Menu

Close

Quick links

Information Security and Data Protection Guidelines

How to protect your credentials and avoid scams Phishing attempts aim to obtain users’ passwords, which are then used for financial gain or to cause harm. Malware distributed via the web and email attachments can, among other things, steal or destroy files, forward your account and password information to the malware author, and slow down…

Ohita sivuvalikko
Student’s Guide

How to protect your credentials and avoid scams

Phishing attempts aim to obtain users’ passwords, which are then used for financial gain or to cause harm. Malware distributed via the web and email attachments can, among other things, steal or destroy files, forward your account and password information to the malware author, and slow down the operation of networks.

  • Laurea’s systems are accessed with a personal username and password.
  • You are personally responsible for the use of your account. Do not disclose your password to anyone. Not even system administrators should know it. If someone asks for your password, they are almost certainly up to no good.
  • Change your password often enough and immediately if you suspect it has fallen into someone else’s hands. If you receive a new password from user support, change it right away to one that only you know.
  • Your password can be something you can remember easily but which outsiders cannot break or link to you. You can use passphrases, for example, to help choose a password.
  • Do not write your password down without encryption.
  • Do not use the same password for any non-Laurea services as you do for Laurea services, so that a compromise of an external service does not allow access to Laurea systems.

Remember the risks of email

Email is not intended for confidential communication. Use encrypted email when necessary.

  • The email address provided by Laurea should be used for Laurea communications, services and learning environments.
  • If you receive an email that belongs to someone else, inform the sender that the address is incorrect. Remember that you are bound by confidentiality regarding messages you receive. Forward the message to the correct party if that is known.
  • When composing messages, keep in mind that the recipient may forward your message to a wider audience than you intended.
  • Email messages travel across the network unencrypted and without protection. Confidential information should be sent as encrypted email using the message’s Encrypt button.
  • Consider to whom you give your email address and where you publish it. Obtain a separate external email address for private use if needed.
  • Use the To, CC (copy) and BCC (blind copy) fields correctly.

Beware of phishing emails and other scams

Be healthily suspicious of the reliability of any email you receive. Email messages can contain malware or direct you to pages that host malware. An email may also originate from somewhere other than the address shown in the sender field. Malware can send email in a user’s name without their knowledge.

  • Beware of phishing messages that ask you to provide your account and password or to enter them on a website. Administrators will never ask for your password or online banking credentials.
  • Always check the real target address of a link before clicking. Be especially careful if the message contains a link or attachment.
  • Do not reply to advertisements and chain letters; delete them immediately. If an offer seems too good to be true, do not accept it.
  • Besides email, you may be deceived by other means, such as by phone or social media. Beware of unexpected bills, fabricated messages, or surprising requests sent in the name of your contacts.
  • Laurea uses various spam and malware filtering methods that may affect the delivery of email. Check your spam folder from time to time.
  • If you suspect you have been targeted by a scam or an attempted scam, you can ask for instructions from the Laurea ServiceDesk or make a security report.

Devices are your responsibility

Take care of your study equipment.

  • Take care of the security and functionality of your own computer. Note that home computers may only be connected at Laurea to the Laurea visitor network. Also ensure you back up your personal data.
  • Ensure that both your computer’s and your mobile devices’ operating systems and applications remain up to date.
  • Always log on to a computer with your own credentials.
  • Lock your computer every time you leave it, even if only for a short while. This prevents unauthorized use of systems and files under your account.
  • If you use a shared computer, delete any files you may have temporarily stored on the machine before logging out.
  • Save all important study-related materials to OneDrive. This way your data remains safe if the device is lost.
  • Installing software on Laurea computers is generally prohibited and often technically blocked. If you need a particular program on a school device, contact the ServiceDesk.
  • Use a USB stick only for transferring data — not as the sole or permanent storage location.
  • Do not leave your devices unattended in public spaces or on public transport.
  • If your device is stolen, file a police report and change all Laurea system passwords that were stored on the lost device.

Be cautious with public computers and open networks

  • Only use web services that encrypt traffic on other wireless networks. The address will then start with https://.
  • Note that public terminals in public places may run software that collects user data. Consider whether it is necessary to log in to, for example, Laurea email from such a machine. Learn how to clear the browser cache and remove other traces left by your use.
  • Be cautious about other users’ USB sticks. If you find a USB stick, hand it in to the ServiceDesk without inspecting its contents.
  • Make sure you use a secure protected connection outside Laurea. For example, the global Eduroam network used in higher education institutions is protected and secure.

Take care of devices and data also on mobile and abroad

  • The security of mobile devices depends on how you use them. You are responsible through your own actions for keeping devices and data secure while studying using mobile devices.
  • Use data connections judiciously, especially outside Europe.
  • Turn off wireless connections (Bluetooth and WLAN) on your device whenever you do not need them.
  • Download the mobile apps you need only from official app stores.
  • Consider whether you allow the use of your location data in mobile services. Be especially cautious if you suspect the usage environment is unverified or otherwise insecure.

Keep your computer healthy and functional

  • Protect your computer with a firewall and anti-malware software.
  • Do not install any software you do not actually need.
  • Install security updates for software.
  • Create personal accounts (without administrator rights) for each user on your computer. Administrator accounts should only be used for maintenance tasks (software installation, creating other accounts).
  • Back up the files on your computer regularly. Store backups separate from the computer and, if possible, in a locked location.

Remember to protect personal data

  • All information that can be used to identify an individual is personal data. At Laurea, personal data may generally only be processed in systems accessible with Laurea user accounts. Sensitive information may be processed only by named individuals on devices and systems designated by Laurea for that purpose.
  • Use secure printing and ensure proper handling of paper documents.
  • Familiarize yourself with Laurea’s privacy notices if necessary.
  • When studying in public spaces, pay attention to what you say aloud. Also avoid writing confidential messages in such settings. Use a screen privacy filter where possible.
  • Dispose of personal data when it is no longer needed.
  • Ensure proper handling of personal data at home as well.
  • Processing confidential information and personal data in cloud services other than those provided by Laurea is not permitted. If in doubt, check with the ServiceDesk which systems are allowed for handling such data.

Use online services and social media wisely

  • In many online services, users’ data are stored only on the service provider’s servers and in consumer services often outside the EU. Before using a service, check the terms of use at least for data ownership and whether data may be passed on to third parties.
  • Prefer using the services provided and approved by Laurea for your studies.
  • Periodically check the privacy settings of the online services you use (e.g. who can view your information) and adjust them if necessary.
  • It is easy to impersonate someone in online communities. Do not take everything you read at face value.
  • Beware of pop-up windows and advertisements on websites. Malware spreads effectively through social media and online services — do not click carelessly.
  • When using various social media services, consider what information you share. Once information (for example documents, photos, personal data, opinions) is posted online, it may later be impossible to remove completely.

Do you suspect a malware infection or security breach?

Anti-malware programs cannot provide complete protection because new malware constantly appears. If you suspect that a machine you use has or has had malware, make a security report and do the following:

  • Immediately change, from another computer, all passwords that you have used on the machine infected by malware or passwords that are the same as those used on the infected machine.
  • To investigate misuse, report the malware suspicion and possible compromise of your account to the customer service of the most important services you use.
  • If the computer belongs to Laurea, contact the ServiceDesk. If the computer is your own, do not use it until you have determined how to remove the malware. You can get limited guidance on cleaning your computer from the ServiceDesk or from the antivirus vendor’s website.
  • If you suspect a security violation or misuse of a system, contact the party responsible for the service. If the service is provided by Laurea or you used a service with a Laurea account, contact the ServiceDesk and file a security report.