If you haven’t done so already, please read the University’s working from home advice.
With many of us working from home, there is an increased need to be responsible where data protection and information security are concerned, and as such, we would ask staff to:
- Ensure your devices are secure and register an alternative email address.
- Be aware of email scams and phishing attacks, report it and tell us if you did anything with it.
- Report potential personal data and cybersecurity breaches.
- Ensure your data protection and information security training is up to date.
Further details on how to ensure you stay safe are provided below.
Whether you use a University computer, or your own computer, it is extremely important that you ensure it is set up correctly. This includes: registering an alternative email address in case of account recovery; using Sophos Intercept X (the University’s preferred end-point protection software); and enabling automatic updates. The InfoSec website has helpful guidance on how to protect your computer. If you are unsure about any of the above and require assistance contact your local IT support or email firstname.lastname@example.org
Email scams (‘Phishing’)
The University is experiencing an increase in social engineering attacks known as ‘phishing’. These attacks are often used to trick staff into clicking on malicious hyperlinks and/or revealing sensitive information such as login credentials. If you receive a suspected ‘phishing’ email forward it to email@example.com. Include with your email whether or not you divulged any credentials, downloaded any attachments, or clicked on any links. The InfoSec website contains more information on how to avoid email scams.
If you suspect a data breach report it immediately, please do not delay reporting any incidents.
Find out how to report by visiting the recently updated Staff guidance on data breaches on the Compliance website. To accompany the guidance we have produced examples of data breaches including breaches which may occur while working from home. Breach incidents relating to personal data must be reported to firstname.lastname@example.org and relating to cybersecurity must be reported to email@example.com.
Information security and data privacy training
All University staff must be trained in information security and data privacy. To achieve this we provide an online information security and data privacy training course which takes approximately one hour and must be renewed every twelve months. There is no cost for the training course. For more details, or if you have any questions, please contact your local administrator or email firstname.lastname@example.org