PT

U.Porto IT

Services

Services List

  1. Security and Privacy
Policies and Good Practices

Authentication

Passwords should be confidential.

Some tips to keep passwords safe:

  • Do not write them on paper or in visible places.
  • Change them regularly even in systems where it is not mandatory.
  • Do not save them automatically on systems (for example, browsers).
  • Use different passwords for different accounts and systems.
  • Passwords used in a work context should not be the same as the ones used in a personal context.

A secure password is made up of 10 characters at least and contains:

  • Upper and lower case alphabetic characters (A, B, C, D, …, a, b, c, d, etc.);
  • Numbers (1, 2, 3, 4, etc.);
  • Special characters (~ ! @ # $ % ^ & * ( ) _ + | ` - = \ { } [ ] : " ; ' < > ? , . /).

To create a safe password, think about a sentence that is easy to remember and then define a method to transform the sentence into a password.

Sentence: I bought my first car in 2017!
Method: Use the first letter of each word and alternate irregularly between uppercase and lowercase letters; only use the last two digits and keep special characters.
Password: IbmFCiE17! (Do not use this example)

Email

The University of Porto provides an email account to each user registered in SIGARRA to communicate in an efficient way and dematerialised form. This address is the main means of communication. It is equivalent to the traditional forms of official communication; therefore, it should not be substituted by external solutions.

The use of electronic mail is conditioned by an Acceptable Use Policy that includes respect towards the rights of other users, as well as compliance with legal obligations.

UPdigital guarantees that this service works as expected in terms of connectivity, monitoring and integrity of information. Even though there is still a significant amount of spam that enters the inbox folder, 95% of messages of this type are eliminated by filters.

Good practices

  • Always insert a brief and objective description of the message content in the Subject line (so it can be easily searchable).
  • Avoid sending messages to an excessive number of recipients, as well as using too many upper case letters. By doing this, it is less likely that the message will be considered spam.
  • Use a grammar and spell checker and read the whole message before sending it.
  • Make sure that there are no attachments missing. If they exist, make sure they have an average size.
  • Larger files can be compressed, and they should be made available through U.Porto's Filesender.
  • Clean your mailbox regularly and archive attachments of larger dimensions in order to optimise the allocated space.
  • Use webmail when the protocols adopted in your location do not allow you to send messages through the client application that you normally use.

Security

  • Messages can be digitally signed (via Digital Certificate, for example, the one used in the Citizen Card), so that the sender looks more trustworthy to the recipient.
  • Crucial or sensitive data should only be sent by email if required by the duties performed. In that case, the message should be encrypted.
  • Users should protect themselves from phishing attacks by rejecting any message that is not addressed to them directly, contains subjects not requested or raises doubts.
  • You should never provide personal information or credentials from this service.
  • Hover the mouse over any pointer inserted in the message to confirm that it corresponds to the visible text before accessing it.
  • Do not open attachments that finish in .exe, .scr, .bat, .com, or other executable files that are not trustworthy or raise doubts.

Extra care

  • Do not use electronic mail to send advertising messages, in particular to recipients who did not request it.
  • Share a message with third parties in Cc (carbon copy, known to third parties with visible addresses) or Bcc (blind carbon copy, known to third parties with hidden addresses), only when those people need to have that information.
  • Use Reply All sparingly, since no one likes to have their inbox filled with messages not addressed to them.
  • Use Forward to share the message with another person if you want to continue following the topic, and use Redirect if the topic is not of your interest.

External Mobile Devices

  • Be suspicious of external devices (USB sticks, etc) with unknown origins.
  • Disable the autorun feature.
  • Before accessing any file, analyse it with an antivirus.

Printouts

You should take the printouts from the printer as soon as possible. If you are printing documents with sensitive data, stay near the printer while the sheets are being printed.

If you want to destroy documentation with important information (for example, personal data), do it in a reliable way, like using a paper shredder.

Information Security Incidents

If there is an abnormal situation that could put your resources at stake (loss of a device, virus infection, suspecting that your credentials were violated, accidental destruction of personal data, etc.), report the security incident immediately.

Malware prevention

Instal the antivirus (software that acts as a defense against malicious code) and keep it updated.

Secure configurations

  • Only use software from legitimate sources and always keep it updated.
  • Change predefined passwords and, if needed, the default configurations.
  • Do not continue to use software that is not supported by the provider.

Use

  • Do not open files of questionable origin.
  • Do not access links of unknown origins – analyse them previously.
  • Do not use your work equipment for personal purposes.

Phishing is one of the most used methods to access personal data and/or infect systems with malware (malicious software). For example, through a fraudulent email, an attacker can pretend to belong to the university's services and request your access credentials.

Under no circumstance will U.Porto's services ask you to reveal your access credentials.

Wi-Fi networks

Avoid connecting to Wi-Fi Networks from unknown entities or without authentication. If you cannot avoid it, take measures to protect yourself. For example:

  • Use a VPN;
  • Do not access critical services;
  • Confirm if the websites you are accessing are safe by clicking twice above the lock that appears in your browser next to the address field (which should start with "https://" and not with "http://").

More information:

Unit
Information Security

Last update: October 2, 2020