Mandatory Information Security Awareness Training

Just like any other large organisation, the University is under constant attack from cyber criminals and the threat to the institution, and to you, is very real.

We deploy a wide range of technical measures to protect you while working on University systems and networks; but technology alone is not enough to protect us. In the end, it’s down to people. And you are our best line of defence.

Because cyber attacks come in many forms and are constantly evolving, it’s important that you keep up to date and that you know what to look out for.

To help you do this, we have launched online Information Security Awareness training featuring videos, audio scripts, and animations, and covering:

  • Protecting Information
  • Physical and Procedural Security
  • Working Remotely and in the Cloud
  • Common Threats and how to Counter Them
  • Handling Research Data
  • Cracking the Code - Game

The training is mandatory for all staff and you are required to successfully complete the assessment. You can work through the modules at your own pace over multiple sessions, picking up where you left off. And once you’ve completed the training, you can dip back in at any time to refresh your knowledge on a particular topic.

Further help and advice

Our IT Security resource in the Toolkit has additional advice on how to stay secure, including a guide on Protecting yourself from Phishing Scams. One side of this sheet provides you with background information about phishing while the other is a handy quick reference guide in A4 poster format.

Download a copy and keep it handy to help you to identify email scams as soon as they arrive in your Inbox.

For help, advice, and to report ALL IT incidents, contact IT Services on: servicedesk@abdn.ac.uk or x3636.

IT Security. We are all responsible.

Quick Tips for IT Security

The University has drawn up a set of guidelines to help remind us all of the importance of information security in every aspect of our daily work.

  1. NEVER reveal your username and/or password – to anyone.
    • Not even the Service Desk will ask you to reveal your password.
  2. Passwords. Make them strong; keep them safe; never share them; and change them regularly.
  3. Always lock your device – or log off completely – whenever you leave it unattended for even a short period of time.
    • It only takes a second or two for someone to access your files.
  4. Always protect your user identity, at work and at home.
    • Don’t share access to your device with strangers.
    • Don’t store sensitive personal information, such as bank account numbers, on your device.
    • See our fact sheet for tips on how to spot email phishing scams
  5. Ensure your sensitive data is safe and suitably encrypted when mobile.
    • It is mandatory that you encrypt any USB flash drive and/or other portable device that contains sensitive University data.
    • See our guidance on how to encrypt your device (click on the Encryption tab above), or buy a pre-encrypted USB stick from the Service Desk.
  6. Always use electronic communication with care.
  7. Use anti-virus software and keep it up to date.
    • The University of Aberdeen’s anti-virus solution for University owned and managed Windows and Mac computers is Microsoft System Center Endpoint Protection (SCEP). Click on the Anti-virus software tab at the top of the page for more about SCEP.
    • We are unable to offer anti-virus support for personal/home PCs, laptops, Macs and MacBooks. Please ensure your personal computer is protected from viruses and malware by running anti-virus software.
  8. Be cautious when using the internet.
    • Never download files from an unknown source.
  9. Never cause offence or break the law when using University IT facilities.

For help, advice, and to report ALL IT incidents, contact IT Services on: servicedesk@abdn.ac.uk or x3636.

IT Security. We are all responsible.

Jamf Pro – iOS and MacOS Device Management

Jamf Pro helps us to protect and manage University-owned iPhones, iPads, and Macs.

It allows us to install updates remotely, deploy apps, and ensure security updates are current.

If your device is lost or stolen, contact us at servicedesk@abdn.ac.uk and we will remotely activate iOS Lost Mode. This will lock your device, protecting your data, and will also allow us to track its location. We cannot lock and locate your device without you being aware as it will display an onscreen message and emit the ‘Lost Mode’ sound.

Jamf Pro also allows you to download and install approved apps via the app Self-Service as part of our Apple Volume Purchase Programme (VPP).

It provides a unified framework for efficient system management and reporting in direct support of University policies, as well as ensuring the University complies with data protection legislation.

Least Privilege

The University uses Least Privilege to help prevent IT security breaches and the downloading and installing of unauthorised software.

What is Least Privilege?

Least privilege is a basic principle of IT security that means giving users only the permissions they need to carry out day to day activities, e.g. running Office applications, sending and receiving email, basic admin tasks (e.g. changing date and time), and web browsing.

How does it work?

By introducing the least privilege management agent – CyberArk Endpoint Privilege Manager (previously Viewfinity) – it is possible to temporarily increase a user’s permission levels, allowing them to install approved software* such as iTunes, Google Earth, Dropbox or to complete specific administrative tasks. Once the task is completed, original permission levels are restored.

Our goal is to create an infrastructure where the security of data is enhanced and the University network free from the threats posed by malware attacks and other risks.

How do I install software?

First check to see if the software you want can be installed from the Software Center. To access the Software Center:

  • Windows 7
    Start > All Programs > Microsoft System Center 2012 > Configuration Manager > Software Center
  • Windows 10
    Type ‘Software Centre’ into the search box on the taskbar

If it is not available from Software Center, check our list of Approved Software, available at www.abdn.ac.uk/it/services/approved-software

If the software you want is listed, you can download and install it straight away.

  • If you are using Windows 7/Windows 10, please download and save the installation file to your Downloads folder and install it from there.

What happens if I try to install software that has not been approved yet?

CyberArk will detect any attempt to install non-approved software and will prompt you to submit a request for elevated privileges.

You must provide a brief explanation for your request. The explanation should include software name, function, version, and download location. If no explanation is provided, we are not able to process your request.

We will contact you by email when your request has been approved and processed, or if more information is required. The CyberArk server is monitored during working days (Monday to Friday), so you should normally get a response within one working day.

If the software is approved, we will add it to the list of approved software, making it available to you and to other users.

Notifications

When you are installing software, you may receive task a bar notification about elevated privileges.

If you do not recognise the Process name or application, please contact the Service Desk for advice.

Further information

If you have any queries that are not covered in this fact sheet, please contact the Service Desk, marking your email subject line ‘Least Privilege Query’.


* See www.abdn.ac.uk/it/services/approved-software for current list of approved software.

Note that we are unable to guarantee support for non-standard University of Aberdeen software applications. For a list of standard software installations see www.abdn.ac.uk/it/documents/Standard_software_installations.pdf.

Encryption

It is mandatory that you encrypt any USB flash drive and/or other portable device that contains sensitive University data.

If you don’t, you risk not only accidental loss, destruction or damage to data but also unauthorised disclosure of confidential, personal, or commercially valuable data.

What is encryption?

Encryption is an effective method of protecting data stored on portable devices such as USB flash drives and external hard drives.

Encryption encodes data so that it can only be read by someone who has the right encryption key (password) to decode it.

This means that if your device is lost or stolen, the information contained on it cannot be accessed by unauthorised users.

Do you need to use USB?

While encrypting your USB device can protect the data on it from being accessed by unauthorised users, it cannot protect the device itself from being lost, stolen, corrupted or physically damaged.

  • Never use a USB device as your only method of storing and backing up data.

Consider the secure alternatives

  • Network drives - your H: drive or shared departmental drive is the most secure location for your data – as an area of managed filestore it is fast, reliable and secure. The servers are backed up onto tape nightly and, in an emergency, these tapes can be used to restore files that have been lost or damaged.
  • Remote VPN - provides secure, authenticated access to your H: drive and, where appropriate, to shared network drives when your are off campus via your personal device; all you need is an internet connection.
  • Direct Access - connects your University owned and managed Windows laptop directly to the University network whenever you are off campus and have an internet connection.
  • File Transfer service - one and a half times faster than email, this web-based service is a secure and simple way to send and receive files of up to 20GB in size. The service can be used by University of Aberdeen staff and students and colleagues outside the University making it the ideal solution for researchers who need to exchange files securely with external collaborators. Find out more...

  • Email - don't forget that email can provide a convenient method of transferring smaller files, up to 25MB including attachments.