For week three of Cyber Security Awareness Month, we highlight that cyber security isn’t only a technical issue — it’s a cultural one.

As universities expand their digital footprints, building shared awareness and accountability has never been more important. Every member of the U of T community, including faculty, staff and students, contributes to protecting data, maintaining trust and ensuring that technology supports teaching, learning and discovery.

“The human element of technology and information security is important,” says Rouben Tchakhmakhtchian, manager of the Information Security Program in the Faculty of Applied Science and Engineering. “It’s a collective effort and a shared responsibility.”

Protecting information in a university setting can be complex, with open networks, global partnerships, and diverse technological needs. That’s why a strong security culture starts with awareness — understanding how small everyday actions can prevent incidents and reduce risk.

Embedding security into daily routines helps create an environment where information flows freely and safely. It’s not about restriction but about empowerment and care. For researchers, that means protecting datasets and managing permissions carefully. For staff, it means configuring systems securely and managing records responsibly. For students, it means developing digital literacy and recognizing how personal choices from password reuse to sharing information online can affect the wider community.

At U of T, information security is a shared responsibility across departments and divisions. The Information Security and Protection of Digital Assets Policy provides the framework but people bring it to life. A culture of security grows when community members feel informed, supported and confident in taking action — whether by asking questions, reporting suspicious messages or sharing good practices within their teams.

“Culture changes when people feel ownership,” says Romel Sargezi, senior information security analyst. “When security becomes part of how we work, that’s when we see real progress.”

Throughout October, U of T’s Information Security team is sharing stories and resources that highlight how collective action strengthens cyber resilience. From understanding new threats to adopting privacy-by-design principles, the goal is to keep security a shared and ongoing conversation.

• Staying informed about current cyber threats.
• Taking time to verify messages and sources before responding.
• Respecting privacy when handling university or personal data.
• Encouraging peers to follow good security practices.

Each of these actions, no matter how small, helps protect the trust that allows U of T to learn, collaborate and innovate safely.

Technology continues to evolve and so do the challenges that come with it. But at the heart of cyber security is care — for our community, for one another’s privacy and for the future we’re building together.