Information Security

The objectives of the College Information Security Policies are to ensure that all systems and data on which the College depends are adequately protected and that the College is compliant with all relevant laws. Achieving this largely depends on staff and students working diligently in accordance with policy guidelines.

The College Information Security Policy sets out requirements and recommendations relating to how:

  • Confidential information must be protected from unauthorised access.
  • The integrity of information and information systems must be protected.
  • Appropriate measures must be taken to manage risks to the availability of information.
  • The College must ensure compliance with laws and the terms of contracts.
     

Policies

The College is committed to ensuring it has the necessary policies in place to ensure it can deal with cyber risks. Please visit our Policies page for full details.

Privacy and Data Protection

For information on General Data Protection Regulation please visit Data Protection.

Common Threat Types and Data Breach Reasons

Research has shown that a high level of breaches are due to unintended disclosures of Information. Some of the ways criminals extract this information from end-users are through Phishing, Vishing and Smishing campaigns.

Phishing

What is it? 

Phishing is a criminal activity that attempts to fraudulently obtain sensitive information from an end-user. Sometimes a benign email is sent (think of this as the bait) to lure you into a conversation and then follow that up with a phishing email. At other times, the fraudster will just send one phishing email that will direct you to a website requesting you to enter your personal information such as a username and password.

What to do: 

Stop and think

  • Are you expecting this email from this email address?
  • Do not click on any links or open any attachments
  • If you are unsure contact IT Services
  • Any email you receive which you believe is a Phishing attempt you can email it directly to Microsoft Office 365. This will help Microsoft improve their security filters.

Vishing

What is it?

Phishing emails are not the only fraudulent technique used to obtained information from you. This telephone version of phishing is sometimes called vishing. Vishing relies on “social engineering” techniques to trick you into providing information that others can use to access and use your important accounts. People can also use this information to assume your identity and open new accounts.

What to do: 

  • Do not give out any information over the phone.
  • Verify the identity of a caller if you can.

Smishing

What is it?

Just like phishing, smishing uses mobile phone text messages to lure consumers in. Often the text will contain a URL or phone number. The phone number often has an automated voice response system. And again, just like phishing, the smishing message usually asks for your immediate attention.

What to do

  • Do not click on any links
  • Do not reply to any SMS