16/10/17 - Adverse Weather

Queen's will be open tomorrow as usual. If there are any developments during the night that would put staff and student safety at risk, then a further announcement will be made at 6am tomorrow morning.  Read more on this >

 

Data Security - Protecting Our Information

Current Threats

Ransomware – a type of malware which ‘locks’ the files on a computer and then demands payment to unlock them – is a growing threat all across the world. Find out more >>

Information Security

 The business of the University depends heavily on computerised information systems, in particular:

  • Data which is often sensitive and must be protected from loss, corruption and unauthorised access
  • Re-entry of lost data can be painstaking and very time consuming 
  • Loss of data can impact upon deadlines and can have wide ranging implications - including breach of legal requirements
  • Electronic records are increasingly becoming the only source of original data

For latest information on internet security Get Safe Online [External Website]

It is important that you read Data and Information Security Policies and Acceptable Use Guidance

Protecting Your Devices

For information on Ransomware please see Protecting Against Ransomware Attacks

Advisory on Phishing 

This 4-page PDF defines and gives advice to help you respond to phishing attempts.

Password Guidance

Password Advice

Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/.  This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it.

If you have not already done so, we strongly recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers, in the event you need to reset your password in the future.

If you have forgotten your password and have not yet set up your security questions and answers, then:

Selecting a strong password and managing it securely

Your password is both your electronic identity and the key, which you use to access University data.  It is YOUR responsibility to select a strong password and to manage it securely as you are personally accountable for its use.

Changing your password

There are a couple of things that you'll need to be aware of before changing your password.

A new password created at https://pss.qub.ac.uk will apply to all of our systems (Wi-Fi, Office 365, email, portal, library, QOL etc.) but won’t change the password you use to access  QUB email or Wi-Fi on your mobile devices.

You’ll need to make sure you have changed your password on any device that connects to QUB email or Wi-Fi, such as a laptop, tablet or mobile phone. To do this:

  • Enable airplane mode (or turn off WiFi & GPRS) on your mobile device(s);
  • Change your password on the Password Self-Service system;
  • Change your QUB email password to suit on each device;
  • Turn off airplane mode (or turn on WiFi & GPRS) on your mobile device(s) (you will be prompted for your new Wi-Fi password); 

You will also need to change your password on any web browser that has remembered a password for a University system

Password Procedures

Minimum Standards for all Queen's University Belfast Computer Accounts:

The following requirements are mandatory for creating a strong password. These are the minimum requirements - users are encouraged to create longer and more complex passwords where possible:

  1. Choose a password that has a mixture of at least 8 upper and lower case letters and numbers and which is personally memorable but difficult for others to guess.
  2. It must be different from previous twenty four passwords used.

Password Best Practices:

Do:

  • Use symbol characters.  However, on a UK keyboard, please DO NOT use the £ symbol as this is not acceptable in some applications.
  • Immediately change your password if you think that it has been revealed to anyone else or compromised;
  • Check that it does not appear in clear text in any file or program; 

Don't:

  • Ever write your password down;
  • Use the same password for both your University and private computer accounts, such as on-line banking, Facebook etc.;
  • Be fooled into giving your password away.  You may occasionally receive scam emails that appear to have been sent by IT telling you that your mailbox is full, or that there is a problem with your account etc. the University will NEVER ask you for your password;
  • Use your user-name, surname, or given name, as your password in any form;
  • Use any information about you that is easily obtainable, such as your car registration number, your birthday, your child or pets name, your favourite holiday destination or your favourite sports team or hobby;
  • Use word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc;
  • Change your password by simply adding or incrementing a number every time you have to change it;
  • Reuse or recycle your password;
  • Lend your password to friends or share it with anyone including your secretary or PA;
  • Use the 'Remember Password' feature of websites and applications;
  • Use an ordinary word preceded or followed by a digit (eg, seCret1, 1seCret)

Tips

Use one of the following methods to create a memorable but strong password:

  • Use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, the phrase might be: "this may be one way to remember" and the password could be: "Tmb1w2r";
  • Substitute one or more letters with a numeric character (eg I = 1, A = 4, S = 5, L = 7 or O = 0);
  • Take two words and splice them together with one or more numeric characters;
  • For the strongest password, use a ‘passphrase’ – a number of words as in the example above and include the spaces between them as part of the password.

Remember

A computer that is left logged on and unattended gives anyone access to information, which is accessible to the authorised user, and allows others to use the account of user for malicious purposes. 

Unattended computers must be shut down or locked using a password access 'hot-key' or password-protected screen saver.

Password changes:

A password must be changed immediately if an account owner believes that it has been compromised (for example, if there is a possibility that another person may have viewed or acquired the password).

Support:

Account owners who forget their password should access the password self-service facility at https://pss.qub.ac.uk/ or contact the IT Service Desk on (028) 9097 3760 from 9:00 am to 5:00 pm Monday to Friday. All other times email advisory@qub.ac.uk

What to do if you've forgotten your password

Password Self-Service

Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/.  This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it.

If you have already set up your security questions and answers, please select 'Forgotten Password' at https://pss.qub.ac.uk/ and you will be prompted for the answers to allow you to reset your password.

If you have not already done so, we recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers.

Getting Help

If you have forgotten your password and have not yet set up your security questions and answers, then:

Protecting your devices

Protecting Your PC at Work

Key steps in protecting your PC

  1. Apply new Windows Updates as released by Microsoft 
  2. Install and maintain an up-to-date version of Symantec EndPoint Protection (SEP) software on your PC
  3. Save your work to the network Q: drive
  4. Lock your computer when you leave your desk 

The above steps should be automated and once set up correctly your PC should not represent a threat to others. If you have problems updating Windows or Symantec EndPoint Protection (SEP) then please contact the IT Service Desk for further advice.

Advice about checking that you have the latest Windows Updates (2-page PDF) - pertinent in the light of the latest Ransomware attacks worldwide.

Note: You should only ever load files onto your PC if you have a properly configured and up-to-date version of SAV running.  

Protecting Work PCs With Anti-Virus Software: The University provides a copy of Symantec EndPoint Protection for every PC and Apple Mackintosh Desktop.  See Installing and Configuring Symantec EndPoint Protection (pdf file - 2 pages). Viruses may be spread by email attachments or by files introduced into the campus.  In particular files held on removable media (e.g. USB ) or files downloaded from the internet.  As well as protecting your PCs (at work and at home) from viruses you should exercise caution when opening email attachments.  This 4-page PDF defines and gives advice to help you respond to phishing attempts.

Lock your computer: For Windows devices use Ctrl + Alt + Del and select lock this computer. For Apple Mackintosh desktops use Ctrl + Shift + Eject.

 

Protecting Your PC at Home

Protect your home PC by:

  1. Applying new Windows Updates released by Microsoft
  2. Applying all application software Updates released by the manufacture
  3. Keeping up-to-date Anti-Virus Software on your PC
  4. Using an appropriate Home Firewall Product
  5. Replace Windows XP

If you do not take these measures then your home PC is potentially a serious risk to yourself and others.

GetSafe Online is a government initiative intended to provide home users with easy-to-understand advice on protecting home computers and phones from malicious attack. For more information visit the GetSafe Online website.

Windows Update: Windows Update is a facility to keep your Windows operating system up to date and help to protect your PC from viruses.  Use Automatic Updates to obtain the latest updates as they are released by Microsoft and have them installed at a pre-set time.    

Application Software Updates:  Not keeping your programs up to date can result in serious issues, affecting both your computer and your own personal security. These include: Viruses, spyware and other malware.  Cyber-criminal attacks.  Crashing, freezing and generally poor performance.

As well as resolving security issues, software updates frequently contain improvements and new features.  You may have to update each application individually or use a product such as Ninite.  For Microsoft products use Windows Update.

Protecting Home PCs with Anti-Virus Software: All Staffare entitled to a copy of Symantec Anti-Virus (SAV) for home use.  SAV CDs are available from the IT Service Desk in the McClay Library.  Installation is a simple process and full instructions are contained on the CD.   (Please note that different versions of the SAV CD are available for home and office use – please ensure that you have the correct version). Viruses may be spread by email attachments or by files introduced into the campus.  In particular files held on removable media (e.g. USB ) or files downloaded from the internet.  As well as protecting your PCs (at work and at home) from viruses you should exercise caution when opening email attachments.  This 4-page PDF defines and gives advice to help you respond to phishing attempts.

If you are not entitled to a home copy of SAV then there are a number of free software packages available, for the latest independent reviews visit AntiVirus Reviews

Students working on home PCs are strongly advised to install one of these products.

Important Note: If you use a PC off campus and suspect that the PC has become infected then you should not under any circumstances transfer files between that PC and any University PCs until the virus has been removed.

Firewall for Home Use: Staff and students working from home are advised to protect their PCs using an appropriate home firewall product.  These products allow users to determine which Internet traffic is allowed to reach their PC.  The pre-installed default Windows firewalls are suitable for home users.

Windows XP is no longer supported by Microsoft, which leaves the operating system vulnerable to attack from infection by malware, with criminals being well aware of these vulnerabilities to:

  • Steal your personal and financial details in order to commit fraud.
  • Commit identity theft in order to apply for bank accounts, passports and other facilities in your name.
  • Monitor your email and other Internet usage.
  • Make your PC part of a botnet, commonly used to attack corporate or government websites.

The first step is to install a newer version of Windows … such as 7, 8.1 or 10.  However, very few older computers will be able to run Windows 10 or even Windows 8.1 owing to the more demanding hardware requirements of these later versions.  Microsoft recommends that you download and run the Windows Upgrade Assistant  to check if your PC meets the system requirements.

Protecting Your Mobile Device

If you use your own device, such as a smartphone or tablet computer to connect to the University network or to access University systems such as email you must adhere to the Computer Resources – Acceptable Use Policy. You should also follow the 4 steps below to protect both University Data and your own Personal Data.

  • PROTECT your device with a password or pin number of at least 4 characters
  • CHECK – before you download an app, is it from a reliable source e.g. iStore, Google Play, Amazon App Store. With Android devices ensure the Verify Apps security feature is running
  • INSTALL - an anti-virus application on your device
  • REPORT – if your personal device holds University data such as email, and is lost or stolen, you must report the loss to your manager and follow the advice below to wipe the device

Lost devices

If you have lost you mobile device (personal or University owned) or it has been stolen, you can wipe the device by following the instructions below:

  1. Log into Webmail
  2. Click on Options > See All Options... in the banner at the top right of the page.

     Mobile Options

 

  1. Choose Phone from the menu on the left of the page.
  2. You should see a list of any mobile devices you have recently synchronised with your account.
  3. Click on the device in the list to select it then click Wipe Device ‌

Wipe Device

6. The next time the device tries to synchronise with the University Mail Server it will be wiped. You will receive an email with confirmation that the wipe has taken place.

Encryption

Data encryption software is used to protect sensitive or confidential data where data will be used in a mobile environment. For details see Guide to Encrypting Data

Data and Information Security Policies and Acceptable Use Guidance

These apply to all members of staff, visitors, contractors and students of the University and must be read before computer resources are used.

Acceptable Use 
Data/Information Security 
 Computer Resources - Acceptable Use Policy   Information Security Policy
 Staff Computing at Queen's - Acceptable Use Guide   Information Handling
 Student Computing at Queen's - Acceptable Use Guide   Mobile Computing Policy
    Data Security Guidance
    Password Policy

Security Tips

  • Roll the mouse over a link to see its destination, in a browser this will be displayed in the bottom left corner and in Outlook it is displayed above the link.
  • Be suspicious of unknown sources or even links from trusted sources - if in doubt, seek advice or delete it.
  • Always think twice before clicking a link.
  • Report security incidents or scam emails asking for your credentials to IT immediately.
  • Never leave your phone, tablet, or laptop unattended.‌‌

Top Tip

Last Updated: May 2017