Basic Advice for Information Security - Financial Teams

Hackers and scammers relentlessly try to break into University systems, to steal, corrupt or hold our data to ransom. It is every University member’s responsibility to help protect the University’s information.

Common security issues

 

Malicious Email: phishing

Be wary of everything you receive; most scammers rely on people’s trust to discover passwords, personal details and any other information they can potentially monetise.

Opening links or attachments - Emails can appear to be from an official source (for example an address ending @ed.ac.uk). This is either achieved through spoofing an email address, or utilising a real ed.ac.uk email address that has been compromised. When you open an attachment or click a link on these emails, malware can be released onto your device.

 

Social media malware

Be wary when logging into social media on the same device as you use to access University systems (email or shared drives). Links or images can be used by scammers to download malware (malicious software) onto your device without your knowledge. This malware can then access the university systems through your device.

 

Printing or writing details on paper

Criminals can use a method known as ‘Dumpster diving’ – finding personal details in refuse bins (especially in communal areas) which gives them access to your information. Don’t print things unless you absolutely have to and dispose of paper securely.

 

Unsecure passwords

If your passwords are leaked (even accidentally) or you only use one password for all your access, this can lead to multiple system attacks from hackers.

 

Advice to stay safe and protect

 

During working hours use the University VPN service

A Virtual Private Network provides an additional protection. If you process or access sensitive data, you should use the University VPN service.

 

Keep passwords private

Never reveal your work login details or passwords to anyone

 

Social Media to your personal device

The best way of keeping the University systems protected is to use your own devices for personal things like social media, and work on either a University supported laptop or properly configured desktop.

 

Avoid shared computers

Try to use a computer that is exclusively for your own use. This reduces the risk of improperly configured security settings, and makes day to day working easier when not having to change settings passwords etc. Do not use public shared computers to access University systems.

 

Keep anti-virus software updated

Ensure updates are scheduled automatically. This also applies to OS updates as these will provide ‘patches’ (fixes to any vulnerabilities) to prevent new malware invading your system

 

Keep all work-related documents and downloads within your shared drive on the work server

Do not save work to your mobile or home device. Any files you work on at home or downloads should stay saved onto our servers, where they have the best protection and managed back ups (Speak to your computing support team if you need access to shared drives).

 

Keep all work-related emails, discussion and data in your university services

Do not discuss or send any sensitive University information outside of University supported services. Your personal emails and webchats (for example Whatsapp, Messenger) do not have the same guarantees of data privacy that supported University services will have negotiated.