Protecting Yourself & Your Work
The 10 Golden Rules have introduced you to your responsibilities for IT Security at the University of Leeds. Here are some more in-depth recommendations that you can use to help you protect both your personal information and your work.
Information Security Training
The University provides mandatory information security awareness training for all staff who use computers at work. Awareness of information security issues and your responsibilities are very important to minimise the likelihood of security incidents and data loss. Completing this online course will help you to adhere to the University's data protection requirements and information/IT security policies.
The Information Security Essentials course is available through the home page of Minerva at https://minerva.leeds.ac.uk/. For further assistance with this course, please visit the Information Security Training page on the IT Website.
Depending on your role, you may also be required to complete the Advanced Information Security Training. Check with your line manager.
You have already read about making sure you have a strong password but here are a few other things that we recommend to help you protect your accounts from misuse.
Protecting your passwords
Don't write your passwords down (on paper or in digital form) or share them with colleagues. If you are struggling to remember your password, try changing it to something more memorable to you (but still difficult to guess). If a colleague is unable to log on, don't let them use your account, ask them to contact the IT Service Desk. If you use a public computer, remember to log out afterwards or someone else could access it.
You are responsible for your account and if someone else uses it they could access your personal information or even use the account maliciously.
Phishing & Spam
Phishing emails, sometimes known as spam, are crafted to appear as if they have been sent from a legitimate organisation or known individual. These emails encourage users to click on a link that will take the user to a fraudulent website that appears legitimate. The University and other genuine organisations will never ask you to reveal your password by email.
A phishing email may suggest that your account has been suspended or has had some unauthorised activity and ask you to click on a link or attachment within the email. Other things to look out for are that the email message is vague or poorly written, or you are asked to log on to check, update or validate some information. If you are concerned about the safety of an account you should go to that website directly and log on in your normal way, not use the link provided in an email.
For more information about dealing with spam and on phishing emails, please visit it.leeds.ac.uk/spam. If you ever unsure about whether an email is genuine, contact the IT Service Desk before clicking on any links or opening any attachments.
Protecting Your Work
You have a duty to protect the University's data from outside parties, but also you will want to make sure that you don't lose files because of computer loss, failure or theft.
Encryption is the process of changing information to make it unreadable to anyone who doesn't have the software key to make the encrypted information readable again. All University owned laptops must be encrypted and the University has chosen Sophos SafeGuard software as its encryption standard. Personal devices may require additional security, please contact the IT Service Desk for more information
Many members of staff travel regularly so we recommend that you read up on using encrypted laptops abroad before you travel.
Anti Virus Software and Virus prevention
University computers should come with Anti Virus software as standard, however you should still be vigilant about not clicking on links in suspicious emails and especially opening unexpected attachments. If you receive an unexpected attachment that you aren't sure about, contact the sender directly to check that it is virus free. If you ever unsure about whether an email is genuine, contact the IT Service Desk before clicking on any links or opening any attachments.
You should also scan portable media such as USB Drives in order to check that they don't harbour malicious software.
Saving Your Work
It is essential to regularly save your files, as there are many ways in which important documents can be lost. Your computer may break or get a virus, it could be stolen or the file may be accidentally deleted or become corrupted. University File Storage (M: & N: Drive) is backed up daily so is great for working on normal files. For important documents it is recommended that you store copies of the file in multiple locations. However if your files contain classified information, as defined in the Universitys Information Protection Policy, you need to adhere to the requirements of that policy.
There is more information on saving your files later in the Induction.