Mandatory IT Security Awareness Training

Just like any other large organisation, the University is under constant attack from cyber criminals and the threat to the institution, and to you, is very real.

We deploy a wide range of technical measures to protect you while working on University systems and networks; but technology alone is not enough to protect us. In the end, it’s down to people. And you are our best line of defence.

Because cyber attacks come in many forms and are constantly evolving, it’s important that you keep up to date and that you know what to look out for.

To help you do this, we have launched online Information Security Awareness training featuring videos, audio scripts, and animations, and covering:

  • Protecting Information
  • Physical and Procedural Security
  • Working Remotely and in the Cloud
  • Common Threats and how to Counter Them
  • Handling Research Data
  • Cracking the Code - Game

The training is mandatory for all staff and you are required to successfully complete the assessment. You can work through the modules at your own pace over multiple sessions, picking up where you left off. And once you’ve completed the training, you can dip back in at any time to refresh your knowledge on a particular topic.

Further help and advice

Our IT Security resource in Learners’ Toolkit has additional advice on how to stay secure, including a guide on Protecting yourself from Phishing Scams. One side of this sheet provides you with background information about phishing while the other is a handy quick reference guide in A4 poster format.

Download a copy and keep it handy to help you to identify email scams as soon as they arrive in your Inbox.

For help, advice, and to report ALL IT incidents, contact IT Services on: servicedesk@abdn.ac.uk or x3636.

IT Security. We are all responsible.

Quick Tips for IT Security

The University has drawn up a set of guidelines to help remind us all of the importance of information security in every aspect of our daily work.

  1. NEVER reveal your username and/or password – to anyone.
    • Not even the Service Desk will ask you to reveal your password.
  2. Passwords. Make them strong; keep them safe; never share them; and change them regularly.
  3. Always lock your device – or log off completely – whenever you leave it unattended for even a short period of time.
    • It only takes a second or two for someone to access your files.
  4. Always protect your user identity, at work and at home.
    • Don’t share access to your device with strangers.
    • Don’t store sensitive personal information, such as bank account numbers, on your device.
    • See our fact sheet for tips on how to spot email phishing scams
  5. Ensure your sensitive data is safe and suitably encrypted when mobile.
    • It is mandatory that you encrypt any USB flash drive and/or other portable device that contains sensitive University data.
    • See our guidance on how to encrypt your device (click on the Encryption tab above), or buy a pre-encrypted USB stick from the Service Desk.
  6. Always use electronic communication with care.
  7. Use anti-virus software and keep it up to date.
    • The University of Aberdeen’s anti-virus solution for University owned and managed Windows and Mac computers is Microsoft System Center Endpoint Protection (SCEP). Click on the Anti-virus software tab at the top of the page for more about SCEP.
    • We are unable to offer anti-virus support for personal/home PCs, laptops, Macs and MacBooks. Please ensure your personal computer is protected from viruses and malware by running anti-virus software.
  8. Be cautious when using the internet.
    • Never download files from an unknown source.
  9. Never cause offence or break the law when using University IT facilities.

For help, advice, and to report ALL IT incidents, contact IT Services on: servicedesk@abdn.ac.uk or x3636.

IT Security. We are all responsible.

SCCM - Windows Device Management

Microsoft System Centre Configuration Manager (SCCM) helps us to protect and manage University-owned Windows devices.

It allows us to remotely manage and deploy the latest security patches, antivirus protection, and software updates on University managed Windows devices on your behalf.

SCCM also allows you to install approved Windows software via the Software Center.

It provides a unified framework for efficient system management and reporting in direct support of University policies, as well as ensuring the University complies with data protection legislation.

Jamf Pro – iOS and MacOS Device Management

Jamf Pro helps us to protect and manage University-owned iPhones, iPads, and Macs.

It allows us to install updates remotely, deploy apps, and ensure security updates are current.

If your device is lost or stolen, contact us at servicedesk@abdn.ac.uk and we will remotely activate iOS Lost Mode. This will lock your device, protecting your data, and will also allow us to track its location. We cannot lock and locate your device without you being aware as it will display an onscreen message and emit the ‘Lost Mode’ sound.

Jamf Pro also allows you to download and install approved apps via the app Self-Service as part of our Apple Volume Purchase Programme (VPP).

It provides a unified framework for efficient system management and reporting in direct support of University policies, as well as ensuring the University complies with data protection legislation.

Anti-virus

University Windows PCs/laptops, Macs and MacBooks

The University of Aberdeen’s anti-virus solution for University owned and managed Windows and Mac computers is Microsoft System Center Endpoint Protection (SCEP).

Our licence covers networked computers on campus and University Windows laptops and MacBooks.

On Windows PCs, we manage your SCEP installation centrally and have configured it to run automatic scheduled scans to ensure your University computer receives updates and is protected from malware and viruses at all times. You can also run a manual scan at any time, on your PC and on attached devices such as USB drives.

On Macs, the built-in real-time scanner protects you as you work and also scans your computer on system startup. You can also create a scheduled scan to run regularly at a time that suits you.

University Linux/Unix

For campus PCs running Linux and UNIX distribution we recommend ClamAV. Guides on installation and configuration can be found at the ClamAV web page.

Personal Computers

We are unable to offer anti-virus support for personal/home Windows PCs and laptops, Macs and MacBooks. It is your responsibility to ensure that your personal computer is protected.

You may wish to consider one of the following FREE packages:

Alternatively, you may prefer to buy anti-virus software such as

    • PC: VIPRE, McAfee
    • Mac: McAfee, Bitdefender, ClamXav
      • Note: Kaspersky is not compatible with the Write-N-Cite utility within RefWorks, the University's licensed bibliographic management software.

*Note: Sophos’ free Anti-Virus for Mac Home Edition is designed exclusively for home use on personal devices. Sophos prohibits use on University owned devices.

We do not endorse any one package over another and can provide no support or warranty for home installations of any of the software packages listed.

Email virus checking

Any message detected of containing a virus or other harmful content is intercepted by the gateway and is not delivered to the intended recipient(s).

Any message with an attachment with a file extension type recognised as having the potential to carry virus infections or malware is rejected. See list of blocked extensions.

Least Privilege

The University uses Least Privilege to help prevent IT security breaches and the downloading and installing of unauthorised software.

What is Least Privilege?

Least privilege is a basic principle of IT security that means giving users only the permissions they need to carry out day to day activities, e.g. running Office applications, sending and receiving email, basic admin tasks (e.g. changing date and time), and web browsing.

How does it work?

By introducing the least privilege management agent – CyberArk Endpoint Privilege Manager (previously Viewfinity) – it is possible to temporarily increase a user’s permission levels, allowing them to install approved software* such as iTunes, Google Earth, Dropbox or to complete specific administrative tasks. Once the task is completed, original permission levels are restored.  

Our goal is to create an infrastructure where the security of data is enhanced and the University network free from the threats posed by malware attacks and other risks.

How do I install software?

First check to see if the software you want can be installed from the Software Center. To access the Software Center:

  • Windows 7
    Start > All Programs > Microsoft System Center 2012 > Configuration Manager > Software Center
  • Windows 10
    Type Software Centre’ into the search box on the taskbar

If it is not available from Software Center, check our list of Approved Software, available at www.abdn.ac.uk/it/services/approved-software  

If the software you want is listed, you can download and install it straight away.

  • If you are using Windows 7/Windows 10, please download and save the installation file to your Downloads folder and install it from there.

What happens if I try to install software that has not been approved yet?

CyberArk will detect any attempt to install non-approved software and will prompt you to submit a request for elevated privileges.

You must provide a brief explanation for your request. The explanation should include software name, function, version, and download location. If no explanation is provided, we are not able to process your request.

We will contact you by email when your request has been approved and processed, or if more information is required. The CyberArk server is monitored during working days (Monday to Friday), so you should normally get a response within one working day.

If the software is approved, we will add it to the list of approved software, making it available to you and to other users.

Notifications

When you are installing software, you may receive task a bar notification about elevated privileges.

If you do not recognise the Process name or application, please contact the Service Desk for advice.

Further information

If you have any queries that are not covered in this fact sheet, please contact the Service Desk, servicedesk@abdn.ac.uk, marking your email subject line ‘Least Privilege Query’.


* See www.abdn.ac.uk/it/services/approved-software for current list of approved software.

Note that we are unable to guarantee support for non-standard University of Aberdeen software applications. For a list of standard software installations see www.abdn.ac.uk/it/documents/Standard_software_installations.pdf.

Encryption for Personal Devices

It is mandatory that you encrypt any USB flash drive and/or other portable device that contains sensitive University data. 

If you don’t, you risk not only accidental loss, destruction or damage to data but also unauthorised disclosure of confidential, personal, or commercially valuable data.

What is encryption?

Encryption is an effective method of protecting data stored on portable devices such as USB flash drives and external hard drives.

Encryption encodes data so that it can only be read by someone who has the right encryption key (password) to decode it.

This means that if your device is lost or stolen, the information contained on it cannot be accessed by unauthorised users.

Encrypting your personal device

Windows

We recommend using BitLocker to Go. BitLocker is available on Windows 7 Enterprise (as installed on University PCs and laptops) and Ultimate editions, and on Windows 8 Pro and Enterprise editions.

See our guidance on using BitLocker in Learners’ Toolkit.

Note: It is not possible to encrypt drives using BitLocker on Windows 10 Home edition. You can however unlock and use previously encrypted drives, with full Read/Write access.

Mac

We are currently sourcing a solution for Mac users. Meantime, you can use the native OSX encryption utility FileVault2.

Pre-encrypted USB flash drives

You can purchase pre-encrypted USB flash drives from the University’s IT Service Desk.

Windows

We maintain a stock of standard 8GB USB drives for Windows devices – current cost £12. 16GB drives are also available on request.

Contact the Service Desk for details.

Mac, Windows

The DataLocker is a password protected, high-speed USB 2.0 flash drive with automatic hardware encryption.

DataLocker drives are fully compatible with Mac OSX 10.5 and above, and Windows 7, and XP.

They are available in a variety of sizes (prices exclude VAT):

  • 4GB Encrypted USB - £52
  • 8GB Encrypted USB - £82
  • 16GB Encrypted USB - £152.50

Contact the Service Desk for details.

Do you need to use USB?

While encrypting your USB device can protect the data on it from being accessed by unauthorised users, it cannot protect the device itself from being lost, stolen, corrupted or physically damaged.

  • Never use a USB device as your only method of storing and backing up data.

Consider the secure alternatives

  • Network drives - your H: drive or shared departmental drive is the most secure location for your data – as an area of managed filestore it is fast, reliable and secure. The servers are backed up onto tape nightly and, in an emergency, these tapes can be used to restore files that have been lost or damaged.
  • Remote VPN - provides secure, authenticated access to your H: drive and, where appropriate, to shared network drives when your are off campus via your personal device; all you need is an internet connection.
  • Direct Access - connects your University owned and managed Windows laptop directly to the University network whenever you are off campus and have an internet connection.
  • File Transfer service - one and a half times faster than email, this web-based service is a secure and simple way to send and receive files of up to 20GB in size. The service can be used by University of Aberdeen staff and students and colleagues outside the University making it the ideal solution for researchers who need to exchange files securely with external collaborators. Find out more...

  • Email - don't forget that email can provide a convenient method of transferring smaller files, up to 25MB including attachments.