SlideShare une entreprise Scribd logo

KEEP IT SAFE FINAL IT Security A6 FINAL 2 (1)

Jenine Sanchez
Jenine Sanchez

This document provides guidance to staff and students on maintaining information security at Kingston University. It covers password protection, securing devices from theft, identifying phishing emails and malware, using encryption, and safely handling data. The Service Desk is available to assist with any IT security questions or incidents.

1  sur  21
Télécharger pour lire hors ligne
KEEP IT SAFEAn Information and Technology Services guide to security for staff and students INFORMATION AND TECHNOLOGY SERVICES @KU_ServiceDesk Follow us on Twitter Contact the Service Desk on 63355 or 020 8417 3355
Contents 01 Welcome from the Vice-Chancellor and CIO 02 Help and Support 03 Password Guidance 05 Email Security 09 Physical Security 11 Virus Protection 15 Data Handling 17 Credit / Debit Card and Online Payments 18 Reporting Security Incidents INFORMATION AND TECHNOLOGY SERVICES
Welcome – From the Vice Chancellor and CIO Everyone works with digital information and whilst the benefits are enormous for education, research and administration, technology exposes us to many security risks. A failure to secure the information we store has serious implications for the University, staff and students. Breaches carry significant financial penalties, not to mention damaging the reputation of the University or individuals. We continue to invest heavily in information security but the weakest link can often be people. This booklet provides some practical advice for staff and students to help identify security risks and remain safe whilst using IT at the University or elsewhere. The University has a duty to protect the personal, sensitive and financial information processed by its IT services, and you will no doubt be keen to ensure that the work you produce during your time here is safe from theft, loss or plagiarism. If you have questions after reading this booklet you can either visit the dedicated IT Security pages on StaffSpace or MyKingston or contact the Service Desk, who will be happy to help. Julius Weinberg Vice-Chancellor 01 Simon Harrison Chief Information Officer
02 Keep IT Safe – Help and Support IT Service Desk The Service Desk offers help and support for any IT and Library related problems you may encounter throughout your time here. Support is available via the telephone, Monday to Friday between 08:00 and 18:30 by calling 020 8417 3355, or you can visit the IT Support pages at mykingston.kingston.ac.uk/mysupport/itsupport and staffspace.kingston.ac.uk/dep/it-services for online help and support. However if you are unable to login to the Service Desk Portal, please submit an online form at kusdpw.kingston.ac.uk giving us as much detail as possible about the problems you are experiencing with your computer. Follow the Service Desk on Twitter for regular IT service updates, news and support. Please also see the IT System Status on the My Kingston and StaffSpace homepages. Opening Hours Monday - Friday: 0800 - 1830 T: 020 8417 3355 W: portal.kingston.ac.uk @KU_ServiceDesk If you are concerned about a possible security incident, you should contact the Service Desk. Further information about security can also be found on My Kingston mykingston.kingston.ac.uk/mysupport/itsupport/Pages/security and StaffSpace staffspace.kingston.ac.uk/dep/it-services/Pages/Security StaffSpaceService Desk My Kingston
03 Keep IT Safe – Password Guidance Your password is crucial to protecting the security of your account. Passwords ensure that only authorised users can access the University’s IT facilities. Your password keeps your stored data and information private and secure. What is a strong password? Criminals have developed programs that automate the ability to guess your password. Someone with minimal skills and with the right tools can easily guess short or normal words. The longer and more complex your password is, the more difficult it is to deduce or guess. Password strength tips: • Use long words, or preferably phrases, that are more difficult to guess • Use at least one upper case letter and a number to make it even harder to guess • Some examples of strong passwords based on the phrase ‘day follows night’ include: • ‘Dyfllwsnght’ which has the vowels removed • ‘D2yf0ll0wsn1ght’ which has all vowels replaced by numeric characters How can I protect my password? Do • Do use a ‘strong’ password • Do change it regularly, or if you think someone else may know it • Do use different passwords for different IT services, so that if someone gains access to your password it is of limited use to them Don’t • Don’t write your password down • Don’t let anyone else know your password • Don’t let anyone see you typing it • Don’t type your password into an open-text field, such as your username
04 How do I change my password? Staff If you have forgotten your password you can change your password using the Password Changer. To use the staff email based Password Changer kusdpw.kingston.ac.uk/pass you will need to add your personal email address to the Content section of ‘Yourself’. If you have any questions please contact the Service Desk. Students If you have forgotten your password you can change your password using the Password Changer. To use the student Password Changer you should update your personal email address in ‘OSIS’. If you didn’t provide a personal email address, then you can contact the Service Desk. Yourself Password Changer
05 Keep IT Safe – Email Security Phishing Email phishing is where a legitimate looking email is sent by a fraudster in an attempt to acquire sensitive information such as usernames, passwords, credit card details, bank details or other information. It is not uncommon to receive an email claiming to be from trustworthy sources with the intention of tricking you into providing sensitive and valuable data. How to spot a phishing email • The ‘from’ address may not be a real organisation domain • Think whether you are expecting an email correspondence from the organisation • The link in the email is different from the URL specified in the mail • The subject field is a generic statement • The message contains poor spelling and grammar • Unknown or suspicious attachments Do • Do hover your mouse over links and check the sender is legitimate • Do report incidents and phishing attacks to it-security@kingston.ac.uk Don’t • Don’t open any attachments you may consider suspicious • Don’t click on links you may consider suspicious • Don’t reply to the email
06 From: Vincenzo Recupero <v.recupero@esattori.it> Sent: Mon 20/07/2015 11:07 To: Vincenzo Recupero Cc: Subject: R: Faculty and Staff Form Submission 1 2 3 4 5 6 7 8 9 10 Dear E-mail User. Your EMAIL ACCOUNT PASSWORD Expires TODAY, to UPDATE Please Click LOGON and Follow Instructions. Thanks 2015 ITS Help Desk Support Center Subject: Is too generic From: Not a Kingston University address I&TS never ask for users to provide user credentials Link: Not a Kingston University link http://facultyportalmail.tripod.com Click to follow link The example below illustrates the points previously described.
Keep IT Safe – Email Security SPAM SPAM is defined as the sending of unsolicited email to large groups of people. This will include large groups of University students and/or staff. If not necessarily malicious, SPAM can have a detrimental effect on the University’s computer network and, in some cases, can prevent important emails from reaching the intended recipient. Do • Do report large or excessive volumes of SPAM emails to it-security@kingston.ac.uk • Do look for tick-boxes that allow you to opt out of newsletters and special offers etc. Don’t • Don’t reply to SPAM emails • Don’t ‘reply all’ to University-wide emails • Don’t publish your email address on any website unless absolutely necessary, particularly on message boards and forums • Don’t give your email address to suspicious websites in order to download shareware or free programs 07
08 Reporting suspicious emails You can help us handle phishing and SPAM emails by reporting any suspicious emails. We will submit suspicious emails to the Microsoft’s junk mail service, which in turn will mean they are marked and dealt with appropriately in the future. You should report any suspicious emails to it-security@kingston.ac.uk Don’t forward the original email, attach it to a new email as follows: In your University Outlook account: 1. Create a new email 2. Click on ‘Attach Item’ (envelope and paperclip icon at the top, just to the right of centre) then select ‘Outlook Item’ and the phishing email from the list of items 3. Send to it-security@kingston.ac.uk
09 Keep IT Safe – Physical Security Laptop crime is on the rise and unattended devices are easy targets for thieves. Thieves will target computers, laptops and mobile phones in cars, coffee bars, libraries and even on public transport. Apple has a service called find my phone, which is available for users of Apple computers or phones. It is advisable to enable this feature if you can as it can help to protect or locate your devices if they are lost or stolen. Users of Windows or Linux devices can look at the https://preyproject.com/, which offers a similar service for such devices. If you have an android phone, then please go to www.lookout.com Reducing computer theft Staff computers or laptops should be secured and offices locked when unoccupied. A simple lock, cable and locked office door will deter the majority of opportunist thefts. Security locks Laptops, LCD monitors and most computers can be secured with a security lock and plastic coated steel cable. These come in a number of forms such as Kensington, the most well-known manufacturer. Variations on this theme include security plates that are bonded to two or more items and secured via a cable and lock.
10 Locking your Computer If you are office based it is important to lock your device when leaving it unattended, and to turn it off at the end of each working day. This not only protects your device and its data, but also supports the University’s green agenda by using less power. If you are using one of the desktops in the LRC, then please remember to log out. All staff laptops provided since summer 2015 now use BitLocker encryption to provide an additional level of security for sensitive information stored on laptops. Staff with older laptops who deal with sensitive information and would benefit from Bitlocker (or FileVault for Apple devices) should please contact the Service Desk. Extra care should be taken when working on systems that contain sensitive data such as student information and financial data. Data loss incidents are far more likely to occur when a user leaves their workstation logged in but not locked. You should always ensure that you save your work to the H: drive. When working in open areas such as LRCs, computer labs or teaching rooms, you should never leave a computer unattended while it is logging off. The logoff process is not immediate and can be interrupted if someone chooses to. You should always wait until you see the login screen or the computer has powered off.
11 Keep IT Safe – Virus Protection What is a Virus? A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive. When this replication succeeds, the affected areas are then said to be ‘infected’. Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user’s screen, SPAMming their contacts, logging their keystrokes, or even rendering the computer useless. What is Anti-virus? Anti-virus software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses. Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs. The detection used in these programs is reliant on the user performing regular anti-virus updates. On a University managed workstation, this update is performed automatically by the system administrators. However on personal devices such as laptops and home PCs, regular updates must be run. There are a number of free and commercially available anti-virus software packages such as AVG, ClamAV, McAfee, Norton and Kaspersky available on the market.
12 Do • Do make sure portable devices such as USB sticks are clean before transferring the data from them • Do contact the Service Desk If you experience issues Don’t • Don’t open attachments from unknown or suspicious sources • Don’t click on links within emails Malware ‘Malware’ is short for malicious software. Malware infections on your computer or other data storage devices can have a serious impact, depending on what the malware was designed to do. For example, it can: • Corrupt or make important data inaccessible; • Introduce hidden software which can detect usernames and passwords to University systems, or personal data such as bank and credit card details, and transmit them to criminals to use in fraudulent activities
13 Keep IT Safe – Virus Protection Spyware Spyware is any technology that aids in gathering information about a person or organisation without their knowledge. Spyware can get into a computer as a software virus or as a result of installing a new program, which could secretly capture your username, password, email address, banking credentials or credit card details. Usually visiting websites for free downloads, illegal software downloads, or illegal music downloads can often result in a Spyware infection. What is Anti-spyware? Anti-spyware is used to detect and remove malware and advertising software. Anti-spyware software such as ‘MalwareBytes’ can be used to remove spyware and malware. Do • Do avoid sites offering pirated software/videos and games • Do pay attention to freeware you install, much of it these days is packaged with spyware and users should be vigilant to ensure they only install what they want • Do make sure your Windows/MAC/Linux OS installation is up to date with the latest patches and updates • Do report to Service Desk and stop using immediately if you think your PC is infected with spyware Don’t • Don’t enter any personal details on websites unless the website is from a trustworthy organisation and you can verify it • Don’t open any email attachments that you are not expecting to receive. If it is a known sender, under no circumstances should you ever give out or send personal data back or follow any links unless you are absolutely sure
14 What is a Firewall? A Firewall is software or hardware that monitors incoming and outgoing traffic and restricts or allows access to and from your computer depending on your firewall settings. Make sure you keep it turned on at all times.
Keep IT Safe– Data Handling The Data Protection Act states that you are responsible and liable for any personal or sensitive data you handle, so it is essential you do so securely. This section refers mainly to the handling of information on non-University devices. My Desktop Anywhere Whenever possible, remote access to University IT services should be via My Desktop Anywhere. This service is a secure method of working with your normal KU desktop from any device anywhere in the world. My Desktop Anywhere allows you to access University software applications and securely work on sensitive, personal or financial information without the need to save anything on your local device. My Desktop Anywhere can be accessed from both My Kingston at mykingston.kingston.ac.uk/tools/Pages/My-Desktop-Anywhere and StaffSpace staffspace.kingston.ac.uk/applications/Pages/My-Desktop-Anywhere USB Memory Sticks Popular for their ease of use, USB memory sticks are used by many people across the University to store and transport files and other data to work with remotely. USB memory sticks are an insecure method of storing information, and are easily lost or misplaced. The University strongly advises against the use of USB memory sticks to hold sensitive data unless they are encrypted. Encryption can be either ‘hardware encrypted’ in which case the USB device has a small numeric keypad on it, and access to data on the device requires entry of a valid PIN, or ‘software encrypted’ requiring the entry of a valid PIN or password once the device has been inserted and recognised by a computer. Encrypted USB sticks are available widely through high street and online stores. 15
Encryption Encryption, put simply, means the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Full disk encryption ensures that everything stored on your device is encrypted. It is recommended that you consider using this facility to ensure the privacy of your data. On Windows computers you can use BitLocker, which is part of the standard Windows operating system, and the equivalent on Apple computers is FileVault. Before adopting either of these tools you should perform a full backup of your computer. Email encryption is supported by Office 365. However, the University does not offer email encryption as a standard service at this time, although it is expected that future Office 365 implementations at the University will include this. ‘Remember Me’ Many IT services require a username and password in order to identify and authenticate you. It is common for many computers to offer a ‘Remember Me’ function to avoid the need to enter these credentials every time you need to use the service. It is strongly recommended that you do not tick this option to ensure that your credentials are not stored on the computer. Email Attachments Email is an insecure communication medium. Email attachments are stored in temporary folders and will often remain there long after you have closed your email application and left the device. It is strongly recommended that information of a sensitive nature is not sent or viewed as an email attachment. Sending or Receiving Large Files Occasionally it may be necessary to transfer large files of information between the University and a third party. In such cases a secure file transfer protocol (FTP over SSL or FTPS) mechanism, or similar, should be used. If unsure, contact the Service Desk for assistance. 16
Keep IT Safe – Credit / Debit Card & Online Payments Telephone Payments When making payment over the telephone you should be careful that you are not overheard. When possible make sure that you are in a room alone, or can be certain that others are out of hearing distance. Online Payments When making payments using a website’s online payment facility, it’s important that the page you enter your details onto is using a secure connection. This ensures that your details are encrypted as they pass between your device and the supplier’s website over the internet. Always look for the padlock symbol in your web browser’s address bar, and the HTTPS:// prefix to the URL. If you are unsure or can’t easily identify it as being secure then don’t enter your details. When you do enter your details into a secure website it’s also important to make sure that nobody can see you do it. 17
Keep IT Safe – Reporting Security Incidents Remember, if your system suffers from a security incident, you should contact the Service Desk or email it-security@kingston.ac.uk 18 W portal.kingston.ac.uk NEED SUPPORT?Contact the Service Desk T 020 8417 3355 (internal)63355 OPENING HOURS Monday - Friday: 0800 - 1830 @KU_ServiceDesk Follow us on Twitter
V-01-04022016

Recommandé

The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
Gihan Dias
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
Dale Rapp
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
PKF Francis Clark
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media Training
William Mann
 
Email
EmailEmail
Email
cat509
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 

Recommandé

The Net is Dangerous
The Net is DangerousThe Net is Dangerous
The Net is Dangerous
Gihan Dias
 
Email Security Awareness
Email Security AwarenessEmail Security Awareness
Email Security Awareness
Dale Rapp
 
Breakfast Briefings - February 2018
Breakfast Briefings - February 2018Breakfast Briefings - February 2018
Breakfast Briefings - February 2018
PKF Francis Clark
 
Email &amp; Social Media Training
Email &amp; Social Media TrainingEmail &amp; Social Media Training
Email &amp; Social Media Training
William Mann
 
Email
EmailEmail
Email
cat509
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 
Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018Hiroshima University Information Security & Compliance 2018
Hiroshima University Information Security & Compliance 2018
imc-isec-comp
 
Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
FOTIM
 
Private Data and Prying Eyes
Private Data and Prying EyesPrivate Data and Prying Eyes
Private Data and Prying Eyes
Ellie Sherven
 
Avoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonAvoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax Season
Wombat Security Technologies
 
Computer Security Guide to Pc Security
Computer Security Guide to Pc SecurityComputer Security Guide to Pc Security
Computer Security Guide to Pc Security
MallTake
 
Internetsecurity
InternetsecurityInternetsecurity
Internetsecurity
Rajesh Ahuja
 
Guide to pc_security
Guide to pc_securityGuide to pc_security
Guide to pc_security
Flora Runyenje
 
[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...
Liberteks
 
Are Your Security Aware?
Are Your Security Aware?Are Your Security Aware?
Are Your Security Aware?
ITecksolutionsLLC
 
Internet safety
Internet safetyInternet safety
Internet safety
jonathancallcott-efc
 
Bonitatibus 9 4
Bonitatibus 9 4Bonitatibus 9 4
Bonitatibus 9 4
Meagan Bonitatibus
 
Fact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINALFact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINAL
Ann Warner
 
Multicore system
Multicore systemMulticore system
Multicore system
Dana dia
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
Joost Poort
 
Thiết kế shop mỹ phẩm
Thiết kế shop mỹ phẩmThiết kế shop mỹ phẩm
Thiết kế shop mỹ phẩm
noithatphangia
 
Fico scores 54 versions
Fico scores 54 versionsFico scores 54 versions
Fico scores 54 versions
Chad Melton
 
Портфоліо Рижикова
Портфоліо РижиковаПортфоліо Рижикова
Портфоліо Рижикова
John_Fikus
 
如何在技术会议上发言
如何在技术会议上发言如何在技术会议上发言
如何在技术会议上发言
思维 申
 
Word computer shop
Word computer shopWord computer shop
Word computer shop
Johana Bautista
 
LinkedIn - Social Networking Service
LinkedIn - Social Networking ServiceLinkedIn - Social Networking Service
LinkedIn - Social Networking Service
Ashir Mubeen
 
Proposal
ProposalProposal
Proposal
Kirsty98
 
Agenda brasil traduzida
Agenda brasil traduzidaAgenda brasil traduzida
Agenda brasil traduzida
Rafael Mendy
 
Multimedia
MultimediaMultimedia
Multimedia
Dana dia
 

Contenu connexe

Tendances

Tendances (9)

Mofokeng email etiquette
Mofokeng email etiquetteMofokeng email etiquette
Mofokeng email etiquette
 
Private Data and Prying Eyes
Private Data and Prying EyesPrivate Data and Prying Eyes
Private Data and Prying Eyes
 
Avoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax SeasonAvoiding IRS Scams during Tax Season
Avoiding IRS Scams during Tax Season
 
Computer Security Guide to Pc Security
Computer Security Guide to Pc SecurityComputer Security Guide to Pc Security
Computer Security Guide to Pc Security
 
Internetsecurity
InternetsecurityInternetsecurity
Internetsecurity
 
Guide to pc_security
Guide to pc_securityGuide to pc_security
Guide to pc_security
 
[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...[Albanyinfragard] infra gard albany members alliance april security tips news...
[Albanyinfragard] infra gard albany members alliance april security tips news...
 
Are Your Security Aware?
Are Your Security Aware?Are Your Security Aware?
Are Your Security Aware?
 
Internet safety
Internet safetyInternet safety
Internet safety
 

En vedette

Fact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINALFact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINAL
Ann Warner
 
Multicore system
Multicore systemMulticore system
Multicore system
Dana dia
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
Joost Poort
 
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về ganBia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
neville103
 
Jonthan Tucker's portfolio
Jonthan Tucker's portfolioJonthan Tucker's portfolio
Jonthan Tucker's portfolio
Jonathan Tucker
 

En vedette (17)

Bonitatibus 9 4
Bonitatibus 9 4Bonitatibus 9 4
Bonitatibus 9 4
 
Fact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINALFact Sheet_PoliticalAction-Aug2016-FINAL
Fact Sheet_PoliticalAction-Aug2016-FINAL
 
Multicore system
Multicore systemMulticore system
Multicore system
 
20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract20150224 Dissertation Joost Poort - Table of contents and abstract
20150224 Dissertation Joost Poort - Table of contents and abstract
 
Thiết kế shop mỹ phẩm
Thiết kế shop mỹ phẩmThiết kế shop mỹ phẩm
Thiết kế shop mỹ phẩm
 
Fico scores 54 versions
Fico scores 54 versionsFico scores 54 versions
Fico scores 54 versions
 
Портфоліо Рижикова
Портфоліо РижиковаПортфоліо Рижикова
Портфоліо Рижикова
 
如何在技术会议上发言
如何在技术会议上发言如何在技术会议上发言
如何在技术会议上发言
 
Word computer shop
Word computer shopWord computer shop
Word computer shop
 
LinkedIn - Social Networking Service
LinkedIn - Social Networking ServiceLinkedIn - Social Networking Service
LinkedIn - Social Networking Service
 
Proposal
ProposalProposal
Proposal
 
Agenda brasil traduzida
Agenda brasil traduzidaAgenda brasil traduzida
Agenda brasil traduzida
 
Multimedia
MultimediaMultimedia
Multimedia
 
2014脳卒中の緩和ケアahaasa
2014脳卒中の緩和ケアahaasa2014脳卒中の緩和ケアahaasa
2014脳卒中の緩和ケアahaasa
 
Home Repairs and Improvements News
Home Repairs and Improvements NewsHome Repairs and Improvements News
Home Repairs and Improvements News
 
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về ganBia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
Bia, rươu - 'hung thủ' gây ra các chứng bệnh về gan
 
Jonthan Tucker's portfolio
Jonthan Tucker's portfolioJonthan Tucker's portfolio
Jonthan Tucker's portfolio
 

Similaire à KEEP IT SAFE FINAL IT Security A6 FINAL 2 (1)

Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
Atlantic Training, LLC.
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
Fred Beck MBA, CPA
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
amiinaaa
 
Security is a Culture GB v 9
Security is a Culture GB v 9Security is a Culture GB v 9
Security is a Culture GB v 9
Garry Bolland
 

Similaire à KEEP IT SAFE FINAL IT Security A6 FINAL 2 (1) (20)

Cyber security training
Cyber security trainingCyber security training
Cyber security training
 
ISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptxISMS Awareness Training (2) (1).pptx
ISMS Awareness Training (2) (1).pptx
 
A Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdfA Guide to Cyber Etiquette.pdf
A Guide to Cyber Etiquette.pdf
 
Employee Technology Handbook.pdf
Employee Technology Handbook.pdfEmployee Technology Handbook.pdf
Employee Technology Handbook.pdf
 
Cybersecurity Tips For Schools - Reviewing Approaches To Keeping Students Saf...
Cybersecurity Tips For Schools - Reviewing Approaches To Keeping Students Saf...Cybersecurity Tips For Schools - Reviewing Approaches To Keeping Students Saf...
Cybersecurity Tips For Schools - Reviewing Approaches To Keeping Students Saf...
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
FHSU CITI CS Training.pptx
FHSU CITI CS Training.pptxFHSU CITI CS Training.pptx
FHSU CITI CS Training.pptx
 
IT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community CollegeIT Security Awarenesss by Northern Virginia Community College
IT Security Awarenesss by Northern Virginia Community College
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
TheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptxTheCyberThreatAndYou2_deck.pptx
TheCyberThreatAndYou2_deck.pptx
 
cybersecurity and Bullying
cybersecurity and Bullying cybersecurity and Bullying
cybersecurity and Bullying
 
General Internet Services
General Internet ServicesGeneral Internet Services
General Internet Services
 
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02Onlinesecurityrecomendations2014 141230081030-conversion-gate02
Onlinesecurityrecomendations2014 141230081030-conversion-gate02
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Cybersecurity tips for employees
Cybersecurity tips for employeesCybersecurity tips for employees
Cybersecurity tips for employees
 
Ibm vciso sunderland
Ibm vciso sunderlandIbm vciso sunderland
Ibm vciso sunderland
 
Master of Information Technology Australia
Master of Information Technology Australia Master of Information Technology Australia
Master of Information Technology Australia
 
Security is a Culture GB v 9
Security is a Culture GB v 9Security is a Culture GB v 9
Security is a Culture GB v 9
 
Chapter 8 - Safety and Security.pptx
Chapter 8 - Safety and Security.pptxChapter 8 - Safety and Security.pptx
Chapter 8 - Safety and Security.pptx
 
Identity Theft - by LINKS Technology
Identity Theft - by LINKS TechnologyIdentity Theft - by LINKS Technology
Identity Theft - by LINKS Technology
 

Plus de Jenine Sanchez

Community Safety Comms Plan (1)
Community Safety Comms Plan (1)Community Safety Comms Plan (1)
Community Safety Comms Plan (1)
Jenine Sanchez
 
FutureEnergy Amends New
FutureEnergy Amends NewFutureEnergy Amends New
FutureEnergy Amends New
Jenine Sanchez
 

Plus de Jenine Sanchez (6)

Intranet comms plan
Intranet comms planIntranet comms plan
Intranet comms plan
 
Community Safety Comms Plan (1)
Community Safety Comms Plan (1)Community Safety Comms Plan (1)
Community Safety Comms Plan (1)
 
FutureEnergy Amends New
FutureEnergy Amends NewFutureEnergy Amends New
FutureEnergy Amends New
 
Mission and Strategy
Mission and StrategyMission and Strategy
Mission and Strategy
 
tri school version
tri school versiontri school version
tri school version
 
Doc1
Doc1Doc1
Doc1
 

KEEP IT SAFE FINAL IT Security A6 FINAL 2 (1)

  • 1. KEEP IT SAFEAn Information and Technology Services guide to security for staff and students INFORMATION AND TECHNOLOGY SERVICES @KU_ServiceDesk Follow us on Twitter Contact the Service Desk on 63355 or 020 8417 3355
  • 2. Contents 01 Welcome from the Vice-Chancellor and CIO 02 Help and Support 03 Password Guidance 05 Email Security 09 Physical Security 11 Virus Protection 15 Data Handling 17 Credit / Debit Card and Online Payments 18 Reporting Security Incidents INFORMATION AND TECHNOLOGY SERVICES
  • 3. Welcome – From the Vice Chancellor and CIO Everyone works with digital information and whilst the benefits are enormous for education, research and administration, technology exposes us to many security risks. A failure to secure the information we store has serious implications for the University, staff and students. Breaches carry significant financial penalties, not to mention damaging the reputation of the University or individuals. We continue to invest heavily in information security but the weakest link can often be people. This booklet provides some practical advice for staff and students to help identify security risks and remain safe whilst using IT at the University or elsewhere. The University has a duty to protect the personal, sensitive and financial information processed by its IT services, and you will no doubt be keen to ensure that the work you produce during your time here is safe from theft, loss or plagiarism. If you have questions after reading this booklet you can either visit the dedicated IT Security pages on StaffSpace or MyKingston or contact the Service Desk, who will be happy to help. Julius Weinberg Vice-Chancellor 01 Simon Harrison Chief Information Officer
  • 4. 02 Keep IT Safe – Help and Support IT Service Desk The Service Desk offers help and support for any IT and Library related problems you may encounter throughout your time here. Support is available via the telephone, Monday to Friday between 08:00 and 18:30 by calling 020 8417 3355, or you can visit the IT Support pages at mykingston.kingston.ac.uk/mysupport/itsupport and staffspace.kingston.ac.uk/dep/it-services for online help and support. However if you are unable to login to the Service Desk Portal, please submit an online form at kusdpw.kingston.ac.uk giving us as much detail as possible about the problems you are experiencing with your computer. Follow the Service Desk on Twitter for regular IT service updates, news and support. Please also see the IT System Status on the My Kingston and StaffSpace homepages. Opening Hours Monday - Friday: 0800 - 1830 T: 020 8417 3355 W: portal.kingston.ac.uk @KU_ServiceDesk If you are concerned about a possible security incident, you should contact the Service Desk. Further information about security can also be found on My Kingston mykingston.kingston.ac.uk/mysupport/itsupport/Pages/security and StaffSpace staffspace.kingston.ac.uk/dep/it-services/Pages/Security StaffSpaceService Desk My Kingston
  • 5. 03 Keep IT Safe – Password Guidance Your password is crucial to protecting the security of your account. Passwords ensure that only authorised users can access the University’s IT facilities. Your password keeps your stored data and information private and secure. What is a strong password? Criminals have developed programs that automate the ability to guess your password. Someone with minimal skills and with the right tools can easily guess short or normal words. The longer and more complex your password is, the more difficult it is to deduce or guess. Password strength tips: • Use long words, or preferably phrases, that are more difficult to guess • Use at least one upper case letter and a number to make it even harder to guess • Some examples of strong passwords based on the phrase ‘day follows night’ include: • ‘Dyfllwsnght’ which has the vowels removed • ‘D2yf0ll0wsn1ght’ which has all vowels replaced by numeric characters How can I protect my password? Do • Do use a ‘strong’ password • Do change it regularly, or if you think someone else may know it • Do use different passwords for different IT services, so that if someone gains access to your password it is of limited use to them Don’t • Don’t write your password down • Don’t let anyone else know your password • Don’t let anyone see you typing it • Don’t type your password into an open-text field, such as your username
  • 6. 04 How do I change my password? Staff If you have forgotten your password you can change your password using the Password Changer. To use the staff email based Password Changer kusdpw.kingston.ac.uk/pass you will need to add your personal email address to the Content section of ‘Yourself’. If you have any questions please contact the Service Desk. Students If you have forgotten your password you can change your password using the Password Changer. To use the student Password Changer you should update your personal email address in ‘OSIS’. If you didn’t provide a personal email address, then you can contact the Service Desk. Yourself Password Changer
  • 7. 05 Keep IT Safe – Email Security Phishing Email phishing is where a legitimate looking email is sent by a fraudster in an attempt to acquire sensitive information such as usernames, passwords, credit card details, bank details or other information. It is not uncommon to receive an email claiming to be from trustworthy sources with the intention of tricking you into providing sensitive and valuable data. How to spot a phishing email • The ‘from’ address may not be a real organisation domain • Think whether you are expecting an email correspondence from the organisation • The link in the email is different from the URL specified in the mail • The subject field is a generic statement • The message contains poor spelling and grammar • Unknown or suspicious attachments Do • Do hover your mouse over links and check the sender is legitimate • Do report incidents and phishing attacks to it-security@kingston.ac.uk Don’t • Don’t open any attachments you may consider suspicious • Don’t click on links you may consider suspicious • Don’t reply to the email
  • 8. 06 From: Vincenzo Recupero <v.recupero@esattori.it> Sent: Mon 20/07/2015 11:07 To: Vincenzo Recupero Cc: Subject: R: Faculty and Staff Form Submission 1 2 3 4 5 6 7 8 9 10 Dear E-mail User. Your EMAIL ACCOUNT PASSWORD Expires TODAY, to UPDATE Please Click LOGON and Follow Instructions. Thanks 2015 ITS Help Desk Support Center Subject: Is too generic From: Not a Kingston University address I&TS never ask for users to provide user credentials Link: Not a Kingston University link http://facultyportalmail.tripod.com Click to follow link The example below illustrates the points previously described.
  • 9. Keep IT Safe – Email Security SPAM SPAM is defined as the sending of unsolicited email to large groups of people. This will include large groups of University students and/or staff. If not necessarily malicious, SPAM can have a detrimental effect on the University’s computer network and, in some cases, can prevent important emails from reaching the intended recipient. Do • Do report large or excessive volumes of SPAM emails to it-security@kingston.ac.uk • Do look for tick-boxes that allow you to opt out of newsletters and special offers etc. Don’t • Don’t reply to SPAM emails • Don’t ‘reply all’ to University-wide emails • Don’t publish your email address on any website unless absolutely necessary, particularly on message boards and forums • Don’t give your email address to suspicious websites in order to download shareware or free programs 07
  • 10. 08 Reporting suspicious emails You can help us handle phishing and SPAM emails by reporting any suspicious emails. We will submit suspicious emails to the Microsoft’s junk mail service, which in turn will mean they are marked and dealt with appropriately in the future. You should report any suspicious emails to it-security@kingston.ac.uk Don’t forward the original email, attach it to a new email as follows: In your University Outlook account: 1. Create a new email 2. Click on ‘Attach Item’ (envelope and paperclip icon at the top, just to the right of centre) then select ‘Outlook Item’ and the phishing email from the list of items 3. Send to it-security@kingston.ac.uk
  • 11. 09 Keep IT Safe – Physical Security Laptop crime is on the rise and unattended devices are easy targets for thieves. Thieves will target computers, laptops and mobile phones in cars, coffee bars, libraries and even on public transport. Apple has a service called find my phone, which is available for users of Apple computers or phones. It is advisable to enable this feature if you can as it can help to protect or locate your devices if they are lost or stolen. Users of Windows or Linux devices can look at the https://preyproject.com/, which offers a similar service for such devices. If you have an android phone, then please go to www.lookout.com Reducing computer theft Staff computers or laptops should be secured and offices locked when unoccupied. A simple lock, cable and locked office door will deter the majority of opportunist thefts. Security locks Laptops, LCD monitors and most computers can be secured with a security lock and plastic coated steel cable. These come in a number of forms such as Kensington, the most well-known manufacturer. Variations on this theme include security plates that are bonded to two or more items and secured via a cable and lock.
  • 12. 10 Locking your Computer If you are office based it is important to lock your device when leaving it unattended, and to turn it off at the end of each working day. This not only protects your device and its data, but also supports the University’s green agenda by using less power. If you are using one of the desktops in the LRC, then please remember to log out. All staff laptops provided since summer 2015 now use BitLocker encryption to provide an additional level of security for sensitive information stored on laptops. Staff with older laptops who deal with sensitive information and would benefit from Bitlocker (or FileVault for Apple devices) should please contact the Service Desk. Extra care should be taken when working on systems that contain sensitive data such as student information and financial data. Data loss incidents are far more likely to occur when a user leaves their workstation logged in but not locked. You should always ensure that you save your work to the H: drive. When working in open areas such as LRCs, computer labs or teaching rooms, you should never leave a computer unattended while it is logging off. The logoff process is not immediate and can be interrupted if someone chooses to. You should always wait until you see the login screen or the computer has powered off.
  • 13. 11 Keep IT Safe – Virus Protection What is a Virus? A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computer programs, data files, or the boot sector of the hard drive. When this replication succeeds, the affected areas are then said to be ‘infected’. Viruses often perform some type of harmful activity on infected hosts, such as stealing hard disk space or CPU time, accessing private information, corrupting data, displaying political or humorous messages on the user’s screen, SPAMming their contacts, logging their keystrokes, or even rendering the computer useless. What is Anti-virus? Anti-virus software is used to safeguard a computer from malware, including viruses, computer worms, and Trojan horses. Antivirus software may also remove or prevent spyware and adware, along with other forms of malicious programs. The detection used in these programs is reliant on the user performing regular anti-virus updates. On a University managed workstation, this update is performed automatically by the system administrators. However on personal devices such as laptops and home PCs, regular updates must be run. There are a number of free and commercially available anti-virus software packages such as AVG, ClamAV, McAfee, Norton and Kaspersky available on the market.
  • 14. 12 Do • Do make sure portable devices such as USB sticks are clean before transferring the data from them • Do contact the Service Desk If you experience issues Don’t • Don’t open attachments from unknown or suspicious sources • Don’t click on links within emails Malware ‘Malware’ is short for malicious software. Malware infections on your computer or other data storage devices can have a serious impact, depending on what the malware was designed to do. For example, it can: • Corrupt or make important data inaccessible; • Introduce hidden software which can detect usernames and passwords to University systems, or personal data such as bank and credit card details, and transmit them to criminals to use in fraudulent activities
  • 15. 13 Keep IT Safe – Virus Protection Spyware Spyware is any technology that aids in gathering information about a person or organisation without their knowledge. Spyware can get into a computer as a software virus or as a result of installing a new program, which could secretly capture your username, password, email address, banking credentials or credit card details. Usually visiting websites for free downloads, illegal software downloads, or illegal music downloads can often result in a Spyware infection. What is Anti-spyware? Anti-spyware is used to detect and remove malware and advertising software. Anti-spyware software such as ‘MalwareBytes’ can be used to remove spyware and malware. Do • Do avoid sites offering pirated software/videos and games • Do pay attention to freeware you install, much of it these days is packaged with spyware and users should be vigilant to ensure they only install what they want • Do make sure your Windows/MAC/Linux OS installation is up to date with the latest patches and updates • Do report to Service Desk and stop using immediately if you think your PC is infected with spyware Don’t • Don’t enter any personal details on websites unless the website is from a trustworthy organisation and you can verify it • Don’t open any email attachments that you are not expecting to receive. If it is a known sender, under no circumstances should you ever give out or send personal data back or follow any links unless you are absolutely sure
  • 16. 14 What is a Firewall? A Firewall is software or hardware that monitors incoming and outgoing traffic and restricts or allows access to and from your computer depending on your firewall settings. Make sure you keep it turned on at all times.
  • 17. Keep IT Safe– Data Handling The Data Protection Act states that you are responsible and liable for any personal or sensitive data you handle, so it is essential you do so securely. This section refers mainly to the handling of information on non-University devices. My Desktop Anywhere Whenever possible, remote access to University IT services should be via My Desktop Anywhere. This service is a secure method of working with your normal KU desktop from any device anywhere in the world. My Desktop Anywhere allows you to access University software applications and securely work on sensitive, personal or financial information without the need to save anything on your local device. My Desktop Anywhere can be accessed from both My Kingston at mykingston.kingston.ac.uk/tools/Pages/My-Desktop-Anywhere and StaffSpace staffspace.kingston.ac.uk/applications/Pages/My-Desktop-Anywhere USB Memory Sticks Popular for their ease of use, USB memory sticks are used by many people across the University to store and transport files and other data to work with remotely. USB memory sticks are an insecure method of storing information, and are easily lost or misplaced. The University strongly advises against the use of USB memory sticks to hold sensitive data unless they are encrypted. Encryption can be either ‘hardware encrypted’ in which case the USB device has a small numeric keypad on it, and access to data on the device requires entry of a valid PIN, or ‘software encrypted’ requiring the entry of a valid PIN or password once the device has been inserted and recognised by a computer. Encrypted USB sticks are available widely through high street and online stores. 15
  • 18. Encryption Encryption, put simply, means the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Full disk encryption ensures that everything stored on your device is encrypted. It is recommended that you consider using this facility to ensure the privacy of your data. On Windows computers you can use BitLocker, which is part of the standard Windows operating system, and the equivalent on Apple computers is FileVault. Before adopting either of these tools you should perform a full backup of your computer. Email encryption is supported by Office 365. However, the University does not offer email encryption as a standard service at this time, although it is expected that future Office 365 implementations at the University will include this. ‘Remember Me’ Many IT services require a username and password in order to identify and authenticate you. It is common for many computers to offer a ‘Remember Me’ function to avoid the need to enter these credentials every time you need to use the service. It is strongly recommended that you do not tick this option to ensure that your credentials are not stored on the computer. Email Attachments Email is an insecure communication medium. Email attachments are stored in temporary folders and will often remain there long after you have closed your email application and left the device. It is strongly recommended that information of a sensitive nature is not sent or viewed as an email attachment. Sending or Receiving Large Files Occasionally it may be necessary to transfer large files of information between the University and a third party. In such cases a secure file transfer protocol (FTP over SSL or FTPS) mechanism, or similar, should be used. If unsure, contact the Service Desk for assistance. 16
  • 19. Keep IT Safe – Credit / Debit Card & Online Payments Telephone Payments When making payment over the telephone you should be careful that you are not overheard. When possible make sure that you are in a room alone, or can be certain that others are out of hearing distance. Online Payments When making payments using a website’s online payment facility, it’s important that the page you enter your details onto is using a secure connection. This ensures that your details are encrypted as they pass between your device and the supplier’s website over the internet. Always look for the padlock symbol in your web browser’s address bar, and the HTTPS:// prefix to the URL. If you are unsure or can’t easily identify it as being secure then don’t enter your details. When you do enter your details into a secure website it’s also important to make sure that nobody can see you do it. 17
  • 20. Keep IT Safe – Reporting Security Incidents Remember, if your system suffers from a security incident, you should contact the Service Desk or email it-security@kingston.ac.uk 18 W portal.kingston.ac.uk NEED SUPPORT?Contact the Service Desk T 020 8417 3355 (internal)63355 OPENING HOURS Monday - Friday: 0800 - 1830 @KU_ServiceDesk Follow us on Twitter