Skip Ribbon Commands
Skip to main content

Week 4 - How to protect yourself at work or school


twitter Play Hard to Get With Strangers.pngWeek 4 - How to protect yourself at work or school

Don’t take the bait: How you can spot a phish

If you're like most individuals or businesses in Canada, the Internet is an indispensable tool to succeed in today's digital economy. Getting online allows you to reach new customers and grow your business. And even if you don't have a website — or a social media account — you probably depend on the Internet for everyday business operations like banking, payroll or ordering supplies. However, being online requires being safe and secure. As an individual, small or medium business, it's easy to think that you are too small to warrant the attention of cyber criminals. In fact, cyber criminals are now actively targeting individuals and smaller businesses because they believe their computers are vulnerable. Cyber security is a shared responsibility and, depending on how your business is structured, there are likely other people — co-owners, managers or employees — who should also be familiar with the information you'll find in this guide. You do not need to be an expert to be cyber safe. But you certainly owe it to yourself and your customers to make cyber security a priority. Working with other business owners and partners across industry and government is a great way to ensure a more cyber safe future for everyone.

“Phishing” is a tech industry term for a kind of cybercrime where people try to fool other people into sending them money or revealing personal information online. The name comes from the idea of fishing: scammers send a message that acts as bait, hoping to “hook” someone.
The good news is that you have the power to throw these phish back! Let’s take a minute to talk about what you can do to avoid phishing:    

  • First, just be cautious. Remember the old warning about not talking to strangers? It goes double on the internet, since anyone can pretend to be anyone else and an email from an exciting new friend could actually be a trick. Ask your potential phisher to provide proof or explain their amazing offer in detail, and you’ll trip up an attacker really fast.

  • Second, remember not to share sensitive information through emails. Details like your passwords, credit card numbers and Social Security Number are things that no legitimate company would be asking you for in an email.


Phishing is a tactic that utilizes social engineering to tailor e-mails to individuals or groups based on their line of work, interests, or personal characteristics.  Phishing e-mails will be about a subject that is relevant to the recipient and will appear to be sent by a credible source.  Sask Polytech has developed a Phishing Learning Center to help employees and students understand different phishing techniques, what to look out for and announce the latest threats Sask Polytech has received.

Outlook Junk Email folder

The Junk email folder in Outlook is a special folder in everyone's mailbox.  Our email system automatically rates emails as they come into the system and if they meet a threshold of suspected spam/phishing attempt, the email will be moved automatically into your Junk email folder.  Always be suspicious of the emails in this folder and only move them into your Inbox if you are sure they are valid emails.

Locating the Junk folder

The Junk folder is located in everyone's mailbox.  In order to make it show up at the top of your list view, add it to your favorites list by right-clicking the Junk folder and select "Show in Favorites".

Thresholds of the Junk Email folder

Emails located in your junk email folder are automatically deleted every 30 days

Report as Junk/Phishing option in Outlook client

ITS has recently installed an add-in to everyone's Outlook client that allows you to seamlessly report emails as "Junk" or "Phishing" emails to the appropriate teams.  To send the email in your inbox for analysis to our team, from the Outlook ribbon (or by right-clicking an email), you can Select:

If Email in Inbox:
Report as Junk > Moves the email to Junk folder and lets ITS know the email is spam.
Report as Phishing > Moves the email to Junk folder and lets ITS know the email is for malicious intent.

If Email in Junk Folder:
Report as Not Junk > Will let ITS know the email is not a junk email and will move back into your Inbox.

Full documentation for the "Report as Junk/Phishing" option is located here.

As always, if you are unsure of the validity of an email, or have replied to or clicked on an unfamiliar link, please contact the Helpdesk.

​Password Guidelines

Your password is the gateway to your online identity and should be protected the same way you would protect cash in your wallet, with care and caution.  Your Sask Polytech username and password allows you access to the organizations network and shared information.  The password guidelines you must follow at Sask Polytech when choosing a password are:

Password must be a minimum of 8 characters in length and contain characters from at least 3 of the following categories

  • English uppercase characters (A-Z)
  • English lowercase characters (a-z)
  • Numbers (base 10 digits: 0-9)
  • Symbols (Ex. !, $, #, %)

Passwords must also not contain:

  • Your username or part of your name
  • Any word found in a dictionary
  • Names of family, pets, friends, co-workers, fantasy characters
  • Birthdays and other personal information such as address and phone number
  • Acronyms from any field
  • Patterns like aaabbb, qwerty, 123321

Tips on creating a password:

  • Combine 2-3 short words to create “pass phrases” to make it more memorable then add symbols or numbers within your pass phrases. Choose events that are on your mind.
  • Use something funny or unique to you.
  • Use numbers or symbols to represent the letters they are replacing
  • Use your password immediately and use it frequently; avoid changing your password on Friday or just before you leave on vacation.

Creating a Secure Password

Password Manager System at Sask Polytech:

The Sask Polytech Password Manager allows you to manage your own account.  You must be enrolled in the system to be able to reset your password or unlock your account on your own in the future. You will require a mobile device number and/or an alternate (personal) email to enrol in the system.  If you haven't already enrolled in the system, visit our enrollment site.

Once you have enrolled in the system you will be able to:

Password Manager Instruction Guide

Use this printable guide (pdf) for complete instructions that walk you through the process.