Skip to main content

Data Security - Protecting Our Information

Security

The business of the University depends heavily on computerised information systems, in particular:

  • Data which is often sensitive and must be protected from loss, corruption and unauthorised access
  • Re-entry of lost data can be painstaking and very time consuming 
  • Loss of data can impact upon deadlines and can have wide ranging implications - including breach of legal requirements
  • Electronic records are increasingly becoming the only source of original data

For latest information on internet security Get Safe Online

Data and Information Security Policies and Acceptable Use Guidance

These apply to all members of staff, visitors, contractors and students of the University and must be read before computer resources are used.

Acceptable Use
Computer Resources - Acceptable Use Policy (Sep 13)
Staff Computing at Queen's - Acceptable Use Guide (Sep 13)
Student Computing at Queen's - Acceptable Use Policy (Sep 13)
Data/Information Security
Information Security Policy Statement (Mar 09)
Information Handling (Nov 09)
Mobile Computing Policy* (Mar 09)
Guidance on Storing and Accessing Sensitive Information (Feb 10)
Guide to Encrypting Data 

Protecting Your Devices

Click titles below to expand each section

Protecting Your PC at Work

Key steps in protecting your PC:

  1. Apply new Windows Updates as released by Microsoft
  2. Install and maintain an up-to-date version of Symantec Anti-Virus (SAV) software on your PC.

The above steps can be automated and once set up correctly your PC should not represent a threat to others.

Viruses may be spread by email attachments or by files introduced into the campus.  In particular files held on removable media (e.g. USB devices such as memory sticks) or files downloaded from the internet.  As well as protecting your PCs (at work and at home) from viruses you should exercise caution when opening email attachments.  For more on emails refer to the Phishing section

Note: You should only ever load files onto your PC if you have a properly configured and up-to-date version of SAV running.  

Protecting Work PCs With Anti-Virus Software: The University provides a copy of Symantec Anti-Virus for every PC.  These installations are mostly ‘managed’ from one of the central Symantec Anti-Virus servers. This means that they are kept up to date with the latest virus information and are able to detect viruses reaching your computer.  
 
For full effectiveness, users should make sure they have an up to date version of SAV on their PC and that they have a ‘managed’ SAV installation.  See Installing and Configuring Symantec Anti-Virus (pdf file - 3 pages).

Firewall: When on campus, staff have the benefit of the protection afforded by the University’s network firewall, which blocks out potentially dangerous Internet traffic.  If you need any assistance with anti-virus or firewall issues, contact the IT Service Desk.

Note: You will require Adobe Acrobat Reader on your computer to download pdf files.  This software can be downloaded from the Adobe website

Protecting Your PC at Home

The three key steps in protecting your PC at home are:

  1. Applying new Windows Updates released by Microsoft
  2. Keeping up-to-date Anti-Virus Software on your PC
  3. Using an appropriate Home Firewall Product

If you do not take these measures then your home PC is potentially a serious risk to others.

GetSafe Online is a government initiative intended to provide home users with easy-to-understand advice on protecting home computers and phones from malicious attack. For more information visit the GetSafe Online website.

Windows Update: Windows Update is a facility to keep your Windows operating system up to date and help to protect your PC from viruses.  If you have Windows use Automatic Updates to obtain the latest updates as they are released by Microsoft and have them installed at a pre-set time.    

Protecting Home PCs with Anti-Virus Software: Staff at Queen’s University are entitled to a copy of Symantec Anti-Virus (SAV) for home use.  SAV CDs are available from the IT Service Desk in the McClay Library.  Installation is a simple process and full instructions are contained on the CD.   (Please note that different versions of the SAV CD are available for home and office use – please ensure that you have the correct version).

If you are not entitled to a home copy of SAV then there are a number of free software packages available.  Information Services has evaluated a number of free of charge software packages and recommend Microsoft Security Essentials. Students working on home PCs are advised to install one of these products.

Important Note: If you use a PC off campus and suspect that the PC has become infected then you should not under any circumstances transfer files between that PC and any University PCs until the virus has been removed.

Firewall for Home Use: Staff and students working from home are advised to protect their PCs using an appropriate home firewall product.  These products allow users to determine which traffic to allow to reach their PCs and are usually quite easy to install and configure. Information Services recommend Microsoft Security Essentials.

Note: You will require Adobe Acrobat Reader on your computer to download pdf files.  This software can be downloaded from the Adobe website

 

Protecting Your Mobile Device

If you use your own device, such as a smartphone or tablet computer to connect to the University network or to access University systems such as email you must adhere to the Computer Resources – Acceptable Use Policy. You should also follow the 4 steps below to protect both University Data and your own Personal Data.

  • PROTECT your device with a password or pin number of at least 4 characters
  • CHECK – before you download an app, is it from a reliable source e.g. iStore, Google Play, Amazon App Store. With Android devices ensure the Verify Apps security feature is running
  • INSTALL - an anti-virus application on your device
  • REPORT – if your personal device holds University data such as email, and is lost or stolen, you must report the loss to your manager and follow the advice below to wipe the device

Lost devices

If you have lost you mobile device (personal or University owned) or it has been stolen, you can wipe the device by following the instructions below:

  1. Log into Webmail
  2. Click on Options > See All Options... in the banner at the top right of the page.

     Mobile Options

 

  1. Choose Phone from the menu on the left of the page.
  2. You should see a list of any mobile devices you have recently synchronised with your account.
  3. Click on the device in the list to select it then click Wipe Device ‌

Wipe Device

6. The next time the device tries to synchronise with the University Mail Server it will be wiped. You will receive an email with confirmation that the wipe has taken place.

Junk Mail/Spam - Phishing

What is Phishing? – A potentially harmful communication

“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive personal information, such as account passwords, credit and debit card numbers, or banking information. Please read this advice as it could help prevent you becoming a victim of a phishing attack.

How Phishing Works

  1. A criminal sends a large number of emails to people using lists of email addresses identified as active or randomly generated. These messages appear come from well-known companies or organisations - even Queen's University itself. Commonly they contain fictitious information designed to lure you into clicking on a link or calling a phone number.
  2. The phishing email will ask you to fill out a form or click on a link or button that takes you to a fraudulent website.
  3. The fraudulent website mimics the company or organisation referenced in the email, and aims to extract your sensitive personal data - in particular your userid and password.

In essence, you think you're giving your information to a trusted company when, in fact, you're giving it to a criminal.

Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malware.

How to Spot a Fake Email

There are many telltale signs of a fraudulent email:

  • False Sense of Urgency – Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
  • Fake Links – These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the URL in an email, and comparing it to the URL in the browser. If it looks suspicious, don't click.
  • Attachments – The vast majority of organizations will never send you unsolicited attachments or software. Attachments can contain malware, so you should never open an attachment unless you are 100% sure it comes from a legitimate source.

Here are some examples:

Phishing1

Phishing2

Report suspected phishing

If you receive a suspicious email FORWARD it as an attachment (see below) to abuse@qub.ac.uk where it will be evaluated to determine if it is a fake. If it is a fake, then we will get the source of the email shutdown as quickly as possible. By reporting these emails you will protect yourself and everyone else too.

Note: Please FORWARD the suspect email as an attachment don’t cut and paste the contents because valuable tracking information about the source will be lost.

Attachment

Activate-Mailbox

Phishing Resources

Here are some useful links to more on phishing:

Top Tip

Last Updated: December 2014

In This Section

            Twitter Icon