Siit juhendist leiad informatsiooni ja näpunäiteid andmete kaitsmise kohta.
HTML Wrap | ||
---|---|---|
| ||
Warning |
---|
Note |
Isikuandmete turvanõuete rikkumise korralkorral helista viivitamatultviivitamata arvutiabisse telefonil +372737 5500 või andmekaitse peaspetsialistile . |
Note |
---|
Kui Sul on mõni teema või küsimus, mis siia lehele sobib, saada see arvutiabile. |
Table of Contents | ||
---|---|---|
|
Korduma kippuvad küsimused andmekaitse kohta
telefonil 737 5119. |
Juhised
Expand | ||
---|---|---|
| ||
|
|
| ||
|
|
|
|
|
|
|
Expand | |
---|---|
|
| ||
Ole kursis |
isikuandmete töötlemist kirjeldavate juhistega:
Ülikooli asjaajamiseeskirjas on olulised punktid rikkumise kohta:
|
Expand | |
---|---|
|
| ||
|
|
Expand |
---|
| ||
|
|
|
Kaugtöö isiklikust arvutist või nutiseadmest
Veendu, et isiklik arvuti kasutab turvalist ja ajakohast tarkvara. Vajadusel uuenda tarkvara. Vt ka punktis 4 toodud soovitusi!
- Oma nutiseadme paremaks turvamiseks vaata Riigi Infosüsteemi Ameti soovitusi
Kasuta tööalase info töötlemiseks eelkõige TÜ poolt pakutavaid veebipõhiseid (pilvepõhiseid) tarkvaralahendusi.
Ära hoia tööalast infot isiklikus seadmes kauem, kui on vajalik kaugtöö tegemiseks.
Expand | ||
---|---|---|
| ||
|
|
Pilvepõhise videokoosoleku ja videoloengu turvalisuse tagamise soovitused
- Ole teadlik, et pilvepõhise teenuse puhul kasutatakse kolmanda isiku riist- ja tarkvara ning teenust pakutakse lepingu või koostöökokkuleppe alusel.
- Paljud tasuta teenused sisaldavad reklaame või nende osutamise käigus edastatakse isikuandmeid müügiks kolmandatele isikutele.
- Paljud videokoosolekute ja -loengute lahendused on pidevas arenduses ning neis leitakse tihti turvavigu. Tarkvara uuendatakse enamasti pidevalt, kuid vanemad versioonid võivad sisaldada ohtlikke turvaprobleeme, mida pahalased on ka kurjasti ära kasutanud.
- Internetis on hakanud levima mitme tuntud tarkvara põhjal loodud võltsitud tarkvarapaketid, mis sisaldavad lisaks algsele tarkvarale kurjategijate lisatud pahavara.
Turvalisuse tagamise soovitused
- Kui Sinu plaanitav videokoosolek või -loeng sisaldab tundlikku infot, mille avalikuks tulek tekitab märkimisväärset kahju, vaata pilvepõhise teenuse leping või koostöökokkulepe üle ja hinda võimalikke riske. Kui kahtled, küsi nõu arvutiabist!
- Võimaluse korral pea oma videokoosolekuid ja -loenguid privaatsena. Näiteks saad lubada juurdepääsu vaid isikutele, kellel on Tartu Ülikooli kasutajatunnus. Ära luba võõrastel koosolekuga liituda.
- Ära jaga veebilinke oma privaatsetele koosolekutele või loengutele sotsiaalmeedia kanalite kaudu. Kasuta sellise info levitamiseks vaid ülikooli e-posti ja sisemisi veebikanaleid.
- Kui koosolek toimub laiemas osalejate ringis, kontrolli, kes saavad koosolekuga liituda ning kellel on õigus ekraanipilti jagada. Uuri, kuidas saab koosolekult eemaldada võõraid või ka ekslikult ühendunud isikuid. Vajaduse korral loe juhendeid või küsi nõu arvutiabist.
- Veendu, et kasutad alati videokoosoleku tarkvara kõige uuemat versiooni.
- Paigalda tarkvara ainult ametlikust kanalist (tootja veebilehe või operatsioonisüsteemi rakenduste poe kaudu). Kui kahtled tarkvara ehtsuses, võta ühendust arvutiabiga.
- Kõigi infoturbeprobleemide ja -küsimuste tekkimisel võta kohe ühendust arvutiabiga. Dokumenteeri võimalikult täpselt intsidendi sisu ja selle toimumise aeg ning võimaluse korral tee koosolekul juhtunust ekraanipilt (kuvatõmmis).
Parooli valimine
- Parooli loomise reegleid on kirjeldatud arvutiabi paroolide vahetamise infolehel.
- Muuda parooli korrapäraselt (vähemalt korra kahe aasta jooksul) ja vaheta see kohe välja, kui on tekkinud kahtlus, et see on kõrvalistele isikutele teatavaks saanud.
- Parooli saab turvaliselt muuta iseteeninduskeskkonnas https://passwd.ut.ee.
Expand | ||
---|---|---|
| ||
|
Expand |
---|
Andmekaitse korraldus
Tartu Ülikoolis saab andmekaitse teemal abil andmekaitse peaspetsialistilt Terje Mäesalult:
- telefon +372 737 5119
- e-post terje.maesalu@ut.ee
Küberturbealase teadlikkuse arendamine
- Huvitavad materjalid: https://itvaatlik.ee/.
- Vt veebiloeng Küberturvalisus – kuidas kaitsta ennast levinud ohtude vastu?, Alo Peetsi loeng Teams Event Live vahendusel, 2020-04-21
Frequently asked questions of data protection
Data protection
In matters of data protection at the University of Tartu, consult Senior Specialist of Data Protection Terje Mäesalu:
- phone: +372 737 5119
- e-mail: terje.maesalu@ut.ee
What is personal data breach?
Personal data breach means unlawful or accidental destruction, inaccessibility or unauthorized access and disclosure of data (GDPR art 4 (12)). This is a breach of security requirements, where the cause may be both an accidental mistake of the employee or an external threat (hackers or cybercrime).
Rules and requirements
- Keep informed of the rules governing the use of information systems and cybersecurity.
- See https://siseveeb.ut.ee/et/tugitegevused/dokumendid-ja-juhendid-4 If necessary, consult IT Helpdesk or the chief information security officer.
Data security
- Be aware of data you hold in connection with your duties and ensure the security of data. If the data given to you to perform a task are no longer needed, delete them from your computer.
Computer security
When you leave your computer, lock the screen. For Windows PC, hold down the Windows key and tap on the L key.
Make sure that a security software (Symantex Endpoint Protection) is used and running on your work computer and the latest versions of web browsers have been installed. If necessary, ask for advice from IT Helpdesk.
Avoid using public (unencrypted) Wi-Fi connection in your laptop, or if it is necessary, use a VPN connection.
If you work in a place where other people can see what is on your computer screen, we recommend using a privacy filter on your screen.
If possible, use data (disk) encryption on laptop and smart devices.
Never leave your laptop unattended or in an unlocked room outside the office. If the device is stolen, immediately inform IT Helpdesk and change your password as soon as possible for security reasons.
If you suspect that you may have run a program or opened a document containing malware (unusual error message, disturbing ads, etc.), contact IT Helpdesk immediately.
- Make sure your personal device uses secure and up-to-date software. Update the software if necessary. See also recommendations in section 4!
- Use web-based (cloud-based) software solutions offered by UT to process work-related information
- Do not keep work information on a personal device for longer than necessary for remote work.
E-mail security
When you send an e-mail, select the recipients carefully – check whether all recipients need to be involved (especially when you reply to an e-mail) and whether the recipients' e-mail addresses are correct.
If you receive an e-mail from a person or a company you do not know, use caution when opening attachments and web links in the message. If necessary, consult IT Helpdesk.
If you receive an e-mail which tells you to update your password, be careful and, if necessary, consult IT Helpdesk.
If you have opened a suspicious link, immediately contact IT Helpdesk.
Recommendations for securing cloud-based video conferencing and video lectures
- The cloud-based service uses third-party hardware and software and service is provided to end users under a contract or partnership agreement.
- Many free services contain advertisements or transfer personal information for sale to third parties.
- Many video conferencing and video lecture solutions are still under development and often contain security flaws. Software is being developed, but older versions may contain dangerous security issues that have been exploited by malicious people.
- Counterfeit software packages based on a number of well-known software programs, which contain malware added by criminals in addition to the original software, have become widespread on the Internet.
Security recommendations
- If your scheduled video meeting or video lecture contains sensitive information that should cause significant harm to the public, review the cloud-based service agreement or collaboration agreement and assess the potential risks. If in doubt, seek advice from IT Helpdesk!
- If possible, organise your video meetings and lectures in private mode. For example, restrict access to a meeting or lecture to persons with a University of Tartu username. Do not allow strangers to join the meeting.
- Do not distribute web links to your private meetings or lectures through social media channels. Use only the university’s e-mail and internal web channels to disseminate such information.
- If the meeting is with a wider audience, check who can join the meeting and who has the right to present or share screen. Find out how you can remove strangers or mistakenly connected parties from the meeting. If necessary, seek help from user manuals or call IT Helpdesk.
- Make sure you always use the latest version of the video conferencing software.
- Install the software only from the official channel (through the manufacturer's website or through the operating system's application store). If in doubt about the authenticity of the software, contact IT Helpdesk.
If you have any information security problems or questions, contact IT Helpdesk immediately. Document as accurately as possible the content of the incident, the time of its occurrence and, if possible, take a screenshot of the program’s screen.
Passwords
The rules for creating a password are available on Change your password page.
Change your password regularly (at least once in two years) and change it immediately when you suspect your password has become known to someone else.
It is safe to change your password at https://passwd.ut.ee.
Workplace/office security
- If you see a suspicious person on the premises, find out who they are and where they want to go.
- If necessary, inform the UT security service of your suspicions at +372 737 5111.
Data protection
Raising awareness of cybersecurity
| ||
|
Expand | ||
---|---|---|
| ||
|