Meet the expert: let’s talk cybersecurity with Andrew Mathenge

Posted for Retired Members, January 11, 2019

Andrew Mathenge is the Director of Information Technology at the CAAT Pension Plan. An important part of Andrew’s responsibilities is cybersecurity – the protection of information within computer systems, networks and programs.

Andrew talks about the importance of cybersecurity at the CAAT Pension Plan and at home.

Why is cybersecurity important at the CAAT Pension Plan?

We are custodians of personal information that is needed to administer our members’ pensions. Securing this information is of paramount importance. To do this, we provide security training to staff, specifically around email phishing, which is a form of fraud. In a phishing attack, the attacker sends an email that pretends to be from a reputable organization, such as a bank, in order to gain an individual’s trust. The attacker wants to trick the individual into either giving personal information, or clicking a link which introduces malicious software onto their computer. Since email is the most common method for cyberattacks, we are security conscious when using email.

Why is cybersecurity important at home?

For similar reasons to its importance at the CAAT Pension Plan – you need to make sure that your online transactions, such as banking and shopping, remain secure. It’s also important that your personal information from any transactions remain confidential and can’t be stolen through a website or phishing email.

What is your number one rule about making sure online information is secure?

There’s really no one solution, but it’s important to be prudent, educate yourself, and be suspicious of most emails and websites. Know what to look for: check emails for authentic email addresses, and don’t reply or click links in an email if the address is suspicious, or you don’t know the sender. Never, ever give out any personal information over email unless you are sure you know the sender or organization who made the request.

Most reputable companies will never ask for your personal information out of nowhere. Governments also never send emails asking for information, and they never send emails with links to click for more information.

Cybersecurity tips

  Here are a few useful tips to help you keep your personal information secure:

  • Be suspicious of emails you receive if you don’t know the sender. If you receive an email from an organization that makes you question why they are contacting you, you can always call the company to ask if the email is safe.
  • Use caution when sharing personal information online. It’s OK to provide information to a trusted organization through their secure website.
  • Always use a strong password. Eight letters are not enough – use a mix of letters, numbers and symbols, and use different passwords for different accounts. Some websites even offer two-factor authentication, which provides an extra layer of security by requesting not only a password and username, but also a piece of evidence that only the user has. While it may take slightly longer to login and use the services offered on the website, the additional security makes it safer for users. 
  • Never send your social insurance number by email. Reputable companies never ask for this information over email.

 

Secure communications with the Plan

The security of your personal information is important to us. There are a number of ways that the CAAT Plan ensures your information is always secure. If you email us with a personal question, you will be required to verify your identity first through our authentication protocols, like confirming your member ID. If we need to send you any confidential documents online, it will always be through our secure transfer site, S-Doc. These protocols ensure we keep your information confidential. As a retired member, you receive your pension-related information by mail.

If you are suspicious of an email coming from the CAAT Pension Plan, please contact member services at 416-673-9000 to verify the authenticity of the email.