DATA SECURITY AT QUEEN’S
www.qub.ac.uk/is www.qub.ac.uk/is
Essential Information for Staff and Research Students
INFORMATION SERVICES
What about email?Sensitive data should not be sent by email. If you do need to use email, remember:• Confidentialfilesshouldbeencryptedbeforebeingtransferredbyemail• NeveruseapersonalemailaccountforUniversitybusiness• Takecarethattherecipientsoftheemailarethecorrectrecipientsandhavethe authority to view the data• Neversubmitlogindetailsinresponsetoanemail
What if I need to work away from the office?Under the Data Protection Act, the University is liable for the loss of data by theft. If you needtotakeorremotelyaccessdataoff-campus,remember:• Informyourlinemanagerorsupervisorbeforeyoutakedataorequipmentoff-campus and, if necessary, carry out a risk assessment• Neverleavedocuments,laptopsorotherdevicesunattendedinpublic• Donotuseyourpersonalcomputer,laptopormobiledevicetostorerestricteddata• SensitivedatastoredonaUniversitylaptopormobiledevicemustbeencrypted• EncryptedUSBdevicesareavailabletopurchasefromtheComputerShopinThe McClay Library• Installtheftrecovery/protectionsoftwareontolaptopsandmobiledevices• Public wireless networks are less secure than the University’s network environment• Whenconnectingremotely,ensurethatyourdeviceispasswordprotectedandhasan activefirewallandup-to-dateanti-virussoftware• ReportthelossofanydevicecontainingsensitivedataIMMEDIATELYtoInformation [email protected]• Protectsmartphones/tabletswithaPIN
What do I do if something goes wrong?Ifsomethinghappensthatcouldleadtopersonalorconfidentialinformationgettingintounauthorisedhands,orifyouhaveANYconcernsaboutdatasecurityorsuspectthatabreach may have occurred:• Informyourlinemanagerorsupervisorimmediately,identifyingthenatureofthe breachandthetypeofdatainvolved• Takeanyimmediatestepsyoucantoclosethebreachandminimisethepotentialimpact• [email protected]
Formoreinformationaboutdatasecurity,includingtheUniversity’sacceptableuseandinformationsecuritypolicies,visit:http://go.qub.ac.uk/itpolicies
Adviceonthetransferofdata,encryptionandthesecureerasureofdataisavailablefromInformationservicesstafforfromSchool-basedComputingOfficers.
SearchforITQUB
What has data security got to do with me?AsanemployeeoraresearchstudentatQueen’s,youmayneedtoworkwithsensitivedata,includinginformationaboutresearch,studentsandstaff.Youhavearesponsibilitytoprotecttheconfidentialityandintegrityoftheinformationthatyouaccess.Ifyoudon’tthinkcarefullyabouthowyoustoreandusedata,youcouldfindyourselfinvolvedindisciplinaryactionorlegalproceedings.
What kind of data are we talking about?Information which needs to be carefully handled may include:• Datarelatingtoindividualssuchasstaff,studentsorresearchsubjects• Informationgiveninconfidence• Financial information• Detailsofresearchactivityorintellectualproperty• Informationrelatingtoexamsorassessment• AnyotherinformationnotintendedforthepublicdomainIfyouareuncertainaboutwhetherthedatayouareworkingwithisconfidential,checkwithyourlinemanagerorsupervisor.
What can go wrong?ResearchhasshownthatdatabreachesinHigherEducationareoftendueto:• Unauthorised access to data (both deliberate and accidental) by staff or other individuals• Confidentialorpersonalinformationbeingaccidentallymadeavailableonline• Thetheftorlossofdocumentstakenoutoftheoffice• Thetheftorlossofalaptop,mobiledeviceorstoragedevice(suchasaUSBdrive)
TheUniversity’spoliciesandregulationsregardingacceptableuseandinformationsecuritycanbefoundat:http://go.qub.ac.uk/itpolicies
What can I do to protect the data that I use at work?Thereareseveralsimplestepsthatyoucantaketoprotectyourpersonaldetailsandanydatathatyouareworkingwith.Remember:• Createstrongpasswordsthatuseacombinationofletters,numbersandsymbols• Useuniquepasswordsforeachaccount• Neverrevealyourpasswordstoanyone• Passwordprotectsensitivedocumentsandstorethemonasecurenetworkdrive• UseCtrl+Alt+Deltolockyourworkstationbeforeleavingyourdesk• Keepconfidentialdocumentslockedinafilingcabinetordrawerwhennotinuse• Lockyourofficedoorifthereisnobodythere• Familiarise yourself with the University’s Data Protection Policy
Remember that data in your possession is your responsibility!Don’twaitforsomethingtohappenbeforethinkingaboutdatasecurity–takestepstoprotectyourdataandyourhardwaretoday!
Impact onindividuals
Damage to University’s reputation
Fines of up to
£500,000
DATA SECURITY BREACH
Staff and students should report data security incidents or threats IMMEDIATELY to their line manager or
supervisor and email [email protected]
