Archive for the ‘IT Security’ Category.

Installing Windows updates

To help keep your data and the data network secure, Windows updates are automatically deployed each month to any Windows computer connected to the main data network in offices and labs across Trinity.

There will be a change in what you see when Windows updates are deployed to your computer.  This change will allow you to choose when the updates are installed, up to a deadline date, helping you avoid your computer restarting at an inconvenient time.

Full details of what to expect when Windows updates are made available to your PC can be seen on our Software Security Updates web page.  If you have any queries relating to this please contact the IS Services Helpdesk.

Bitdefender, Sophos and Trend Micro now recognised by TCDconnect service

Three new anti-virus applications are now recognised by the student TCDconnect service when registering a Windows PC: Bitdefender, Sophos and Trend Micro.  This further broadens the range of supported anti-virus applications for those connecting their Windows PCs to the TCDconnect service, retaining the high-security aspect of the service.  See our web pages for a full list of recognised anti-virus software.

If you are using any of the listed anti-virus products and experience any issues registering your computer for the TCDconnect service, please book into a network clinic.

IS Services

IT Security at TCD in the news

During IT Security week (26-30 January 2015), we posted a news items to our wesite each day that offered tips and guidance on the latest IT Security developments.

To mark inerenational Data Protection Day on 28th January , there was an exciting panel discussion in the Synge Theatre – What does the internet say about you?  Held in conjunction with Information Compliance and the Science Gallery, this event was aimed at raising awareness and educating individuals on their rights and responsibilities with regard to collecting, storing and processing personal data.

In addition to the panel discussion, a giant QR code was projected onto the Nassau Street entrance to College.  Over 100 people scanned the code and were asked a sequence of questions requesting personal data ranging from name, gender, email address to more sensitive data such as date of birth, occupation and credit card details.

Without any idea of what their information would be used for or where it was going to end up, 90% of participants volunteered their name and gender while a shocking 27% of participants answered the request for details of medical conditions and their credit card number.  While this exercise was for deomonstrative purposes only, it could easily have had a more sinister agenda.  The moral of the story is to think before you click!

Read more about the QR code in the press here:

Keeping IT Secure – Data Recovery advice

If you’re ever unfortunate enough to have a hard drive fail and then need to recover the data from it, then it would be worth being aware of our advice on Data Recovery.  Our web page outlines some aspects of data recovery to be aware of before engaging any company to carry out this work.  Also on our page we list the contact details for a recommended supplier who meet a number of key requirements.

Cloud Computing Policy

Cloud computing is a term used to describe IT offerings which can be purchased as a service and used across the internet. These services offer convenience and flexibility; however the processes involved in correctly procuring and evaluating cloud services can be complex and subject to legal, ethical and policy compliance requirements.

That is why to help meet the challenges of adopting this new technology IS Services have developed policy and guidelines to assist College in the selection and use of cloud services.  The guidelines include a checklist to be used by anyone considering a cloud computing service for all or part of their official College work.

The checklist addresses the following:
– Stakeholder and institutional requirements  – deals with the service and the implications of its use for the College.
– Vendor considerations – outlines issues to be considered in relation to the vendor offering the service.
– Data issues – deals with College data and the implications of its use, considers if the cloud solution justifies the risk of processing data offsite and the   possible costs of security audits.  For sensitive data a College hosted system may offer cost savings in the long term.
– Payments details
– Support arrangements
– Exit strategy – clarifies what happens when the cloud service ends.

So if you are already using, or are planning in the future to start using, a cloud computing solution then please review the Cloud Computing Policy and Guidelines.

IT Security week 2015

During IT Security week (26- 30 January 2015), we posted a news item to our website each day that offered tips and guidance on the latest IT Security developments.

The week kicked off with an article on secure passwords.  For the second year in a row, ‘123456’ has topped the list of Worst Internet Passwords.  Why should this matter to you; your password is secure, right?  Your passwords protect your personal information and data.  Have a look at our article on the worst internet passwords and see if your passwords rank and what you can to do to create safe passwords.

Data Protection Day 2015
To mark international Data Protection Day on 28th January, there was an exciting panel discussion in the Synge Theatre – What does the internet say about you?

Held in conjunction with Information Compliance and the Science Gallery, this event was aimed at raising awareness and educating individuals on their rights and their responsibilities with regard to collecting, storing and processing personal information.  The event also focused on encouraging businesses and other organisations to understand their responsibilities by being open and honest about how they collect, use and share personal information.

Think before you click! 
An exercise in data protection
You may have noticed a giant QR code being projected onto the Nassau Street entrance to College? Over 100 people scanned the code and were asked a sequence of questions requesting personal data ranging from name, gender, email address to more sensitive data such as date of birth, occupation and credit card details.

Without any idea of what their information would be used for or where it was going to end up, 90% of participants volunteered their name and gender while a shocking 27% of participants answered the request for details of medical conditions and their credit card number.

While this exercise was for demonostrative purposes only, it could easily have had a more sinister agenda.  The moral of the story – think before you click!

IT Security Week: Can you spot a ‘phishing email’?

Your inbox can be a dangerous place! Lurking among the countless work and study related emails are fraudulent ‘phishing’ emails waiting to catch you unawares and trick you into divulging your College network password, your personal information or the login details for your Internet Banking, Apple iTunes or PayPal accounts.

To stay safe you need to be alert to the possibility of scams and fraud in your inbox.

Take a look at the emails below, have you ever received something similar?

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

These are common examples of the type of phishing emails we regularly receive in College.

These emails may attempt to induce you to:

  • Act quickly to prevent an account from being deactivated
  • Take part in a system upgrade or other IT action
  • Cancel payment for an item which you have not purchased

To avoid these types of scams you need to be vigilant and cautious, always take your time and consider the validity of what you are being offered.

  • Make sure you can confirm the identity of the company or individual with whom you are engaged in a transaction

Never provide sensitive personal information by email or on unfamiliar websites

What should I do when I receive a phishing email to my College email account?

Staff members who receive a spam/phishing email to their staff email account should report it so that similar email is blocked in future. Doing this helps reduce the overall amount of spam/phishing email being delivered to College email accounts, not just your own. To report an email as spam/phishing:

  1. Save the spam/phishing email message – in Outlook this would mean opening the email to view it and then choosing File – Save As and saving it to your computer
  2. Create a new, blank email message and attach the saved spam message to it
  3. Copy and paste the original spam message subject line into the new message subject line
  4. Send the new message to junk@office365.microsoft.com

What do I do if I think I have responded to a phishing email in College?

If you have replied to a phishing message or clicked on any links within the email body and entered your College username and password please immediately change your password and report this to the Helpdesk (+353 01 896 2000).

Finally remember..

IS Services will never ever ask for your username and password via email and you can confirm any communications from us with our website isservices.tcd.ie or the Helpdesk.

IT Security Week: College Data Protection Day 2015

This year to mark Data Protection Day 28th January Information Systems Services collaborated with Information Compliance and the Science Gallery to run a number of interesting and successful events, which you can read about below:

 

The Mystery QR Code

Did you notice a giant QR code being projected onto the Nassau Street entrance of Trinity College Dublin on the evening of Tuesday 27th January?

 

 

 

 

 

 

 

 

 

 

 

 
Over 100 people scanned the code and were asked a sequence of questions requesting personal data ranging from name, gender, email address to more sensitive data such as their data of birth, occupation and credit card details.

Without any idea of what their information would be used for or where it was going 90% of participants volunteered their name and gender while a shocking 27% of participants answered the request for details of medical conditions and their credit card number.

While this exercise was for demonstrative purposes only with a view to raising awareness regarding placing personal data online, it could easily have had a more sinister agenda. The moral of the story – Think before you click!

Data Protection day: Are you oversharing? One-on-one social media workshops

A number of willing participants volunteered to have their online presence ‘data mined’ by IS Services and the Science Gallery as a demonstration of just how much personal data it is possible to collect online about a stranger.

The results were then presented to each participant over coffee in the Science Gallery yesterday. Many were surprised at the sheer volume of data which was available about them on the Internet and 70% of participants said that they would put less data online in future as a result of attending this workshop.

Remember disclosing too much personal information about yourself on the internet can expose you to:

  • Identity Theft
  • Fraud
  • Personal Loss/danger (when disclosing location info)
  • Reputational damage (future employers etc.)

Personal social media management is now more important than ever why not review our tips from Tuesday on how to protect your personal data online and ensure that you are not oversharing!

Panel discussion: What does the Internet say about you?

We rounded off the day with a fascinating panel discussion around the theme of data privacy and the Internet. Speakers including Eoin O’Dell, Professor, The Law School and Twitters Director of Public Policy Sinead McSweeney discussed recent developments in online privacy and what issues we should all be aware of.

 

 

 

 

 

 

 

 

 

 

 
If you missed the event keep an eye on our website as we will be making a podcast of the event available soon!

 

IT Security Week: Is your password on the list of worst Internet Passwords for 2014?

Is your College password on the list of worst Internet Passwords for 2014?

You might recall during last year’s IT Security week we looked at the list of the Internet’s most commonly used and therefore ‘worst’ passwords. The list has been updated for 2014 As you can see below there has not been much of an improvement! Do you see any passwords similar to those you may be currently using for accounts which provide access to important information about you? These could include your College network or email account, or your iTunes, Amazon, PayPal, LinkedIn, or Facebook account?

If so it may be time to consider a change!

Rank Password Change from 2013
1 123456 No Change
2 password No Change
3 12345 Up 17
4 12345678 Down 1
5 qwerty Down 1
6 123456789 No Change
7 1234 Up 9
8 baseball New
9 dragon New
10 football New
11 1234567 Down 4
12 monkey Up 5
13 letmein Up 1
14 abc123 Down 9
15 111111 Down 8
16 mustang New
17 access New
18 shadow Unchanged
19 master New
20 Michael New

What makes these passwords so bad?

The passwords on this list demonstrate many of the common features which make a password weak and easy for an attacker to guess or crack:

  • They use dictionary words like dragon, football & monkey
  • They use common sequences or repeated characters like 111111 & 12345678
  • They use adjacent letters on the keyboard like qwerty

How can I create a secure password?

The key ideas to think about when creating a password are:

  • Length – Make your passwords long with 8 or more characters.
  • Complexity – Include letters, symbols, and numbers and a variety of upper and lower case characters.
  • Obscurity – Good passwords are randomised combinations of characters, don’t use dictionary words or words with personal connections to you or the service the password is for.

Test it online When you think you have come up with a secure password you can check it with an online password checker.

How can I manage all my passwords?

The best idea is to use separate passwords for all your important accounts which provide access to important information about you like your College account, iTunes or Facebook account. However remembering many different complex passwords is a challenge, one useful way to manage you passwords is to use an application like Keepass.

This is a small application which you can install on your computer and use to store your password information. The application is encrypted and password protected.  Obviously you should choose a really strong password to protect this application and remember to transfer and delete all information when you buy a new computer.

What if I forget my College Password?

Everyone forgets their password occasionally, you can save yourself a trip to the helpdesk by signing up today for the automated password reset services provided by IS Services below:

  • Password Manager

Password manager is a web-based application which allows staff and students to manage and reset their network login password. For a complete set of instructions on how to get started using Password Manager as a member of staff please see staff information, and as a student please see student information

  • TCD Password Recovery Service

Students can reset their email and network login password and have details sent to their mobile phone. Sign up today at mypassword.tcd.ie by providing a mobile phone number and, optionally, an alternative email address.

IT Security Week: Data Protection Day 2015 – Did you know that over half of Irish Organisations experienced a data breach last year?

Today January 28th is Data Protection Day. This is an international event aimed at raising awareness and educating individuals on their rights and their responsibilities with regard to collecting, storing and processing personal information.

The event also focuses on encouraging businesses and other organisations to understand their responsibilities by being open and honest about how they collect use and share personal information.

Know your rights

As an individual or a consumer you should know that that when you give your personal details to another organisation or individual, they have a legal duty to keep these details private and safe. This process is known as data protection.

Know your responsibilities

A recent survey of Irish Organisations found that more than half had experienced a data breach in the last year and the biggest cause was not hackers or other external threats but the behaviour of the companies own employees!

If you collect or store personal data belonging to others then you have defined legal responsibilities to protect and manage this data correctly.

As a staff member or a student in College you may be collecting and storing personal information as part of your job role, studies or research. You have a responsibility to ensure that the data is stored and processed appropriately and securely.

Remember IS Services are always available to advise you on how to manage data securely. We can advise on encryption techniques, evaluate IT partners’ products and services or review your current arrangements and advise on any improvements that may be necessary.

The College Information Compliance Office is also available to assist with any queries around Data Protection Legislation and compliance.

So make sure you know how the Data Protection Act applies to you. You can find information on the Data Protection Commissioner’s website at www.dataprotection.ie

Join us this evening to find out WHAT DOES THE INTERNET SAY ABOUT YOU?

To mark Data Protection day there will be an exciting panel discussion at 6pm in the JM Synge Theatre. It will be hosted by Newstalk’s Technology Reviewer Jessica Kelly.  See the Science Gallery Events Page for more information