Helpdesk

Page tree

University of Tartu IT wiki

Versions Compared

Old Version 5

changes.mady.by.user Joonas Masing

Saved on

compared with

New Version Current

changes.mady.by.user Joonas Masing

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this guide, you will find instructions about cybersecurity.

HTML Wrap
classbutton button1

(info) Eesti keeles

University cyber security starts with the behavior of every member of the university.
In these conflict-filled times, we all need to be prepared for various cyber scams and cyber attacks.
The main recommendations for cybersecurity are:

  • Do not open unknown links and attachments in e-mails and SMS messages. If in doubt, always ask for advice through Computer Support first.
  • Do not believe letters, messages or phone calls from unknown senders that threaten and demand urgent action. Be aware that in addition to the sender's e-mail address, the caller's phone number can also be faked these days.
  • Do not give an unknown caller or unknown person access to your computer. Never enter PIN codes for your digital signature unless you have initiated this activity yourself.
  • Always use different passwords in different environments and change those passwords as soon as there is any suspicion that it has become known or leaked. Always use two-factor authentication when possible to protect your account.
  • Make sure you are using reliable and up-to-date software on your computer and that all security updates are installed.
  • Report the cyber incident to Arvutiab as soon as possible.

You can find more detailed tips in the guides below

Guides

Expand
titleWhat to do in case of cybersecurity incident
Note
iconfalse

Eestikeelne juhis.Image Removed  Eestikeelse juhendi leiad siit: Küberturbejuhised.

Table of Contents

What to do in case of cybersecurity incident

A cybersecurity incident is an unwanted or unexpected information security event or events, which may harm the operations of the organisation or compromise data security. 

Report the incident as soon as possible, contacting the ITO in the following order: 

  1. IT helpdesk, +372 737 5500
; 
  2. Chief Information Security Officer Risto Rahu, +372 5305 5032
; 
  2. Head of Infrastructure Erkki Kukk, +372 521 3503
; During non-working hours, contact the ITO based on the cyber security emergency instruction (see below).


Expand
titleRules and
requirements 
requirements 

Keep informed of the rules governing the use of information systems and cybersecurity:

if necessary, consult IT Helpdesk or the chief information security officer. 

The State Information System Board has published recommendations for safer computer use see recommendations on the web portal https://www.itvaatlik.ee/


Expand
titleData security and data protection

Ensuring data security is important and primarily depends on you:

  • be aware of data you hold in connection with your duties and ensure the security of data
  • store university data only on university servers and information systems
  • if the data given to you to perform a task are no longer needed, delete them from your computer
Computer security 

In matters of data protection at the University of Tartu, consult Senior Specialist of Data Protection Terje Mäesalu: 


Expand
titleComputer security

To ensure the safety of using a work computer, follow the instructions:

  • when leaving your computer, lock the screen. (for Windows, hold down the Windows key and tap on the L key)
  • make sure that a security software (
Symantex Endpoint Protection
  • Windows Defender) is used and running on your work computer and the latest versions of web browsers have been installed, if necessary, ask for advice from IT helpdesk
  • use always only standard user rights when working on the computer. The use of privileged (administrator) rights must be short-term, for example only for making a software update. If necessary, ask for advice from IT helpdesk.
  • avoid using public (unencrypted) Wi-Fi connection in your laptop, or if it is necessary, use mobile broadband connection or a VPN connection
  • if you work in a place where other people can see what is on your computer screen, we recommend using a privacy filter on your screen
  • if possible, use data (disk) encryption on laptop and smart devices
  • never leave your laptop unattended or in an unlocked room outside the office
  • if the device is stolen, immediately inform IThelpdesk and change your password as soon as possible for security reasons
  • if you suspect that you may have run a program or opened a document containing malware (unusual error message, disturbing ads, etc.), contact IT Helpdesk immediately. 


Expand
titleWorking remotely from a personally owed device

Make sure that the personal computer is using secure and up-to-date software, update the software if necessary.

Recommendations:

make sure your personal device uses secure and up-to-date software, update the software if necessary
  • To better secure your own computer or smart device, see the recommendations of the National Information System Board
  • install software only from an official channel, such as the manufacturer's website or the operating system's application store,
  • use always only standard user rights also when working on your own computer. The use of privileged (administrator) rights must be short-term, for example only for making a software update. 
  • use web-based (cloud-based) software solutions offered by UT to process work-related information
  • do not keep work-related information on
a
  • your personal device
for
  • longer than is necessary for remote work


Expand
titleE-mail security

The main e-mail solution of the University of Tartu is the cloud-based Microsoft Online Exchange

and the related application Outlook

.
All university members can use the service online or through software installed on their computers.

Recommendations:

  • use only the university's e-mail address for research and teaching. Do not forward university e-mail to your private e-mail address.
  • when you send an e-mail, select the recipients carefully – check whether all recipients need to be involved (especially when you reply to an e-mail) and whether the recipients' e-mail addresses are correct
  • if you receive an e-mail from a person or company you do not know, use caution when opening attachments and web links in the message and if necessary, consult IT helpdesk. 
  • if you receive an e-mail which tells you to update your password, be careful and, if necessary, consult IT helpdesk. 
  • if you have opened a suspicious link, immediately contact IT helpdesk. 
  • to protect your account, enable 2-step verification (2FA) (check Activating two-
step


Expand
titleRecommendations for securing cloud-based video conferencing and video lectures

The

cloud-based service uses third-party hardware and software and service is provided to end users under a contract or partnership agreement. Many free

University of Tartu has acquired several software solutions for its members to conduct video lectures and video meetings, including Bigbluebutton, Panopto, Microsoft Teams and Zoom.
All university members can use these services through their university account.
Always prefer the video meeting solutions provided by the university. Please note that some free video conferencing services contain advertisements or transfer personal

information

data (for sale) to third parties

. Many video conferencing and video lecture solutions are still under development and often contain security flaws. Software is being developed, but older versions may contain dangerous security issues that have been exploited by malicious people. Counterfeit software packages based on a number of well-known software programs, which contain malware added by criminals in addition to the original software, have become widespread on the Internet

.

Security recommendations:

  • if
your scheduled
  • the planned video meeting
or video lecture contains
  • deals with sensitive information
that should
  • , the disclosure of which would cause significant
harm
  • damage to the
public, review the cloud-based service agreement or collaboration agreement and assess the potential risks, if in doubt, seek advice from IT helpdesk
  • university, assess possible risks and, if necessary, consult with computer support before organizing the meeting
  • when sharing sensitive information, be aware, that participants can easily record or take screenshots of the video meeting.
  • if possible, organize your video meetings and lectures in private mode.For example, allow access only to persons with a University of Tartu user ID and do not allow strangers to join your meeting or lecture
  • for example, restrict access to a meeting or lecture to persons with a University of Tartu username, do not allow strangers to join the meeting
  • do not distribute web links to your private meetings or lectures through social media channels, use only the university’s e-mail and internal web channels to disseminate such information
  • if the meeting is with a wider audience, check who can join the meeting and who has the right to present or share screen
  • find out how you can remove strangers or mistakenly connected parties from the meeting. If necessary, seek help from user manuals or call IT helpdesk
  • make sure you always use the latest version of the video conferencing software
  • install the software only from the official channel (through the manufacturer's website or through the operating system's application store), if in doubt about the authenticity of the software, contact IT helpdesk
  • if you have any information security problems or questions, contact IT helpdesk immediately
  • . document the incident as accurately as possible, the time of its occurrence and, if possible, take a screenshot of the program’s screen


Expand
titlePasswords
Passwords

The rules for creating a password are described here: Changing user password.

Recommendations:

  • it is safe to change your password at https://passwd.ut.ee
  • if you need to remember your password on your computer, use secure password management software. See also instructions on the Password Managers website
  • change your password regularly (at least once in two years) and change it immediately when you suspect your password has become known to someone else
  • You can check account leakage of your username on the website https://haveibeenpwned.com/


Expand
titleWorkplace/office security

If you see a suspicious person on the premises, find out who they are and where they want to go. If necessary, inform the UT security service of your suspicions at +372 737 5111. 

Data protection

In matters of data protection at the University of Tartu, consult Senior Specialist of Data Protection Terje Mäesalu: 


Expand
titleRaising awareness of cybersecurity

To raise cyber security awareness:


Expand
titleMore guides

Children Display



IT helpdesk telephone number 737 5500

(short number: 5500)