2. Protection against viruses, malware, misuse and theft
Protection against data theft or loss, identity theft and fraud
Protecting reputations and defending against cyber criminals
Follow College’s rules and regulations

3. Protect computers and devices
Virus and malware protection
Symantec Endpoint Protection and Malwarebytes is installed on all College machines.
Staff and students can install Symantec Endpoint Protection free of charge on personal computers and devices. Malwarebytes is also available. For more information and to download, visit ICT’s Software Shop. ICT home page > Shop
Antivirus and anti-malware software is only as good as its last update.
Be careful when opening attachments or clicking within s as these often contain malware. More about spotting scam s later…
Visit the Be Secure website: Protecting against computer viruses and malware
Protect computers and devices

4. Protect computers and devices
Protect mobile devices
Laptops, smartphones and tablets are mobile computers and so, are exposed to the same virus and malware risks as desktop computers. And, they’re an attractive target for thieves.
If you are a member of staff using your personal device for College business, you are fully responsible for ensuring the security of that information in line with College's Information Systems Security Policies.
If you fail to protect devices connecting to the internet/ , you could give unauthorised access to College and personal information.
Basic steps you can take to protect mobiles, laptops and/or tablets:
Use a pin/passcode to restrict access
Only install phone apps from trusted app stores (e.g. Google Play, Windows Store & App Store) Store)
Always keep your belongings safe. Lock screens when not in use and store securely.
Don’t back up data to a mobile device
All IT hardware should be purchased via our Shop to ensure it meets the required security standards. Visit Hardware shop
Visit the Be Secure website: Protect mobile devices
Protect computers and devices

5. Protect information Passwords secure and long
Your College account is set up to give you the right level of access to information, systems and facilities such as websites, online library services, , printing and many other services.
Every member of College is required to change their password at least once a year. Staff have elevated access to College's information and systems, and so need to update passwords every 90 days.
You’ll be notified by (sent by the IT Security Officer, it-security- when your password is due to expire.
It’s easy to change your password, to find out how visit ICT’s website: Changing your password
To keep your password secure and strong:
Do not share your password with anyone, not even a member of staff. ICT will never ask anyone to reveal a password and neither should any other Imperial College London staff member
Make your password more than eight characters
Use letters, numbers and symbols
Always lock or log out of personal and College machines when not in use
For more tips, visit the Be Secure website: Secure and strong passwords
Protect information

6. Protect information Keeping data safe: Storage
Removable media - the risks:
Very easy to steal or lose
Can pick up or contain viruses and malware that could wipe data stored on them and infect any machine they’re plugged in to.
Consumer cloud storage (Dropbox, Google Drive) – the risks:
Many do not encrypt (protect) data adequately so data could be accessed, shared or lost. There have been a number of high profile cases of personal data infringements reported in the press.
Use College’s recommended backed-up central file storage and sharing options, your personal H Drive space, group space or One Drive for Business (available with free 365 software).
Visit the Be Secure website:
Store sensitive information securely
Share sensitive information securely
Protect information

7. Protect information Keeping data secure: Encryption
To keep personal or sensitive data safe from unauthorised access or misuse, use a process called Encryption.
Encrypting data is the best way to make information unreadable, meaning it can only be read using a digital key to unlock it, called decryption.
You should encrypt all sensitive data before storing or sharing.
It’s possible to encrypt documents, USB drives, laptops, mobile phones and s.
Find out how at the Be Secure website: Encrypt sensitive information
Protect information

8. Protect information Stay secure when working remotely
Ways to access College's network, directories, files and systems and services when working away from campuses - find out more at ICT’s website: Ways to get remote access.
Take care when using personal devices - use passwords and security settings, such as encryption and remote wiping, to reduce the potential impact of data theft or loss.
Use equipment you can trust - using any computer with out of date virus protection, or none at all, will leave you open to threats.
Find more information on the Be Secure website: Protect mobile devices
Protect information

9. Protect information Avoid scams and malware If in doubt, do not click
A simple rule is: do not open attachments or click on any links that you're not sure about. Use your cursor to hover over the link and check the address it will take you too. Be wary of following any link that takes you to a login screen. If in doubt, don’t click.
Check s carefully
Copy-cat s, made to look like those from banks or even Imperial College, are getting increasingly sophisticated. Does the look genuine? Are there inconsistencies or mistakes? Is there a named sender you recognise? If in doubt, don’t click.
As a general rule, no reputable organisation should ever ask you to share personal information by . ICT will never ask anyone to reveal private information by and neither should any other College member
Report anything suspicious
If it looks suspicious, even if you know the source, do not open or click on any links. Report it to the ICT Security team via the ICT Service Desk.
Protect information

10. Protect information Information Security Awareness Training
All new and existing staff can and should undertake new Information Security Awareness training, available online.
The course covers a range of subjects, from physical security to accessing and sharing information securely.
To access the course, follow the steps at: Information Security Awareness training
Protect information

11. Protect yourself online
Representation online
Be careful not to misrepresent College. When communicating online, follow College Policies and Code of Practice.
Being threatened or abused online or anywhere else is never acceptable. If you become a victim of bullying or harassment report it to the ICT Security team
If you are experiencing problems or have a sensitive query relating to IT security, contact the ICT Security team directly who are happy to help you put a stop to it.
In person - Level 4, Sherfield Building, South Kensington Campus. -
Telephone - +44(0)
Visit Information System Security Policies. COP 16 - Use of Collaborative Internet Environments
Protect yourself online

12. Protect yourself online
Social networking
Many people leave themselves open to malicious attacks, reputational damage or personal embarrassment because they do not understand the risks of sharing information online.
Make sure you know exactly what you are sharing and who you are sharing it with.
Take time to understand and set up security settings. Most social networks allow you to control who sees what. Read an overview of Facebook's security settings by Sophos.
Do not upload images or text to social media that you would not be happy for the world to see. Be aware that networks like Facebook, Twitter, Tumblr and Instagram are public spaces.
Organisations and businesses often check personal social media spaces for reference – what you post will reflect their assessment of you
Always logout after use and keep your passwords secret. If you do not, your account could be hacked.
Protect yourself online

13. Information Systems Security Policies
The Data Protection Act and related laws, in addition to College’s Systems Security Policies, codes of practice and guidelines, govern and guide management of data and use of IT facilities and networks. These policies are overseen by Central Secretariat
Failure to comply can result in loss of access to services or systems and personal or institutional data loss, resulting in fines, expulsion or disciplinary action and even criminal proceedings.
All staff must follow Information Systems Security policies, including Conditions of Use of IT Facilities:
Do not access or transmit pornographic or indecent material.
Do not attempt to access computer systems or applications that you are not authorised to use (known as hacking) or attempt to use other people's accounts.
Respect the copyright of others and do not infringe this through the illegal downloading or use of software, music, video etc.
Do not send s or participate in forums etc. that harass or defame others.
Do not make commitments on behalf of the College that you are not authorised to make.
Be careful not to misrepresent the College on blog, wikis etc.
Use social networking sites with care. They are no different from any other form of publication and you could be legally accountable for any content.
Read the full IT use policy here: Information Systems Security.
Information Systems Security Policies

14. Information Security Behaviours

15. If you have IT security questions or concerns, contact the ICT Security team via the ICT Service Desk.
Contact:
ICT Service Desk
Online: ASK ICT
By phone: +44 (0)
9000 or 49000
Via
In person: 4th Floor, Sherfield Building, South Kensington Campus
It’s everyone’s responsibility to be secure.
Visit