- Employed at Lnu
- Security
- IT and information security
IT and information security
The IT Division and the Security Division are responsible for the University's IT and information security. The overall security work is led by the Security Department.
The work on IT security focuses on technical prerequisites and ensuring that the desired degree of information security is achieved with the support of these. Information security work must ensure that the University maintains the desired confidentiality, accuracy and availability of the University's information assets. Information assets refer to both information and the resources used to manage the information. IT and information security is thus about more than securing information systems.
Privacy – to protect information from unauthorized access.
Integrity – ensuring that information is not tampered with in an unauthorized way.
Availability – that information and systems are available when needed.
Traceability – being able to follow who has done what in a system.
Intransigence – that it is not possible to deny that a certain action has been performed.
Other resources, not least people's abilities, are also important components of the IT and information security concept. In our information society – where large amounts of information are processed, stored, communicated and reproduced – more is required of you as an end user.
The IT Division and the Security Division work to support you as a user in your work. It is both about conveying a sound security mindset to users and predicting a good level of security on the university's IT systems.
The University's work is based on the standards and statutes that exist for Swedish government agencies, such as ISO 27000 Management System for Information Security (LIS) and MSBFS 2016:1 regulations and general guidelines on government agencies' information security.
IRT
Incidents that may pose a threat to IT security at Linnaeus University are handled by the IRT group, where employees and students can report individual incidents. IRT is a composite team of people with different IT skills and has a direct line of contact to the Incident Manager (IM) who can immediately handle any actions to deal with the threat.
IRT's tasks include to:
- Receive information about internal and external IT security threats
- Be a contact organization for other organizations in the event of national threats
- Investigate incoming IT security cases
- Be the receiving organization for investigations regarding IT incidents
- Regularly conduct analyses of identified incidents.
Contact
- Notification of suspected threats to IT security is sent to the IRT group at the email address irt@lnu.se.
- The contact person for IRT is IT Security Coordinator Andreas Sjösten.
- In case of uncertainty, contact IT support for guidance.
Phising
Never give out your password – be careful when logging into websites!
Phishing, so-called phishing, is a method used to trick people into handing over important and personal information, often account information.
Phishing often tries to get you to click on a link to a web page where you are supposed to enter your username and password. The website may look like an Lnu page, but it is not. It is also common with requests for urgency and with threats that the email account will be disabled.
Periodically, many phishing emails come to us at Lnu and it happens all too often that someone clicks on links in these emails and enters their account information. The email often states that it is we at the IT department who need access to your information in some form, e.g. that you need to activate your account to get more space on your storage. It is often also mentioned that it is a threat of trouble if you do not do this quickly.
Keep in mind:
- Entering your password (= logging in) on a website is also giving up your password.
- The IT department will NEVER ask for your password!
- The IT department will NEVER ask you to click on a link to verify your account or email account!
- The IT department will NEVER threaten that the account will be blocked unless you click on the link and enter your password or log in!
If you have clicked on a link in a phishing email and entered your username and password, you must change your password as soon as possible. Otherwise, at best, your account will be used to send spam and your inbox will be filled with "Delivery failure" emails. In the worst case, your account details could be used to access all of your data on your P: and the parts of S: that you have access to.
You can change your password either on the https://account.lnu.se/password/change website or on an Lnu computer.
Some examples of common texts in phishing emails:
- The size of your mailbox has exceeded the maximum limit and your email will be blocked if you do not click here...
- Due to security updates, you need to log in to your Webmail to prevent it from being blocked, click here...
- An outsider has tried to get into your account and you now have limited access to your Webmail. To reactivate, click here...
If you have any questions, please contact IT support.
IT- and information security when travelling
When travelling abroad, you should think about what electronics you bring and how you use them.
Secure your information and electronics in four steps:
- Take backup before your trip
Traveling can be a big strain on your technical equipment. Take backup before and during your trip in case of damage or theft - Don't bring more electronics than you need
Think about whether you really need to take everything you have with you. For example, there may be a computer available at your destination.
When travelling outside Europe, and especially to certain non-European countries, it is recommended that you avoid bringing your work computer and company mobile as far as possible. - Secure your access
Data can be stolen without the perpetrator physically coming across your device. Make sure your connection is encrypted.
In the browser, when logging in, it should say https:// instead of just http://.
Connect to a secure network or Virtual Private Network (VPN) whenever you can. - Refresh your passwords when you get home
Always change your passwords to essential services when you get home.
You are welcome to contact IRT at irt@lnu.se for further information regarding e.g. backups, password changes and any borrowed computer.
Safety when travelling to countries outside the EU
When travelling outside the EU, the Security Department's recommendation is to have as few electronic devices with you as possible. Think about whether you really need to bring your computer and company mobile with you. When traveling to certain countries, an alternative may be to use an alternative, blank computer. Only use the webmail and avoid connecting to the university's system.
If you have your company mobile with you, you should only use it for making calls.
You are welcome to contact the Security Department, sakerhet@lnu.se, for further information.
Checklist for travelling
Before the trip
- Only bring the information and technical equipment you really need. Think about how to protect the information you take with you. Information must be both backed up and encrypted before travel as far as possible.
- Check that you have access to LNU's VPN service (when travelling to certain countries, it is advised not to connect to VPN, contact the security department, sakerhet@lnu.se for more information)
- Make sure that your software and apps are up to date.
- Make sure that the devices have automatic lock, password/PIN.
- Only bring the devices you really need – keep in mind that a mobile phone is a small computer and contains a lot of information.
- When travelling outside the EU - look into the possibilities of leaving your computer at home and bringing a borrowed computer.
During the trip:
- Keep an eye on your devices and be aware of your surroundings.
- Use privacy filters on your screen so that others don't see what you're doing.
- Disconnect voicemail when you are abroad. Also shut down all data traffic to avoid expensive phone bills. Disable Bluetooth and location services that you don't need during the trip.
- Use Eduroam (wifi) where available.
- Do not connect your devices to public open WiFi networks, and in countries where it is secure, use LNU's VPN service to access your resources at the university.
- Connecting to password-protected networks, such as in hotels, can also pose major risks. Be critical of questions that are asked in connection with connection to the network.
- Do not plug unknown accessories into the computer (e.g. USB).
- Use your own charger - the wrong charger can damage your devices and chargers rigged with malware occur
After the trip:
- Run a virus check on the devices (including USB sticks) you have brought with you on the trip.
- Be aware of any phishing attempts or contact that may be related to your stay abroad.
- Change your passwords.
- In case of suspicious events/incidents or contact, please contact