITE, CHECK, SEND 


Thanks to the RRU Cybersecurity Ambassadors for content suggestions.