Understanding Information Security
What is information security?
Information security refers to the steps that we can take to:
- Ensure good data management.
- Protect information against damage, loss and theft.
- Protect the ICT equipment and systems used to collect, store and process that information.
Why is information security important?
Certain types of information are legally protected under the Data Protection Act 2018 (e.g. staff, student and medical records). Other types of information may be protected by a contractual agreement (e.g. financial or commercially sensitive data provided by a private sector company).
A failure to safeguard other people’s personal information may cause them serious distress. In some cases, those people may become victims of crime. Negative publicity and regulatory action by the Information Commissioner’s Office may also cause significant damage to the reputation of the University.
A failure to safeguard information that is protected by a contractual agreement may result in the University being refused access to important research funding and research data. Such an event may impact the University's ability to carry out research.
What are the risks?
The types of risk that may result in the damage, loss and theft of protected information include:
- Loss and theft of portable computing devices (e.g. laptops, tablet computers and smart phones) and portable storage devices (e.g. USB flash drives and external hard disk drives).
- The accidental publishing of confidential information on the Internet (e.g. social media, blogs and messaging boards).
- The sending of a confidential email to the wrong recipient.
- Large volumes of confidential printed information kept on desks.
- Confidential documents left on photocopiers and fax machines.
- Unlocked filing cabinets.
- Incorrect disposal of confidential information (e.g. failure to shred confidential paper waste, failure to securely erase computer data).
- Non-secure cloud computing (e.g. public access cloud drives).
- Scam emails sent by criminals in an attempt to obtain important personal information, or trick you in to paying a fraudulent invoice.
- Fraudulent phone calls.
- Viruses and malicious software (e.g. ransomware).
- Computer hackers.
What steps can we take to protect information?
The University has produced this guidance to help you protect information. This guidance can be accessed from the Information Security Home Page.