News / Calgary

Alberta government helping schools guard against cyber attacks

Following a few high profile attacks on post-secondary institutions, Alberta needs to step up its security

Alberta Advanced Education Minister Marlin Schmidt

Helen Pike / Metro / Metro Web Upload

Alberta Advanced Education Minister Marlin Schmidt

After a number of online security attacks against post-secondary institutions in Alberta, Advanced Education Minister Marlin Schmidt has sent letters asking these schools to provide updates on how they plan to prevent cyber attacks.

“We’re also giving them a conduit to coordinate their efforts and share information,” he said. “Because we’re all in this together, and the more we work together I think the better off we’ll be handling these threats.”

Schmidt feels the government’s role in online security – in relation to post-secondary institutions – is to act as more of a hub so schools can share their best practices.

Just last month, MacEwan University was defrauded $11.8-million after scammers convinced university staff to change banking information for one of their major vendors.

Last year, the University of Calgary paid out $20,000 after a ransomware attack on their systems.

“Unfortunately we’re not alone,” said Schmidt. “Cyber security is a big issue for any organization that has an IT system. We’re already working diligently to deal with the issue, but I think we recognize that we need to continue to do more.

“The people who want to do harm to us are very sophisticated. They change their tactics rapidly, and we need to be ready to respond.”

Best Practices

Most post-secondary institutions in Alberta already have their own set of guidelines.

Michael Barr, chief information officer at Mount Royal University, said the school continually reviews their cyber-security processes, especially those related to payments and banking access. That includes a system of checks and balances in their accounting department.

The University of Calgary takes these threats very seriously – with a multilayered approach focused on creating awareness among staff and faculty.

“Like most large organizations, the university experiences many phishing attacks every day,” said Linda Dalgetty, vice president of Finance and Services.

“As part of our awareness program, we launched a three-tiered phishing education program for faculty and staff earlier this year. This includes test phish emails. Our test differs from other, similar programs however, as it involves multiple levels of education.”

Dalgetty laid it out: if the first test phish email is acted upon, a pop-up alert appears informing the staff or faculty that they clicked on a test phish, and gives advice to avoid making future mistakes.

If a second test email is acted upon, a member of the IT team calls them directly to reinforce phishing education.

Finally, if a third test phishing email is acted on, a senior leader will be notified with the expectation they will follow up with the faculty or staff member to discuss phishing attacks.

In addition to preventative measures, there are also processes to remove threats from the computer systems.

It’s Schmidt’s hope that by collecting these guidelines from across the province, institutions will be able to pick and choose the best practices for themselves.

More on