Protecting your Data
Protecting your data is an important IT security measure which helps you to avoid identity theft and to protect privacy. There is number of ways that your data can be at risk such as Theft e.g. Phishing email, Loss e.g. lost USB key, Insecure practices e.g. no or weak password.
The improper disclosure of sensitive data can also cause harm and embarrassment to students, staff and potentially harm the reputation of UCD. Therefore, it is to everyone's advantage to ensure that sensitive data is protected.
Passwords are the most common way we identify ourselves to systems and services, and though we can often think of them as a nuisance, selecting and protecting them effectively is the single most important choice we make in making our systems and data secure. These days, the ability to "brute force" (i.e. computer based guessing) is among the most common ways poorly selected passwords are compromised.
At UCD we advise that a strong password is at least 8 characters long and contains a mixture of the following
- An uppercase letter
- A lowercase letter
- A number
- A non-alphanumeric character (! % ; : @ £ * &)
Selecting a password that meets the above criteria can be hard, but the method below gives a way to produce a password based on a phrase so that it is both memorable, and difficult to guess. Take a phrase you find easy to remember, for instance:
I get the train and bus to Co. Dublin
Turn the phrase into an acronym by selecting the first letter from each word, keeping punctuation and capitalisation:
Add symbols in a sensible way:
For added complexity replace letters with numbers. E.g. 7 for T.
You can secure your password by avoiding the following:
- Using “password keeper” tools in browsers
- Sending your password out by email
- Using complete words as passwords e.g ‘Liverpool’
Weak password such as test or 12345, those that are "guessable" such as Liverpool or passwords found using brute force guessing methods leave YOU and YOUR data vulnerable to being compromised
So now that you know the How and Why to choose a strong password you can now change your UCD password by using Selfpass
UCD IT Services will never ever ask for your username and password via email and you can confirm any communications from us with the IT Helpdesk at 2700
'Backing-up' means creating extra copies of important files and storing them in a separate location to your normal working area.
Tip! Make a copy of the original work and then edit the copy. Common files to back-up include:
- Documents created which you regard as important
- E-mail folders, contacts, and distribution lists
- Personalised Microsoft office Templates and dictionaries
- Your Favourites folders
It is always important to consider how you can then access files in your back-up area.
The following guidelines are important for creating and recovering back-ups:
Check the UCD Data Classification guidelines for suitable locations to back up your data.
Check that all computers in which the file will be stored have compatible drives.
Be careful as some forms of media are unreliable and need to be stored safely so that they do not become unusable.
Make multiple backups to avoid losing the information and remember to label them.
Importantly test the back-ups by trying to open them again.
- USB Keys (Caution: Where you keep them & Consider encrypting USB Keys.)
- CD Backups (Caution: Assume the CD's will only last for 2-3 years.)
WinZip is a program that can compress and reduce the size of a file. Because it has encryption built in, it can also be used to secure sensitive material sent by email.
To use WinZip follow the steps below.
Right Click on the file, select add to Zip file.
Specify desired name and location of the zip file.
Tick the encrypt files box and select the arrow button.
Select the 256-bit AES button and select OK.
Create a password and select OK.
A conformation of compression window will display, select OK.
If you think your UCD account is compromised there are a number of steps that need to be taken to reduce its impact.
- Change your password using Selfpass and contact the IT Helpdesk at 716 2700 informing them that your account may have been compromised.
- When you have changed your password check the status of your accounts. i.e. Google mail( see Google mail checks), Google drive and Novell drives.
- Check that all email and configuration details are not changed
- Check that your files are there and that additional files/ software are not added
- Scan your machines using Sophos Antivirus for virus and malware
Note: You may need to check and change password details to other accounts you have e.g. Online Bank account, Pay pal etc.
Google mail checks
Step 1 Check inbox and sent folders
Check the inbox and sent folders for any unusual or deleted emails
Step 2 Make sure your email is not getting forwarded or shared
Open the Gmail account
Click the gear in the top right
Select the Forwarding and POP/IMAP tab
Check “Forwarding “ section for forwarding email address
Click the first drop-down menu after “Forward a copy of incoming mail to” and check for any addresses listed as “(in use by a filter).” If unknown email listed make a note of it. To disable the filter, choose the Remove option
Step 3 Check/Remove delegated (sharing) access to your account
Check to see if access has been granted to somebody to the account, follow these instructions:
Click the gear in the top right
Click the Accounts tab
In the "Grant access to your account" section, click delete on any account you do not recognise to remove
Step 4 Check email signature details
Click the gear in the top right
Click the General tab
In the “Signature” section, check that signature has not been changed or added
Step 5 Check Last account activity
Click on the “Details” link at the very bottom of the page to find the most recent IP addresses your mail was accessed from, and their associated locations
If associated locations are not locations that you accessed your account make a note of them
Make sure the “Alert preference” in the activity box is set to “Show an alert for unusual activity”
Step 6 Check Google Drive
Check google drive for any recently uploaded files
Check folders or files that may have been shared with third parties
Spam is unsolicited email that tries to sell you a product or service, such as the “latest and greatest” diet pill or some form of “cutting edge, high-quality” software. Spammers send thousands/millions of email addresses at once with the hopes that at least a few people will respond.
Phishing email, on the other hand, is a specific type of spam that tries to trick you into giving your personal information, like your Login ID and Password or credit card number. Rather than try to get you to buy something, phishing messages usually have a threatening tone in an attempt to fool you into thinking something bad will happen if you don’t respond. i.e. Your account will not work etc.
Information on what spam is and how to prevent it
Check who it’s from
Spam will almost always come from an unrecognized sender, often with odd email addresses. That doesn’t mean that all spam comes from unrecognized email address, they may appear to come from someone in College as email addresses can be forged easily.
Beware that they may copy content such as logos and images used on legitimate websites to make the email look genuine.
Look for links
They may contain hyperlinks that will redirect you to a fraudulent website instead of the genuine links that are displayed. If you see a link in a suspicious email message, don’t click on it. The entire purpose of spam is to get you to click a link. Rest your mouse (but don’t click) on the link to see if the address matches the link typed in the message.
Check the language in the message
They may use language like ‘important notice’, ‘urgent update’ , ‘alert’ , ‘violation’, or ‘ winner’ with a deceptive subject line to persuade you that the email has come from a trusted source. They may contain messages that use threatening language, stating that your account will be disabled if you do not act. Any message that asks for your username, password, is never real (all legitimate websites have automated password reset programs).
Check the spelling
Spam often contains misspellings and oddly-worded sentences. This can include bizarre capitalization and weird punctuation.
Look for attachments
Malware and viruses are often disguised as email attachments. Never download an attachment from a sender that you do not trust or were not expecting.
Don't give out your email address online
“Robots” (scripts created to scrape websites for addresses) can quickly gather thousands of emails at a time from websites where the email addresses are made public.
Use disposable email addresses to identify and shake off sources of spam
Have one main account, and then make a separate account for different purposes (one for friends, one for entertainment sites, one for your financial websites, etc.).
In gmail, you can add a "+" button to your email address. For example, you can signup for newsletters like JohnDoe+Newsletters@gmail.com if your email address is JohnDoe@gmail.com
Set all those addresses to forward the mail to your main account so that you do not have to check multiple accounts.
If you start receiving spam through one of your alternates, you can trace it to one of your disposable addresses and simply delete that account.
Never respond to Spam or Phishing
Replying or clicking the “Unsubscribe” link will only generate more spam, because they now know that the email address is valid. It is best to report and delete the spam using the steps in the section below.
Blocking and Reporting Spam or Phishing
Block and report spam in Gmail
Most spam is automatically detected and placed in your Spam folder, where it will be deleted after 30 days. If you receive a message in your inbox that you believe is spam do the following
• Check the box next to it and click the “Report Spam” button in the top.
If you do this accidentally, you can click the Undo link at the top of the page to recover it.
If there is a message in your Spam folder that is a legitimate email, check it and click the “Not spam” button. Ensure that it is truly a legitimate email before doing this.
Block spam in Outlook
Outlook comes installed with a Junk Filter which is set to Low protection. This will catch most obvious spam and direct it to the Junk folder. You can increase the strength of the filter by doing the following
- Click the Home tab and then click Junk.
- Select “Junk E-mail Options”.
- Click the Options tab and set the filter to the strength you want.
Each level of filter strength is explained. Setting it to High may move legitimate emails to your Junk folder, so be sure to check it periodically.
What do I do if I think I have responded to a phishing email in UCD?
If you have replied to a Spam/phishing message or clicked on any links within the email body and entered your UCD username and password please immediately change your password and report this to the IT Helpdesk (+353 01 716 2700) or email email@example.com
UCD IT Services will never ever ask for your username and password via email and you can confirm any communications from us with the IT Helpdesk.
You can remove all data on your Mac by restoring it to factory settings, you can then reinstall the OS X using the built-in recovery disk. Before you erase, back up your essential files. If you’re installing on a portable computer, make sure your power adapter is plugged in.
Important: To reinstall OS X, you must be connected to the Internet.
In the menu bar, choose Apple menu > Restart. Once your Mac restarts (and the gray screen appears), hold down the Command and R keys.
Select Disk Utility, then click Continue.
Select your startup disk on the left, then click the Erase tab.
Choose Mac OS Extended (Journaled) from the Format menu, enter a name, then click Erase.
Important: Erasing the disk removes all the information from the disk. Be sure to back up the information you want to keep to an external device.
After the disk is erased, choose Disk Utility > Quit Disk Utility.
Select Reinstall OS X, click Continue, then follow the onscreen instructions.