Information security for staff

Tips and advice for personnel on information security.

Thefollowingadviceareintended (butnotlimited) for theuniversity'spersonnel.

If possible, use only the university’s devices while working.
Ensure the protection of your home computer by using a firewall, anti-malware software, backups, and regular software updates. Otherwise, malware can spread to other devices within your home network.
Your username is personal, and you are responsible for protecting it. Remember, no legitimate entity will ever ask you to disclose your password – only you should know the password associated with your username.
Choose a password that is at least 20 characters long (a passphrase is easier to remember than a random string of characters). Do not use the same password for any external service as you do for university services.
Email is one of our most frequently used tools. It is also the most commonly used tool by cybercriminals to carry out various attacks, and therefore you should:
- Carefully check the sender's email address.
- Do not open the email, or at least not any links or attachments, if the message seems even slightly suspicious. Remember, malicious messages can look very convincing. The sender may appear to be someone from your contact list, even if the email address is different. The message might also be specifically targeted at you.
- Email messages typically travel across the internet unencrypted. Be aware that messages could be intercepted by outsiders.
- No legitimate entity will ask for sensitive information such as your credit card details or password via email. Such requests are always phishing attempts.
- Always verify the true destination of a link before clicking on it. Be particularly cautious with links received in email messages. Learn to distinguish legitimate web addresses from those used by scammers.
Mobile devices should be protected just like computers, but since they are constantly with you, special care must be taken to physically protect them from theft, damage, or loss.
The university's executive management has outlined the use of cloud services and directs the handling of university information to services that are under the university's own control. When using services even under university contracts, it is important to consider the guidelines of the table of processing confidential information.
Carefully reading the terms of service helps you understand what rights the service provider has to your data. Ensure that the service respects your privacy and does not use or share the information you provide or the files you upload with third parties. Consider what university or personal information you share on online services (e.g., Facebook, image-sharing services).
Malware spreads efficiently through internet services and social media. Beware of pop-ups, advertisements, and invitations.
Do not use a USB drive as the primary or sole storage location for files. If you store sensitive material on USB drives, use an encrypted USB drive.
If you print on a shared printer, collect your printouts immediately after printing.
If you suspect a security breach or system misuse, follow the instructions in "Report a information security breach or incident" For other cybersecurity questions, make a service request in the HelpJYU portal. In urgent cases, contact the Chief Information Security Officer at 040 805 3837.
When your employment ends, arrange with your supervisor to transfer any necessary work materials to the university.

SeealsotheStaff Information Security Guidelines on Uno StaffPortal, whereyoucanfindmoreinformation!

Information security and privacy in remote work

Remote work refers to any work conducted outside the locations specified in the employment contract with the University of Jyväskylä. Remote work can be done for justified reasons, provided the nature of the work allows it. Remote workers are subject to the same security obligations as employees working on the employer's premises, but they must also consider the specific security risks associated with the remote work environment, such as handling protected or confidential information.

Only take confidential paper documents to remote work in absolutely necessary situations.
If you have to take confidential paperwork to work remotely, store it in a locked room or cupboard or other locked place.
Never leave confidential paperwork in the sight of or accessible to others.

use university equipment wherever possible
lock your workstation whenever you stop working on it
do not give access to University equipment to others, even family members
work with your home computer as instructed
when working remotely outside your home, keep your laptop and other equipment with you and in your possession at all times
never give out your passwords to anyone - you do not even have to give your password to the administrator
use the University's VPN connection to connect to University services. However, you do not need to use a VPN connection with video services or browser services that use https. The connections are secure and using the VPN service with these services will unnecessarily overload the service. NOTE! Also, do not use the University's VPN connection for personal purposes (e.g. Facebook, Youtube).

Report any incidents or anomalies that compromise information security or privacy according to the "Report a information security breach or incident" guidelines. In urgent situations, call the Chief Information Security Officer on 040 805 3837.

Information security for staff

Information security and privacy in remote work

See also