Information Security FAQs

I've received a suspicious message, what do I do?

The simple solution is to delete the message. However, if you are receiving spam from a university e-mail address (an address ending in "@gre.ac.uk" or "@greenwich.ac.uk") or if you have any other concerns, please notify IT Service Desk as soon as possible.

Our system is already stopping a large number of unsolicited e-mails or marking them as possible spam. IT Service Desk can add suspicious messages to the software as they are reported, so by letting them know about a suspicious message you are helping to improve the efficiency of the spam detection systems we use

I clicked on a suspicious link and now I'm worried.

Firstly, don't panic. Contact IT Service Desk as soon as possible. They will be able to check your computer and advise on any next steps needed.

I have shared sensitive information in error. What should I do?

Contact the recipient immediately to notify them and ask them to delete the information. Inform your line manager and contact IT Service Desk to report the incident.

I share a personal device with someone else, how do I keep University data safe?

If you use a personal device for work and share it with your family or other people, it's important to make sure that university data is only available to you when you log in. When sharing a personal device you need to make sure that you:

• Don't have shared or family logins for shared devices; create a separate login account for each person who uses the device.
• Keep personal devices up-to-date; all software, particularly antivirus software, should be updated as soon as new releases are available.
• Never share any of your passwords with others.

I'm working from home, what do I need to consider?

Working from home is a different experience than working in the office, and there are a few things to consider whether you're setting up a home office or working from the kitchen table:

• Be patient and keep your computer software up to date.
• Don't forget about paper records, keep them away from your family or others who share your home and lock them away when you don't need them.
• Share information with authorised people only on a "need to know" basis. Remove confidential information in e-mail messages particularly when forwarding, and make sure you only send information to those that really need to see it.

How and where should I expect IT related communications from the University?

All communications from the University's IT (Information and Library Services) will be via email and only from noreply-itservicedesk@greenwich.ac.uk

Other communications that may include highlights on IT related messages will only come via authorised Internal Communications channels.

Check twice, click once. If you have any doubts about a communication, check with the sender or IT Service Desk to confirm it is genuine before clicking on links or acting on requests.

How do I know if an email or call is from the IT Service Desk?

Check the email address properly against the University's IT Service Desk email address.

Please note that IT Service Desk will never:

• ask for your login details.
• call or email you to inform you of an issue with your device or your network account.
• contact you to fix an issue unless you've logged it with them previously.

The university will not introduce a new IT solution or process unless it has first been communicated by Information and Library Services, Internal Communications channels or your line manager.

Check twice, click once. If you have any doubts about a communication, check with the sender or IT Service Desk to confirm it is genuine before clicking on links or acting on requests.

Can I use a public Wi-Fi to carry out my University work?

Public WIFI must not be used to conduct sensitive university work.  You should not use public WIFI for your personal matters that are sensitive.

For more information, refer to the University's Policy on Mobile and Remote Working

Can I download work related documents from the University's Office 365 platform on my local machine i.e. laptop or home desktop?

The university has made its Office 365 platform available for both on-premise and remote working. Office 365 provides core applications like Teams, OneDrive for Business and Yammer that allow you to work on and share documents with others within the Office 365 platform without the need to download copies of such documents to your local machine.

For remote connections to the University's U or G drives, information should be   stored in the appropriate drives.

Can I store sensitive work-related information on USB sticks?

The university has made its Office 365 platform available for both on-premise and remote working. This means that university data is now available via Office 365 cloud storage, therefore use of USB sticks should be reconsidered and university governed cloud based storage should be used where possible.

If it is absolutely necessary to store data on USB sticks they may be used, providing the following:

• Sensitive information should only be stored on university approved USB sticks.
• Passwords to university provided encrypted USB sticks must be kept safe and stored separately from the USB stick.
• Once the requirement for using the USB stick is over, transfer the information into university governed storage (Office 365, U or G drive) and delete the information from the USB stick.

Do I need to backup work data on my device?

University governed storage, including Office 365, U and G drives, are backed up regularly.  Only use these platforms for work purposes to ensure data is backed up in the appropriate and secure storage areas.

For more information, refer to the Refer to the University's Data Classification Policy and Information Handling Procedures.

My device is lost or stolen.  What should I do?

Report the loss or theft to the police as soon as possible. If the device was provided to you by the university, also report it to the IT Service Desk and your line manager.

If it is a personal device, remotely wipe data off the device if the functionally was enabled prior to the incident.

My device is faulty and needs to be disposed of, what should I do?

For university issued devices:

• Inform your line manager and contact IT Service Desk to arrange the removal of any licensed software and associated license files from the machine.
• Remove the item(s) from your departmental IT asset register.
• Delete all personal and business data from the device, using standard operating system functionality.
• Request disposal of the device via the Facilities Helpdesk.
• Do not donate or pass on the device to other users including selling it

For further information, refer to the Policy on Disposal of IT Devices.

For personal devices

• Work related information should not be stored on personal devices.  However, check to ensure this is the case and delete any information stored.
• Reformat the device to ensure information has been wiped from the device before passing it on to others.

How do I ensure I am using a secure device?

Use legitimate and up-to-date software
You should enable Automatic Update on your device to ensure the operating system, anti-virus, web browsers, and other third-party software like Microsoft Office and Adobe Acrobat are all up to date.   Check for updates frequently.

Protect Login
You should ensure your device has a login password that is strong and keep it secret

Use Anti-virus
You should ensure an anti-virus software that is up-to-date is enabled on your device

Internet Activities

• Only use secure Wi-Fi
• Change the default passphrase to your home network (Wi-Fi)
• Be mindful of the websites you and family members access
• Avoid websites that offer freebies including free software and game downloads.
• Use web security and filtering software to protect your device from websites that are malicious
• Limit the use of university issued devices for personal purposes
• Avoid activities that could cause your device to be compromised

Maintain manufacturer security settings
You should not jailbreak your device by bypassing the manufacturer's security settings