Archive for the ‘IT Security’ Category.

IT Security Week: Protecting your Personal Information

We all have information worth protecting; financial data, medical information, usernames, passwords, passcodes and PINs to name but a few. Protecting this information was much easier when it was mainly stored in physical files and folders and could be locked securely away, but now that it is online how safe and secure is your personal information?

Are you at risk of loss of privacy, identity theft or fraud?

Have a read through our top 10 tips below to ensure that you are doing all you can to protect your personal information.

Top 10 tips to safeguard your personal information online

  1. Remembering passwords can be a nuisance but passwords are often the sole keys to accessing your information and are fundamental to your security. They need to be long, complex, unique and not easy to guess, so at least 8 characters (preferably much more if you can manage it), and with no dictionary words, names, favourite colours or dates of birth!
  2. Don’t use the same password for everything; this increases the likelihood of multiple accounts getting hacked at once potentially turning a small problem into a major disaster!
  3. Protect your privacy on social media; think carefully about what information you allow to be accessed online and by whom. Make sure you understand how the privacy settings in applications like Facebook actually work.
  4. As a test log out and try to access your social media accounts as a stranger would every so often to check what data can be accessed.
  5. Be cautious about online status updates that reveal your location or future travel plans; you may put yourself or your property in danger by publicly declaring this type of information.
  6. Have a plan for how you will deal with the loss or theft of a personal computing device, have you encrypted the hard drive, can you remote wipe the device, do you have backups?
  7. Have you heard of phishing? Be on your guard while browsing your inbox and never ever supply personal or financial information in response to an email request. Even if you are convinced that an email is legitimate always verify by telephoning the bank or company using their publically listed telephone number to double-check first.
  8. Be careful when storing personal or sensitive information in online storage services, especially free ones! Have you read the terms and conditions of the service, are you sure you know who can access the data?
  9. Finally make sure to delete all your information stored on a computer, phone or tablet prior to discarding, exchanging or donating it to charity. 

Join us tomorrow to find out WHAT DOES THE INTERNET SAY ABOUT YOU?  

To mark Data Protection day on Wednesday 28th January there will be an exciting panel discussion at 6pm in the Synge Theatre – WHAT DOES THE INTERNET SAY ABOUT YOU?  It will be hosted by Newstalk’s Technology Reviewer Jessica Kelly.  See http://www.tcd.ie/info_compliance/news/ for more information

Consider how much data you are storing on your smartphones and tablets, you need to protect and secure these just as you would your computer. At a minimum set a password or PIN on your devices and set them to automatically lock after a set period of time.

Data Backup & IT Security session, 2pm, Oct 2nd

IS Services and the GSU have arranged a 1-hour information session for College postgrads that will cover various IT Security topics.  The session will take place between 2pm and 3pm on Thursday, 2nd October in the Swift Theatre (room 2041A Arts Building).  No booking is required and we encourage postgrads to come along to learn more about the following topics:

  • Data Backup
  • Phishing
  • Mobile Device Security
  • Malware/Spyware
  • Software Security Updates
  • Password Security
  • Cloud Security

IS Services

McAfee home versions support now available for TCDconnect service

We are happy to announce that we have added the following home versions of McAfee Anti-Virus software to our list of supported anti-virus software for the TCDconnect service:

  • McAfee Antivirus
  • McAfee Antivirus Plus 2013*
  • McAfee Home
  • McAfee Internet Security
  • McAfee LiveSafe 2013*
  • McAfee Security Center 2013*
  • McAfee Total Protection 2013*

*McAfee have just released the 2014/2015 versions of Anitivirus Plus, LiveSafe, Security Center and Total Protection. These latest versions are not yet supported on the TCDconnect service. Support will be added as soon as it becomes available from our suppliers. Microsoft Security Essentials is provided as a download during registration as an alternative until support for these new versions is available.

Information regarding Gameover Zeus/CryptoLocker malware

We would like to make you aware of an increased threat from malware. You might have read in the press about GameOver Zeus and CryptoLocker which is malware affecting computers across the world. The best action to take is to avoid malware in the first instance, so as always take care when browsing the Internet and following links, especially links sent in an unsolicited email message.

What does this malware do?

GameOver Zeus is designed to track each keystroke you make in order to steal passwords and other credentials when you visit online banking sites. CryptoLocker will encrypt your computer and hand over control of your machine to hackers who, in turn, hold your personal files, photos and data to ransom for money.

For more information on GameOver Zeus and CryptoLocker, please read http://blogs.mcafee.com/mcafee-labs/game-zeus-cryptolocker.

We are advising that everyone be aware that this threat is out there and that you should consider taking pre-cautions:

  • Ensure your data is backed-up – just in case
  • Make sure your anti-virus software is up-to-date

Windows computers which are connected to the College network should be receiving automated Anti-Virus updates but it is always wise to check that the updates are running successfully. To check that the virus definitions are up to date on your computer follow the quick step-by-step guide at http://isservices.tcd.ie/security/virusscan_faq.php

IS Services recently released a new service for Mac computers which are connected to the College Network and these computers can also now be setup to receive automated Anti-Virus updates, for more information see: http://isservices.tcd.ie/security/mcafee_security_mac.php

If you have any questions, please feel free to contact our Helpdesk (helpdesk@tcd.ie | +353 01 896 2000).

Change to spam email filtering service for staff

On Monday, 26th May, we introduced a change in the way spam is filtered in the staff email service.  Exchange Online Protection (EOP) scans for spam emails and any messages infected with viruses that are addressed to staff ‘@tcd.ie’ email accounts.  When the EOP service detects and identifies anything suspicious, it will place it in quarantine and will send a notification email to you to inform you of this action.  You will receive notifications daily, should there have been anything new placed in quarantine.

Within the notification email you will be able to manage any emails that have been quarantined.  This includes reviewing all quarantined emails and marking any message that has been incorrectly identified as spam.  As well, you will be able to report unwanted spam or phishing emails that arrive in your inbox.  Reporting such email is a benefit to all staff as it reduces the amount of spam or phishing emails that get through the filtering service.

The new EOP service replaces the previous service, Forefront Online Protection for Exchange (FOPE), and so the previous facility to login to your quarantine online will be discontinued in due course. This service provides a means of combatting the significant increase in the number of phishing attacks on College which we have seen recently. We are doing our part to help keep your inbox safe.

For full details on what to expect, how to manage your spam and how to report spam or phishing emails please see our Spam email filtering web page.

Another reason to consider data encryption for your College-owned computer or device

In February 2012, it was reported by the Business Post and Irish Examiner, that Eircom experienced a data breach of security that affected nearly 7,000 eMobile and Meteor customers.

The data breach was caused by three stolen Eircom laptops which were not encrypted.  The personal and financial information of nearly 550 customers was ‘at risk’.

In August 2013, it was reported that dozens of HSE laptops, USB sticks, and smartphones with sensitive, unencrypted files were lost or stolen between January 2009 and December 2012.  In this instance, personal data includes details such as a customer’s name, address, and telephone number, as well as the personal information of HSE staff.

The shocking bit of these two stories is that breaches happen so often that it’s not shocking anymore.  This is why we are urging staff and students who use College-owned laptops or devices to consider data encryption. 

It could happen to anyone: you’re on your way home on the bus after a long day, you put the laptop down at your feet, your stop comes, you get up and forget the laptop.  All of the data on your laptop is now at risk.  Unless of course, the data was encrypted.

The College data encryption service, Check Point, fully encrypts the entire hard disk and all data including the operating system.  It is easy to use and is vital to the security and protection of sensitive data.

If you’re interested in learning more, please see our page on the Check Point laptop encryption service.

In case you missed it, here’s a recap of IT Security Week 2014

While IT security might be the last thing on your mind when online or using your phone or tablet, it is a topic that will always affect you, whether directly or indirectly.  With this in mind,  IS Services and the College IT Security Officer have   developed a week specifically devoted to IT security.

Our aim with IT Security Week is to offer tips and guidance to keep staff and students proactive, rather than reactive, where IT security is concerned.

During February 2014, we hosted our  second annual IT Security Week. Topics covered included advice on choosing secure passwords, guidance on how to identify scams and phising emails in your inbox, as well as information on staying secure on the internet and when using mobile devices.

In case you missed IT Security Week, here is a summary (along with links to the full articles posted each day) of what was covered:

MONDAYIs your password on the list of worst Internet Passwords?  A recent report has revealed the Internet’s most commonly used and therefore ‘worst’ passwords.  This article covers some tips on creating a strong, safe and reliable password.

TUESDAYSpam, Scams and Phishing emails  At the start of this academic year, we saw a significant increase in the number of ‘spear’ phishing attacks on College.  Both staff and students are generally very good at spotting a phishing message.  However, a good phishing attack can catch out the best of us.  This article advises on how to be alert to the possibility of scams and fraud online and in your inbox.

WEDNESDAYStay secure and protect your privacy online The Internet can be a dangerous place with viruses, malware and spyware lurking at every click! This article is a checklist of ways to keep your computing devices and your important personal information properly protected.

THURSDAYCloud computing & security  This article explains what you need to know about ‘the cloud’ and how to keep your personal information safe within ‘the cloud’.  You can read about cloud computing at TCD in our December 2013 enews, but the chances that you are already using some form of cloud computing yourself  are very high.

FRIDAY Phones & Tablets: Mobile Device Security 101  Smartphones and tablets are essentially mobile computers; they allow you to access the internet and email, download applications and games, store photos, videos and your personal information.  This article provides valuable information on protecting and securing your phone or tablet just as you would protect your laptop or computer.

We also set up a stand in the Arts Building to provide staff and students with the opportunity to speak directly to the College IT Security Officer.  Questions ranged from ‘what am I being made secure from?’ to ‘how secure is the College system?’

We hope that IT Security Week has raised awareness and provided some guidance to keeping you safe online.  The Helpdesk, IS Services website and Twitter, as well as the TCD IT Security website are invaluable resources that can be used throughout the year to assist with any questions you might have.

Important Software Update for iPhone, iPad & iPod Touch

Apple have made available an important Software Update for anyone using an iPhone, iPad or iPod Touch.  This update fixes a potentially serious security flaw in the iOS operating system.  To download and install the Software Update go into your Settings app and then choose General and Software Update.

McAfee Endpoint Protection 2.1 for Apple Mac OS 10.7 and later

We are writing with news for those staff and students using Macs on the College network that we are upgrading and adding to the McAfee anti-malware software.

As part of the College IT Security policy, this software is required for connection to the College network and operates using something called ePolicy Orchestrator which is now available for upgrade for Mac operating systems.

The advantage of this upgrade includes automatic security updates so that you don’t have to worry about manually updating your computer.  As well, IS Services will now be able to centrally manage changes so that if any changes to the software are required, we can apply them to all machines at the same time.

We are asking those running Mac OX 10.7 or higher to take a few moments to install this upgraded anti-malware package.  Advice and instructions on upgrading can be found here: http://isservices.tcd.ie/security/mcafee_security_mac_2.1.php

If you have any questions or need any assistance, then we are happy to help.  You can contact us by email (helpdesk@tcd.ie) or by calling us (01 896 2000).

 

IT Security | Phones and Tablets – Mobile Device Security 101

Smartphones and tablets are essentially mobile computers they allow you to access the Internet and email, download applications and games and store photos, videos and your personal information on them. Therefore it is important to realise that you need to protect and secure your phones & tablets just as you would your computer or laptop.

What should I do?

In order to protect your phone or tablet and the data stored on it you should have a look at the security features that are available on the device. All devices should have security settings though the exact options available will differ depending on manufacturer, model and software version.

Below is a guide to some of the general security settings that you should consider:

1) Set a Pin Code and automatic lock

Most smartphones and tablets have functionality to allow users to set a password or Personal Identification Number (PIN) on the phone that is then necessary to know in order to access the phone.  Similarly most devices can be configured to automatically lock if your phone has not been used for a set period of time 5mins etc.

Setting a PIN and an automatic lock are the simplest yet most effective security measures that you can utilise to minimise loss and disruption in the event that your phone or tablet is lost or stolen.

2) Take Care on Untrusted Networks

When connecting to the Internet using Wi-Fi on a mobile device always try to use an encrypted network that requires a password and which you are sure is operated by a reputable provider. Configure your settings so that that your device asks permission to join a new wireless network rather than joining automatically.

3) Keep Software Up-To-Date

Phone and tablet manufacturers regularly issue updates to the software on your phone, some of these updates may be fixing known security problems so you should make sure to regularly update the software on your devices.

4) Disable Bluetooth

Disable Bluetooth when it is not actively transmitting information and switch Bluetooth devices to hidden mode Bluetooth lets you wirelessly connect to devices and transfer information over short distances. It is best to leave your device in undiscoverable mode (hidden) so that it is only visible when you specifically need other people or devices to see it. This means that hackers cannot easily see your phone and attempt to connect to it

5) Use Encryption to Protect Confidential Data

Some phones or tablets allow you to encrypt your data, sometimes this functionality is built in and sometimes third-party software is available. It is always desirable to encrypt data on a mobile device as encryption secures your data if your device is lost or stolen.

Don’t forget College staff can also get their Laptops encrypted

6)  Investigate Remote Tracking Options & know what to do if your Device is Lost or Stolen

Utilise any remote tracking facility or remote data deletion option on the device if these are available. This type of service will give you piece of mind in the event that the device is lost/stolen

Make sure that you know how to report lost or stolen devices immediately. If you lose your device then it may be possible to remotely wipe personal data from it. For example, staff can make use of a feature through the staff Exchange email service to remotely wipe some devices. For more information please contact the IS Services Helpdesk.