Information Services

Data Security - Protecting Our Information

Information Security

 The business of the University depends heavily on computerised information systems, in particular:

  • Data which is often sensitive and must be protected from loss, corruption and unauthorised access
  • Re-entry of lost data can be painstaking and very time consuming 
  • Loss of data can impact upon deadlines and can have wide ranging implications - including breach of legal requirements
  • Electronic records are increasingly becoming the only source of original data

For latest information on internet security Get Safe Online [External Website]

It is important that you read Data and Information Security Policies and Acceptable Use Guidance

Protecting Your Devices

For information on Ransomware please see Protecting Against Ransomware Attacks

Protecting Your PC at Work

Key steps in protecting your PC

  1. Apply new Windows Updates as released by Microsoft 
  2. Install and maintain an up-to-date version of Symantec Anti-Virus (SAV) software on your PC
  3. Save your work to the network Q: drive
  4. Lock your computer when you leave your desk 

The above steps should be automated and once set up correctly your PC should not represent a threat to others. If you have problems updating Windows or Symantec AntiVirus (SAV) then please contact the IT Service Desk for further advice.

Viruses may be spread by email attachments or by files introduced into the campus.  In particular files held on removable media (e.g. USB ) or files downloaded from the internet.  As well as protecting your PCs (at work and at home) from viruses you should exercise caution when opening email attachments.  For more on emails refer to the Phishing section

Note: You should only ever load files onto your PC if you have a properly configured and up-to-date version of SAV running.  

Protecting Work PCs With Anti-Virus Software: The University provides a copy of Symantec Anti-Virus for every PC and Apple Mackintosh Desktop.  See Installing and Configuring Symantec Anti-Virus (pdf file - 3 pages).

Lock your computer: For Windows devices use Ctrl + Alt + Del and select lock this computer. For Apple Mackintosh desktops use Ctrl + Shift + Eject.

Note: You will require Adobe Acrobat Reader on your computer to download pdf files.  This software can be downloaded from the Adobe website

Protecting Your PC at Home

The three key steps in protecting your PC at home are:

  1. Applying new Windows Updates released by Microsoft
  2. Keeping up-to-date Anti-Virus Software on your PC
  3. Using an appropriate Home Firewall Product

If you do not take these measures then your home PC is potentially a serious risk to others.

GetSafe Online is a government initiative intended to provide home users with easy-to-understand advice on protecting home computers and phones from malicious attack. For more information visit the GetSafe Online website.

Windows Update: Windows Update is a facility to keep your Windows operating system up to date and help to protect your PC from viruses.  If you have Windows use Automatic Updates to obtain the latest updates as they are released by Microsoft and have them installed at a pre-set time.    

Protecting Home PCs with Anti-Virus Software: Staff at Queen’s University are entitled to a copy of Symantec Anti-Virus (SAV) for home use.  SAV CDs are available from the IT Service Desk in the McClay Library.  Installation is a simple process and full instructions are contained on the CD.   (Please note that different versions of the SAV CD are available for home and office use – please ensure that you have the correct version).

If you are not entitled to a home copy of SAV then there are a number of free software packages available.  Information Services has evaluated a number of free of charge software packages and recommend Microsoft Security Essentials. Students working on home PCs are advised to install one of these products.

Important Note: If you use a PC off campus and suspect that the PC has become infected then you should not under any circumstances transfer files between that PC and any University PCs until the virus has been removed.

Firewall for Home Use: Staff and students working from home are advised to protect their PCs using an appropriate home firewall product.  These products allow users to determine which traffic to allow to reach their PCs and are usually quite easy to install and configure. Information Services recommend Microsoft Security Essentials.

Note: You will require Adobe Acrobat Reader on your computer to download pdf files.  This software can be downloaded from the Adobe website

 

Protecting Your Mobile Device

If you use your own device, such as a smartphone or tablet computer to connect to the University network or to access University systems such as email you must adhere to the Computer Resources – Acceptable Use Policy. You should also follow the 4 steps below to protect both University Data and your own Personal Data.

  • PROTECT your device with a password or pin number of at least 4 characters
  • CHECK – before you download an app, is it from a reliable source e.g. iStore, Google Play, Amazon App Store. With Android devices ensure the Verify Apps security feature is running
  • INSTALL - an anti-virus application on your device
  • REPORT – if your personal device holds University data such as email, and is lost or stolen, you must report the loss to your manager and follow the advice below to wipe the device

Lost devices

If you have lost you mobile device (personal or University owned) or it has been stolen, you can wipe the device by following the instructions below:

  1. Log into Webmail
  2. Click on Options > See All Options... in the banner at the top right of the page.

     Mobile Options

 

  1. Choose Phone from the menu on the left of the page.
  2. You should see a list of any mobile devices you have recently synchronised with your account.
  3. Click on the device in the list to select it then click Wipe Device ‌

Wipe Device

6. The next time the device tries to synchronise with the University Mail Server it will be wiped. You will receive an email with confirmation that the wipe has taken place.

Junk Mail/Spam - Phishing

Please Note: If you get an email request for your account details, please forward to abuse@qub.ac.uk - DO NOT RESPOND TO ANY EMAIL ASKING FOR ONLINE ACCOUNT DETAILS

What is Phishing? – A potential compromise of your information

How Phishing Works

“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive information, such as email account passwords, credit and debit card numbers, banking information, and commercial information about the company you work for. Please read this advice as it could help prevent you becoming a victim of a phishing attack.

  1. A criminal sends a large number of emails to people using lists of email address identified as active. These emails appear to be messages from a company or organisation known to you or even from an internal source such as the IT Helpdesk. A common example contains a fictitious story designed to lure you into clicking on a link – Here is a real life example of such an email:‌

    2.  The phishing email will ask you to fill out a form or click on a link or button that takes you to a fraudulent website.

    3.  The fraudulent website mimics the company referenced in the email, and aims to extract your sensitive personal data.

 In essence, you think you're giving your information to a trusted organisation when, in fact, you're giving it to a criminal.

Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malware.

How to Spot a Fake Email

There are many telltale signs of a fraudulent email:

  • False Sense of Urgency – Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
  • Spelling and grammar mistakes – often these emails contain multiple spelling mistakes which is a good indicator of suspicion.
  • Fake Links – These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the link in an email, and comparing it to the link in the browser. If it looks suspicious, don't click.
  • Attachments – The vast majority of organizations will never send you unsolicited attachments or software. Attachments can contain malware, so you should never open an attachment unless you are 100% sure it comes from a legitimate source.

Here are some more examples:

Phishing1

Phishing2

Will Queen's ask you for account details in an email communication?

NO – Queen’s University Belfast will never ask you to submit your account details to a link or form in an email communication and indeed no reputable company will ask for such details in an email communication – if you get any such email requests for your Queen’s account details even if they look like they came from Queen’s, please forward to abuse@qub.ac.uk for advice – DO NOT RESPOND TO ANY EMAIL ASKING FOR ONLINE ACCOUNT DETAILS.

What should I do if I think if I have replied to a phishing email?

Change your password immediately and report to the organisation who maintain your account - for Queen’s this is advisory@qub.ac.uk. Remember to change that same password if you use it for other online accounts and never use that password ever again for any online account.

What are the consequences if I have replied to a phishing email?

You should be aware that the confidentiality of any information protected by an account password is gone once you respond to a phishing email. This could have serious business consequences both for you personally and Queen’s University Belfast, especially if you have Queen’s Corporate Information1 or Personal Data2 about citizens in the potentially compromised account. If you have any concerns about the compromise of such information you must report this to your Line Manager or Head of School and infosec@qub.ac.uk, to help limit any potential damage to the University’s business processes.

Report suspected phishing

If you receive an email which you are unsure about, FORWARD it as an attachment (see below) to abuse@qub.ac.uk where it will be evaluated to determine if it is a fake. If it is a fake, then we will get the source of the email shutdown as quickly as possible. By reporting these emails you will help to protect yourself and everyone else too.

Note: Please FORWARD the suspect email as an attachment don’t cut and paste the contents because valuable tracking information about the source will be lost.

How to forward as an attachment in Outlook

Attachment

___________________________________________

1 For example Financial Data, Intellectual Property, Research Data etc.

2 Personal Data as defined by The Data Protection Act 1998

Activate-Mailbox

Phishing Resources

Here are some useful links to more on phishing:

Password Advice

Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/.  This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it.

If you have not already done so, we strongly recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers, in the event you need to reset your password in the future.

If you have forgotten your password and have not yet set up your security questions and answers, then:

Selecting a strong password and managing it securely

Your password is both your electronic identity and the key, which you use to access University data.  It is YOUR responsibility to select a strong password and to manage it securely as you are personally accountable for its use.

Changing your password

There are a couple of things that you'll need to be aware of before changing your password.

A new password created at https://pss.qub.ac.uk will apply to all of our systems (Wi-Fi, Office 365, email, portal, library, QOL etc.) but won’t change the password you use to access  QUB email or Wi-Fi on your mobile devices.

You’ll need to make sure you have changed your password on any device that connects to QUB email or Wi-Fi, such as a laptop, tablet or mobile phone. To do this:

  • Enable airplane mode (or turn off WiFi & GPRS) on your mobile device(s);
  • Change your password on the Password Self-Service system;
  • Change your QUB email password to suit on each device;
  • Turn off airplane mode (or turn on WiFi & GPRS) on your mobile device(s) (you will be prompted for your new Wi-Fi password); 

You will also need to change your password on any web browser that has remembered a password for a University system

Password Procedures

Minimum Standards for all Queen's University Belfast Computer Accounts:

The following requirements are mandatory for creating a strong password. These are the minimum requirements - users are encouraged to create longer and more complex passwords where possible:

  1. Choose a password that has a mixture of at least 8 upper and lower case letters and numbers and which is personally memorable but difficult for others to guess.
  2. It must be different from previous twenty four passwords used.

Password Best Practices:

Do:

  • Use symbol characters.  However, on a UK keyboard, please DO NOT use the £ symbol as this is not acceptable in some applications.
  • Immediately change your password if you think that it has been revealed to anyone else or compromised;
  • Check that it does not appear in clear text in any file or program; 

Don't:

  • Ever write your password down;
  • Use the same password for both your University and private computer accounts, such as on-line banking, Facebook etc.;
  • Be fooled into giving your password away.  You may occasionally receive scam emails that appear to have been sent by IT telling you that your mailbox is full, or that there is a problem with your account etc. the University will NEVER ask you for your password;
  • Use your user-name, surname, or given name, as your password in any form;
  • Use any information about you that is easily obtainable, such as your car registration number, your birthday, your child or pets name, your favourite holiday destination or your favourite sports team or hobby;
  • Use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc;
  • Change your password by simply adding or incrementing a number every time you have to change it;
  • Reuse or recycle your password;
  • Lend your password to friends or share it with anyone including your secretary or PA;
  • Use the 'Remember Password' feature of websites and applications;
  • Use an ordinary word preceded or followed by a digit (eg, seCret1, 1seCret)

Tips

Use one of the following methods to create a memorable but strong password:

  • Use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, the phrase might be: "this may be one way to remember" and the password could be: "Tmb1w2r";
  • Substitute one or more letters with a numeric character (eg I = 1, A = 4, S = 5, L = 7 or O = 0);
  • Take two words and splice them together with one or more numeric characters;
  • For the strongest password, use a ‘passphrase’ – a number of words as in the example above and include the spaces between them as part of the password.

Remember

A computer that is left logged on and unattended gives anyone access to information, which is accessible to the authorised user, and allows others to use the account of user for malicious purposes. 

Unattended computers must be shut down or locked using a password access 'hot-key' or password-protected screen saver.

Password changes:

A password must be changed immediately if an account owner believes that it has been compromised (for example, if there is a possibility that another person may have viewed or acquired the password).

Support:

Account owners who forget their password should access the password self-service facility at https://pss.qub.ac.uk/ or contact the IT Service Desk on (028) 9097 3760 from 9:00 am to 5:00 pm Monday to Friday. All other times email advisory@qub.ac.uk .

 

What to do if you've forgotten your password

Password Self-Service

Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/.  This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it.

If you have already set up your security questions and answers, please select 'Forgotten Password' at https://pss.qub.ac.uk/ and you will be prompted for the answers to allow you to reset your password.

If you have not already done so, we recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers.

Getting Help

If you have forgotten your password and have not yet set up your security questions and answers, then:

Encryption

Data encryption software is used to protect sensitive or confidential data where data will be used in a mobile environment. For details see Guide to Encrypting Data

Data and Information Security Policies and Acceptable Use Guidance

These apply to all members of staff, visitors, contractors and students of the University and must be read before computer resources are used.

Acceptable Use 
Data/Information Security 
 Computer Resources - Acceptable Use Policy   Information Security Policy
 Staff Computing at Queen's - Acceptable Use Guide   Information Handling
 Student Computing at Queen's - Acceptable Use Guide   Mobile Computing Policy
    Data Security Guidance
    Password Policy

Security Top Tip!

Top Tip

 

Remember

  • Roll the mouse over a link to see its destination, in a browser this will be displayed in the bottom left corner and in Outlook it is displayed above the link.
  • Be suspicious of unknown sources or even links from trusted sources - if in doubt, seek advice or delete it.
  • Always think twice before clicking a link.
  • Report security incidents or scam emails asking for your credentials to IT immediately.
  • Never leave your phone, tablet, or laptop unattended.

 

Current Threats

Ransomware Attacks

Ransomware – a type of malware which ‘locks’ the files on a computer and then demands payment to unlock them – is a growing threat all across the world.

Find out more >>

Last Updated: January 2017