The impact of either our or the University of Derby’s sensitive information being compromised can be serious and we all have a role to play in helping secure it. There are a wealth of ways in which malicious actors can exploit flaws in technology systems, human behaviour, and business processes to steal sensitive data. Give yourself an immediate cybersecurity boost with these tips.
- Control access to your (and your team’s) confidential information. Make sure all of you and your team’s file directories (on your desktop and using Office365) are open only to colleagues with the proper access privileges for that information. Contact the IT Service Centre if you’re unsure who has access to your data.
- Apply password protection to your confidential documents. Apply password protection to your confidential documents. More information about creating strong passwords can be found here: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360007620359-How-to-keep-your-online-accounts-secure.
- Only share confidential information with authorized parties (internal and external to the University). Check the ‘to’ field when sending emails to ensure you’re emailing the correct person and that the person is authorized to receive the data you’re sending.
- Avoid sharing confidential information on third-party file storage services. IT Services provide 1TB of cloud-based storage using OneDrive which should be used for collaboration, sharing, and working. More information about OneDrive can be found here: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360004972580-Microsoft-OneDrive.
- Use encrypted devices if physical storage is required. Use a device with either software or hardware-based encryption to protect your data in the event of loss/theft.
- Keep your devices locked when you walk away from them. Lock your computers, laptops, tablets, and phones when you’re not using them to protect them from unauthorised access to your device and sensitive information.
- Watch out for phishing attacks. Be vigilant for poor spelling and grammar, impersonal greetings, requests for personal information, mismatched URLs, unusual 'from' addresses and unrealistic threats in your emails to prevent your sensitive information from being compromised. More information about phishing emails can be found here: https://itservicecentre.derby.ac.uk/hc/en-us/articles/360002420439-How-to-spot-a-phishing-email