Last week IT services held daily events to raise awareness about Information Security. These included ‘pop-up’ events giving general information and advice to staff and students, plus a well-attended lunchtime forum on web application security for researchers, web developers and IT staff, writes Drew McConnell, Information Officer, IT Services. 

Popup events

During the Information security week ‘pop-up’ events were held at various locations (1A, Fraser Building, Tay House & Garscube campus). These events were intended to heighten general awareness of, and to give advice on Information Security both on and off campus.

IT Information Week

Lunchtime forum

A well-attended lunchtime forum session was held in the Senate room, covering the area of Web Application Security. 

Live demos and security techinques were demonstrated for the audience which included researchers, web developers and IT staff. 

Topics covered

  • How "SQL Injection" attacks work, and how to defend against them.
  • Recovering from an incident
  • Use of vulnerability testing tools

If you would like to find out more about web application security or are just looking for general advice then please contact: Steven.McIntosh@glasgow.ac.uk

What can you do?

We hope that you will take some time to consider your own information security:

Passwords
  • Always create a strong password
  • Don’t use your GUID password for other sites
  • Never give anyone your password
  • Never respond to an email asking you to enter your password, even if it appears to come from some part of the University.
  • The University will NEVER ask you for your password in an email.

Wi-fi

  • The first time you use campus Wi-Fi, visit Eduroam to use the recommended set up tool which provides the best security.

Smartphones & Tablets

  • Use a PIN.
  • Set a timeout to lock the device.
  • Treat a tablet like your laptop.

Laptops & Desktops

  • Keep your system and software up to date.
  • Use up to date antivirus software.
  • Use a firewall.

Social Media

  • Think carefully about what you post – it may be more public than you realise.
  • Posts may stay on the Internet forever.
  • People wanting to connect with you, may not be who they claim.
  • Be cautious of following links regardless of source.

Web Browsing

  • Keep your browser updated.
  • Don’t click on suspicious links.
  • Be careful about what you download.

Memory sticks

  • Confidential data should not be stored on a memory stick unless it is necessary to do so
  • Where this is done, the confidential data must be encrypted.
  • If a memory stick is found by chance, don’t plug it into a computer.

Copyright & P2P

  • Don’t download or share copyrighted material.
  • Don’t use peer-to-peer file sharing software

Backup

  • Make backup copies of your work.
  • Keep them in different, safe locations.
  • Update them regularly.

Email

It is inevitable that most people will receive fraudulent emails from time to time, so please be vigilant. With some simple steps you can make sure your data, your devices and your personal details are secure and protected.

  • Treat all unsolicited email with suspicion, regardless of who the sender appears to be.
  • Don’t follow links or open attachments you’re not expecting.
  • Never reply to or follow a link in an email asking for your password.
  • When visiting a web site that requires a password, always carefully type the URL address by hand, or better still, use a known good bookmark.

For further advice about information security please visit Information Security 

First published: 15 March 2016

<< March