uu77
See what you can do to work securely and to protect your information and that of the university from malicious people.
As an employee of uu77, you get to see all sorts of information every day. You need this information to do your job. See what you can do to work responsibly and consciously, learn how to recognise cybercrime, and find out how to store and share data securely.
The first thing you can do to protect your data is use strong/secure passwords. This is how you protect information on your computer and smartphone, but also your emails, social media and data in the cloud. Using multi-factor authentication (MFA) adds another layer of security. Store information in the right place, and make sure you know who you are or are not sharing the information with.
The process of securing various (online) applications and devices (PC, laptop, phone) begins with a good secure and strong password. Passwords are personal to you and must not be shared with others. See how to choose a secure password:
With multi-factor authentication (MFA), also known as two-factor authentication (2FA), you add an extra step to the login process. MFA is already in place for many uu77 systems.
For all your other (work and private) accounts too, it makes sense to opt for MFA. This will drastically reduce your chances of being hacked because, in addition to your username and password, you will then have to complete a second step to demonstrate that it really is you (e.g. using a code that you receive via SMS or in an Authenticator app). MFA makes things difficult for hackers and will help prevent your accounts from being hacked.
More about MFA
Take a conscious approach to sending, sharing or disseminating (confidential) information. Store information in a central, well-secured location. By granting others access to that central location, you will know who can acquire the information. This will prevent data from floating around in your email, other people’s email and elsewhere. As a result, you will reduce the risk of data breaches and will ensure that your work can be transferred to colleagues during holidays or if you are away for a prolonged period of time. 
You can store and share files securely in multiple locations. Depending on how confidential the information is and with whom you want to share the files, uu77 offers various storage location options.
To easily store, synchronise and share files securely within the organisation use
OneDrive, Teams, werkgroepmappen or SURFdrive.
If you are asked to send proof of your identity, use the Dutch government’s KopieID app to prevent misuse.
In day-to-day practice, emails are often sent over unsecured connections. This makes ordinary (unsecured, unencrypted) email not a good medium for exchanging confidential data. There is a risk of communications being intercepted by unauthorised persons en route.
Using free online tools to send large files, such as WeTransfer, also poses a risk. You no longer have control over the information and, if files are sent to the wrong person, it is not possible to make a correction or implement a preventive measure to prevent unauthorised access.
SURFfilesender lets you send (large) files in a secure and encrypted manner. This is useful for emails exchanged with external parties about personnel cases, emails with internship companies and other universities, documents with signatures and course files, etc.
The General Data Protection Regulation (GDPR) requires us to handle personal data with care. Any information that is traceable to an individual is personal data. If you want to start using new personal data, or to use existing personal data in a different manner, you must notify your department’s Privacy Officer.
The GDPR requires appropriate technical and organisational measures to be taken for personal data that is processed. This means that every employee must be mindful of the timely pseudonymisation and anonymisation of personal data. See the corresponding Radboud guidelines:
We have an open policy when it comes to the buildings on our campus. This means you can go almost anywhere without additional access controls (subject to a few exceptions). Because of this open character, it is important that we pay attention to our belongings, information, people we know and do not know who are walking around and how we leave our workspaces. All departments work with confidential information. To prevent confidential information from being lost or ending up in the hands of others, it is important to handle information consciously every single day.
By workspace we mean the place where you are working at that time. So, this might be in the office, but also at home or on the go.
The principle of ‘clean desk and clear screen’ is a measure that prevents unauthorised persons from easily accessing confidential information in your workspace when you are not there.
Clean desk means storing confidential information during your absence. It entails storing confidential physical information in cabinets that can be locked.
Clear screen means always locking your screen as soon as you leave your workspace, even if it is for a short period of time.
You can easily lock your Windows computer screen by using the key combination Windows key + L.
To lock your ‘Apple screen’ use: CTRL + CMD + Q.
Meeting rooms are often equipped with a flipchart or whiteboard. Always wipe this clean after a meeting to avoid leaking sensitive or confidential information.
As soon as you start printing, you may be creating confidential physical information. So, it is important to consider a number of prerequisites for printing securely:
Do you sometimes work from home, on the train or at an external location? Even then, make sure you work securely and responsibly. There is no distinction between working at home, on the go or in the office. The same rules on working securely apply everywhere.
University devices are equipped with various basic programs. An overview of the available software can be found in the software list. As a student and employee, you can also use additional (low-cost or free) software.
If you are unable to install software, contact the ICT Helpdesk.
If you have any questions about how ICT supports or can support your work, contact the Information Management team.
Due to the General Data Protection Regulation (GDPR), the way in which personal data may be processed when deploying ICT resources in education, research and support is very restricted. Prior to the use of any software and digital material, privacy legislation and information security require every organisation to consider the corresponding impact on privacy and information security. Indeed, this may result in specific measures.
For support with this, please get in touch with the information security contacts or privacy contacts.
Therefore, use approved software. uu77 offers support for software with a campus licence. Arrangements have also been made with suppliers in terms of how they process personal data and what security measures they have in place to do so. These arrangements have been set out in a data processing agreement.
You can install approved software yourself via the Software centre. If this fails, or if you need additional software for your work, you can submit a request to the ICT Helpdesk or the Information Manager of your division or faculty.
Free programs offered by third parties often collect all kinds of personal data. So, we strongly advise against using them.
Examples include programs like Google Translate, WeTransfer and Trello. When you use these types of tools, you have no idea where the information is stored and who can access it. You no longer have control over the information. What’s more, with free online tools, you run the risk of inadvertently relinquishing your copyright.
There are several ICT tools available for lecturers to use in teaching, which can be used securely and are mostly available to the faculties at no additional cost.
You should preferably work with a PC or laptop managed by uu77, at a staff or study workspace. This is because these come with various security measures, such as a firewall and anti-malware like encryption of your hard disk. If you do use your own device, implement the following security measures yourself:
There are all sorts of ways in which cyber criminals try to trap you. We are all familiar with phishing emails, but there are also many other means that criminals use to extract your data or take money from you.
EA common form of cybercrime is email phishing. But there is also fishing using SMS or WhatsApp, or simply by calling. Phishing emails are almost indistinguishable from real emails and, with the help of AI, attempts are becoming more and more sophisticated. For example, it is also quite easy to mimic and misuse someone’s voice. What may you encounter at work, among other things?
•&²Ô²ú²õ±è;&²Ô²ú²õ±è;&²Ô²ú²õ±è; Phishing
•&²Ô²ú²õ±è;&²Ô²ú²õ±è;&²Ô²ú²õ±è; Spoofing and CEO fraud
•&²Ô²ú²õ±è;&²Ô²ú²õ±è;&²Ô²ú²õ±è; Quishing / QR fraud
•&²Ô²ú²õ±è;&²Ô²ú²õ±è;&²Ô²ú²õ±è; Fake websites
Phishing involves using an email/SMS or app message to trap you. The quality of the messages is getting better all the time, making them almost indistinguishable from the real thing. By clicking on a link or attachment in the message, criminals put a program on your device unnoticed, so that they can access your data or further penetrate an organisation from there. They build a fake website, for example, for this purpose.
More on recognising and reporting phishing
With this form of cybercrime, the aim is to take money from you or the university and there is no attachment or link with a virus. The cybercriminal has usually gathered information about the organisation and employees beforehand. The criminal then pretends to be someone you know (colleague or partner) and asks you to share information or pay something. This may be done by email, but phone calls are also used.
CEO fraud is a form of spoofing where the criminal pretends to be your supervisor or the highest-ranking person in the organisation (e.g. a member of the Executive Board). A typical example of CEO fraud is a request to an employee in finance to bypass the normal procedure and make an urgent payment or buy gift vouchers because the person cannot do it himself or herself right now.
It is not only a link that can lure you to the wrong site; these days, people also use QR codes to redirect you to dubious websites (fake online shops) or apps that seek to gain access to your data.
A malicious QR code may also be pasted over a legitimate QR code.
The purpose of a fake website is to obtain sensitive information or to get you to make a purchase, which will never be delivered. You usually reach this kind of site via a phishing email or fake QR code, but you may also stumble upon it by accident.
With a data breach, personal data is (accidentally) released, or data is accidentally changed or destroyed. This means that access to personal data was obtained without authorisation or without any such intention. Even if this hasn’t happened yet, but there is a chance that it will, this counts as a data breach.
A security incident occurs when the availability, confidentiality or integrity of information is impaired. A security incident may include a virus and/or malware infection, theft/loss of your laptop, unauthorised access to confidential data and phishing emails.
You can also report phishing via ‘Report Phishing’ in Outlook, and you can report data breaches and security incidents to the ICT Helpdesk.
Do you have any questions? Or would you like more information? Do not hesitate to contact us.