Digital Competency Series: Defining Cyber Security Vigilance (DDN2-A56)

Digital Competency Series: Defining Cyber Security Vigilance

Developing a diverse set of digital skills is essential for both personal and professional development in today's technology-driven world. The Government of Canada has developed a framework of six key digital competencies (accessible only on the Government of Canada network) to guide team and personal development: digital literacy, continuous improvement, information and data stewardship, digital responsibility, cyber security vigilance, and inclusive interactions. This series of six articles will cover each of these competencies, giving you valuable insights and practical strategies to help you develop these essential skills so you can navigate the digital landscape with confidence and contribute effectively to an increasingly connected environment.

This series was developed in collaboration with the Office of the Chief Information Officer to ensure alignment with current digital priorities and practices.

What is cyber security vigilance?

Cyber security vigilance means taking personal responsibility for safeguarding data, information and systems in your work environment by consistently using cyber security best practices and departmental standards.

It requires developing critical skills in recognizing potential threats, securing devices, networks, and sensitive information, and reporting incidents promptly. It includes staying alert to cyber risks such as phishing attempts, data breaches, and malware, as well as maintaining good security hygiene through safe online practices and regular system updates.

Why cyber security vigilance matters?

In today's fast-paced, interconnected world, cyber security is more important than ever. The Government of Canada relies on digital technology to provide vital services to people in Canada—from healthcare and education to transportation and public safety. As an employee, you are on the frontlines, acting as the first line of defence against cyber threats.

Your vigilance is key to safeguarding sensitive information, ensuring the confidentiality of personal data, and keeping government systems running smoothly without interruptions. By staying alert, following best practices, and being proactive about security, you don't just protect systems—you help maintain public trust in the services we provide. Every action you take has a direct impact on the security of our operations and the safety of the people we serve.

Your role in cyber security

As a Government of Canada employee, you hold a key responsibility in protecting sensitive information and preserving public trust. Every action you take plays a crucial role in securing our systems and ensuring they remain safe from cyber threats.

By following best practices, you can:

• prevent unauthorized access to government systems
• reduce the risk and impact of cyber threats
• foster a culture of security and awareness

Remember, cyber security isn't a one-person job—it's a collective effort. Together, we can strengthen our defenses and create a safer environment for all. Here are some simple yet powerful ways you can contribute.

Passphrases, your first line of defence

Using strong, unique passphrases is one of the simplest and most effective ways to secure your accounts. Passphrases are longer and more complex than traditional passwords, making them harder to guess. Avoid reusing passphrases to reduce the risk of stolen credentials being used to access multiple accounts.

Tips for creating strong passphrases:

• Combine letters, numbers, and special characters.
• Use phrases that are easy to remember but hard to guess.
• Consider using a passphrase manager to securely store your passphrases.

An example of a strong passphrase would be MyS3cure#P@ssphr@se.

Multi-factor authentication

Multi-factor authentication (MFA) requires two or more verification methods and adds an extra layer of security. Even if an attacker obtains your passphrase, MFA can block unauthorized access. Enable MFA on all work-related and personal accounts where available.

Take steps to recognize and protect against social engineering

Social engineering is a manipulation technique that exploits human psychology to trick people into revealing confidential information. Attackers may use phishing emails, phone calls, or in-person deception to steal data or gain unauthorized access.

To counter these threats:

• Verify the identity of individuals requesting information.
• Limit the personal and organizational details you share online.
• Report suspicious interactions to your IT team immediately.

Recognizing phishing attempts

Phishing emails are designed to steal sensitive information by appearing to come from trusted sources. They often include malicious links or attachments.

To protect yourself:

• Avoid clicking on suspicious links or attachments.
• Hover over hyperlinks to verify their destination.
• Check the sender's email address for authenticity.
• Report suspected phishing emails to IT staff or your supervisor.

Protecting your digital identity

Your digital identity is valuable and must be safeguarded. Identity theft can lead to financial and reputational harm.

To protect your identity:

• Use strong passphrases and enable multi-factor authentication.
• Monitor online accounts for unauthorized activity.
• Be cautious when sharing personal information on social media.

Mitigating accidental and malicious insider threats

Insider threats can be accidental or malicious. Accidental threats occur due to carelessness or lack of awareness, while malicious threats involve deliberate actions to harm the organization.

To mitigate insider threats:

• Handle IT assets and sensitive information responsibly.
• Recognize unusual behaviour or access requests.
• Report concerns promptly to your security team.
• Keep software and devices, including cellphones, up to date.

Being aware of the human factor in cyber security

While technology plays a key role in protecting systems, the human factor is often the most vulnerable link in the chain. Cyber threat actors frequently exploit human error to gain access to sensitive information or systems. Whether it's clicking on a suspicious link, using weak passwords, or failing to recognize a phishing attempt, these seemingly small mistakes can have serious consequences.

The good news is, staying alert and proactive can make all the difference. By being mindful of potential threats and following best practices, you can significantly reduce the risks of a breach.

Staying secure while working remotely

Remote work introduces unique security challenges. Follow these tips to stay secure:

• Use a secure network and VPN.
• Lock devices when not in use.
• Avoid working in public spaces, such as a coffee shop. Work in a safe and secure location approved by your employer, such as your home.
• Avoid using public Wi-Fi on work devices.
• Reboot your router and devices at least once per week to get rid of some forms of malware and allow for necessary updates.

Common myths and misconceptions

Misunderstandings about cyber security can lead to vulnerabilities and a false sense of security. Let's debunk some of the most common myths to ensure you stay informed and vigilant.

Be cyber ready!

In today's fast-paced digital world, staying informed about cyber security isn't just a choice—it's a necessity. When we think about the consequences of cyber attacks, it becomes clear just how much is at stake. For the Government of Canada, a breach can disrupt vital services, expose sensitive data, and cost millions to recover from the damage. For individuals, it's not just about protecting passwords—it's about safeguarding personal information from financial loss and reputational harm. And when it comes to the public, a widespread attack can cause chaos, affecting everything from daily life to the economy.

That's why staying cyber-ready is so important. By keeping up with the latest training and security practices, you're not just protecting yourself—you're helping to protect those around you. So, share what you learn with colleagues, friends, and family. The more we know, the stronger our community becomes. Together, we can build a safer, more secure online world for everyone.

Resources to stay safe

The Government of Canada provides resources to help employees enhance their security awareness:

• Visit GetCyberSafe.gc.ca for tips and tools.
• For training, visit the Canada School of Public Service's learning catalogue.
• Access guidance from the Canadian Centre for Cyber Security.
• Contact your organization's IT staff for assistance with security concerns.

Cyber security training is now mandatory for all employees within the core public administration. Learners must complete Discover Cyber Security (DDN235) as a prerequisite before registering for the recommended revalidation product, Cyber Security Quest (DDN247). Learners will receive a certificate of completion after successfully completing either course.

By staying informed and vigilant, you contribute to a safer digital environment for all.

By staying informed and vigilant, you contribute to a safer digital environment for all.

---

Resources

• Article | Cyber Security in the Public Service (DDN2-A39)
• Article | Safeguarding Hardware Devices and Data (DDN2-A46)
• Article | Using encryption to keep your sensitive data secure
• Article | Cyber Security Tips to Protect Yourself (DDN2-A06)
• Article | Outsmarting Social Engineering (DDN2-A29)
• Article | Level Up Your Cyber Security Skills: Staying Ahead of Evolving Threats (DDN2-A19)
• Article | How updates secure your device
• Website | Report a cyber incident: Individuals - Canadian Centre for Cyber Security

Learn more

• Read more articles

Stay connected

• Subscribe to the CSPS Digital Academy Newsletter
• Discover resources from the CSPS Digital Academy on GCXchange
• Email the CSPS Digital Academy