It’s always a good idea to keep informed on the top information security tips for anyone at Plymouth University. Take a look, it’s always worth refreshing your knowledge.
The Information Security Mantra:
If in any doubt, ask!
Practice good computer hygiene
- Always run anti-virus software on your computer and make sure to run regular scans, keeping the definitions up to date.
- Always make sure your computer is up-to-date with the latest Operating System updates and application patches.
- Don’t disable the firewall on corporate devices; ensure non-fleet systems have a firewall enabled.
- Ignore websites, emails or telephone calls which claim your computer is infected or compromised in some way. Particularly if they offer to fix it.
- Only install software from trusted sources. Even if you believe the application to be legitimate make sure the source of the download is trustworthy, to ensure no nasties accompany it on to your computer.
Identity
- Always use unique, strong passwords and keep them completely secret. Never write passwords down.
- Never share your password with anyone; technical support staff will never require it. Never use the same password for multiple systems, or store your password in a browser or application. No one else will ever need, or should be provided with your credentials. Your computing account is issued to you and you are responsible for any actions undertaken with your Plymouth University identity.
- Only log in across the Internet via a secure connection (look for the padlock symbol in your browser)
- Never pass on details about yourself to anyone you do not know (eg through social networking sites like Facebook)
- Never use the ‘remember my password’ feature – many of the applications that offer to do this do not secure your credentials.
- When providing answers to security questions provide false answers that you can remember. Security questions are a route to reset your password and are as important to secure as your password. Details such as ‘mothers maiden name’ are a matter of public record and don’t provide any security for your account.
Computers and Mobile Devices
- Always use a locking screen saver on your computer and lock the desktop when leaving the machine unattended, even for brief periods. On Windows systems you can lock your computer immediately by pressing Win+L.
- Mobile devices, whether personal or University issued that store or access corporate data should be secured with a passcode. Touch-screen pattern locks can be easily circumvented due to the lines left on the screen by your fingertip.
- Never leave your computer unsecured, laptops are provided with a kensington lock to secure it to the desk.
- Never connect to untrusted networks. It’s quite common for ‘free’ wireless networks to intercept and harvest your data for malicious purposes. If the service isn’t properly secured your computer may be exposed to other less well-maintained and potentially infected PCs.
Data
- Always treat University information as you would wish your details to be handled by your bank, government departments, etc.
- Always store data centrally, on file servers, SharePoint or in U: drives. Data held locally isn’t protected and is at risk from loss and theft.
- If handling sensitive data, keep it protected. Don’t download files that contain sensitive data unnecessarily, even if you intend to delete after use. Encryption is available on PlymDesk devices that routinely handle sensitive data.
- Think twice before emailing sensitive content, email is more like a postcard than a letter. Share files via network drives or SharePoint over sending as attachments.
- Never keep personal or confidential information on portable equipment (eg USB memory sticks or laptops) unless protected against unauthorised access
- Never share or borrow storage. Even if you’ve deleted a document, which contains sensitive data, the file can likely be recovered. Removable storage devices are a large source of malicious software.
- Never send your password in reply to an email.
- Configure your out of office notification to only respond to people in your address book and organisation. This prevents spammers and untrusted third parties from gaining contact details from other people within your organisation.
- Never open unknown or unexpected links or attachments in emails, even if you know the source. There’s no guarantee they were sent knowingly and a high chance the content is malicious.