What's new in cybersecurity at UNB

Here are some of the latest steps UNB is taking to increase your cyber security:

Identity and access management policy

ITS is seeking input from faculty, staff and students on UNB’s draft identity and access management (IdAM) policy. (IdAM refers to the set of business policies, processes and supporting infrastructure for managing how we create, maintain and use IT accounts at UNB).

Have a say in the final version of the policy by sending your feedback to Erik Denis (senior cybersecurity officer, ITS) at erik.denis@unb.ca or 506-451-6842.

How this will help keep you and UNB more cyber-safe: by providing a clearly defined set of policies, standards, guidelines and procedures around identity and access management at UNB.

Back to top

New virtual private network (VPN)

This year, UNB’s existing Virtual Private Network (VPN) is being replaced with a new VPN solution – FortiClient – that is much more reliable, stable and secure. The new VPN will be available to faculty, staff and students in October 2019 - stay tuned for further details to come.

How this will help keep you and UNB more cyber-safe: by allowing you to safely access secure UNB files and services while connected to Wi-Fi.

Back to top

Improved password requirements

ITS is currently investigating: 

  1. Updating UNB password rules so passwords no longer expire if they reach a certain complexity.
  2. Implementing multi-factor authentication at UNB.

How this will help keep you and UNB more cyber-safe: by better aligning UNB password and login requirements with industry standards.

Back to top

Enterprise password manager

ITS will soon be submitting a request for proposal for an enterprise-wide password manager solution for faculty and staff. More details will be shared as they become available.

In the meantime, we recommend using Dashlane and LastPass – they’re free and can be used for all types of devices and systems.

How this will help keep you and UNB more cyber-safe: by providing you with a safe place to store and create complex, unique passwords.

Back to top

Account login history app

UNB’s login history app shows you all the recent logins to your UNB account so you can keep an eye out for suspicious logins or activity.

To access the app:

  • Faculty/staff: Go to your myUNB Portal > eServices > IT Services > Account Options > Account Login History
  • Students: Go to your myUNB Portal > eServices > Computing > Account Login History

How this helps keep your account safe: by making it easier to verify if someone other than you has accessed your account.

Back to top

Email notifications when you log in from a new geographical location

Starting May 1, you’ll receive an email notification from the IT Service Desk whenever there is a login to your UNB account from a new region, province or country (with the exception of New Brunswick – you won’t be notified traveling between our campuses).

How this helps keep your account safe: by letting you know right away when someone has accessed your UNB account from an unexpected location.

Back to top

UNB password minimum length increasing

Starting May 1, the minimum required length for UNB passwords is increasing from ten to 12 characters.

This new rule will only apply the next time you need to change or reset your password (you won’t be forced to reset on May 1).

How this helps keep your account safe: password security is largely determined by length, so a longer password will make your account more secure.

Back to top

New warning message on external email

As of Monday, April 8, the following warning message will appear at the top of all emails you receive from outside of UNB (ie: sent from external email services like Gmail):

Email warning message

Why are we doing this?

UNB faculty, staff and students are receiving a growing number of targeted, malicious emails which are becoming increasingly believable – we see evidence of researched details about UNB, our processes and reporting structures within these emails – making them very difficult to identify.

This warning message will help you recognize these malicious emails more quickly and easily by increasing your awareness and caution of emails coming from outside of UNB.

Why is this happening now?

In recent weeks, we’ve seen a rapid increase in faculty and staff acting upon spearphishing (emails requesting some type of action by the recipient) and spoofing (appearing to come from a genuine UNB email address, but isn’t actually) attempts. While this warning message was originally planned for June, we had to fast track our timeline to minimize risk to the university.

Is this message unique to UNB?

No. A growing number of institutions and businesses in Canada and around the world have already, or are in the midst of, implementing this standard warning to combat malicious attempts, including:

  • Trent University (Peterborough, ON)
  • Loyalist College (Belleville, ON)
  • Bishop’s University (Sherbrooke, PQ)
  • St. Clair College (Windsor, ON)
  • University of Guelph (Guelph, ON)
  • OCADU (Toronto)
  • Aurora College (NT)
  • Carleton University (Ottawa)
  • University of Calgary (AB)

Does the message interfere with email in any way?

No, the message does not interfere with, or block incoming emails. Its intent is to increase awareness.

What if I forward my UNB email to Gmail or another external email service?

If you use an external email service (like Gmail), the warning message will appear on all emails you send to a UNB email address. To stop this, simply begin using your UNB email account instead of an external email service.

Can we move the warning message lower in the email?

We can’t specify where the message appears other than the top or bottom of the message. Putting it at the bottom would entirely defeat its purpose.

Can it be removed from email replies, so the sender doesn’t see it?

We’re unable to do this from a system perspective, however you can delete the message when replying.

Can it be branded in a more friendly manner, perhaps with the UNB logo?

The message can say whatever is required, but logos can’t be added. The background color can be changed, though it does have to meet accessibility standards.

Can we exempt certain senders?

No. All messages sent from systems outside UNB will have the message inserted. Outside systems include groups and individuals who, for whatever reason, choose to use non-UNB supported email services, such as Gmail.

Some organizations put “EXT” as a prefix in the subject line of emails coming from outside. Can that be done?

Yes, it can. However, as we introduce the warning message to the community, the full message embedded at the top of the email has the most impact. The purpose here is to reduce the risk of tangible losses due to phishing and related threats we constantly face.

Will the message appear in all external emails going forward?

In some form, yes. ITS’s strategy is to introduce the message in its full form, then reduce the length as community members gain awareness of the risks associated with outside email. In the future we will reduce the message to a much shorter form, though it will remain prominent. We may also incorporate the ‘EXT’ subject line prefix.

Back to top