Information security update for staff

We face growing threats from information security breaches and cyber-attack. The University has introduced a more robust approach to securing information and protecting data to mitigate the risks from malicious attack or accidental loss.

All of us who work with University information are reminded to secure it appropriately, undertake training and familiarise ourselves with relevant policies and supporting materials in order to maintain our ongoing responsibility for information security and data protection compliance in our work.

The aim is to avoid the kind of breaches which have had a serious impact on several universities and their staff.

Information security measures

The University has a responsibility to ensure information is secure. We all have a vital role to play in upholding this responsibility by protecting information that we manage or use in pursuit of any aspect of University business. This encompasses a wide range of activities and data including processing staff and student data, collecting and using research data, financial information and confidential information such as contracts.

The University has recently updated the Electronic Information Systems Security and Acceptable Use Policies and also introduced a Protocol for Investigation of Computer Use and Monitoring Guidelines to reflect our existing practice. Please take time to familiarise yourself with them and adhere to their provisions.

You also need to ensure that wherever practicable, appropriate technical measures such as encryption are in place to safeguard any sensitive information you manage in order to minimise the risk and impact of data loss, theft or unauthorised disclosure. The information classification framework helps identify those categories of sensitive information that pose the greatest risk should they be accessed without authority or accidentally lost (and thus will require additional protective measures).

From now on security management software will be automatically installed upon new University owned computers and devices, which enable them to be blocked (and sensitive data wiped) if lost or stolen. This also ensures the latest security updates are deployed. Upon request, Computing Services can also install these measures retrospectively on your devices and can advise about other security measures such as encryption. Please contact Computing Services if you have any queries about securing your device.

Information security training

The online training module, especially written for universities, is available in Moodle. There is also an optional additional short module focused upon research data.

Guidance

The University’s data protection web pages provide further advice for example on accessing data via mobile devices safely and securely.

Please note that University information security covers data, emails and all other electronic or printed information relating to work for the University, however accessed, and therefore applies to personal PCs and mobile devices if staff use them in connection with their work.

If you have a query which is not answered by the information classification framework guidance or data protection web pages, please contact the Office of the University Secretary.

Bookmark with:

What is this?