Action required: Minimum cybersecurity controls for personal and university devices and services

To: All employees

In response to increased cybersecurity attacks and the risks resulting from thousands of employees working from home, the university’s executive team has mandated a set of minimum cybersecurity controls to be universally implemented by employees.

What are the requirements of minimum cybersecurity controls?

The minimum cybersecurity controls require all employees to:

• Install and regularly update antimalware and endpoint detection and response software; and enable encryption on personal computers and mobile devices you use to access, process or store sensitive university data.

If you manage online services or servers, you will also be required to:

• Configure online campus and cloud services for use with two-factor authentication and the university’s virtual private network (VPN).
• Regularly maintain servers with security patching; install antimalware and endpoint detection and response software; and conduct vulnerability scanning.

A full explanation and guidance on installing or implementing security software is available on the How to Set Up Minimum Cybersecurity Controls for Employees page.

When will cybersecurity controls need to be in place?

While a target compliance date has been set for May 1, 2022, all employees are urged to enable the minimum cybersecurity controls to secure their devices as soon as possible.

Questions?

For more information, please visit the Cybersecurity Policies, Procedures & Guidelines page. If you have further questions, please contact the Computing and Communications Services (CCS) Help Desk via the IT Help portal, help@torontomu.ca or 416-979-5000, ext. 556806.