Security awareness

    As an employee, you need to know how to safely manage information and digital tools in your work. Here we provide suggestions for basic security measures and links to the University’s information and IT security pages.

    Information and tips on information and IT security

    1. Complete basic information security training

    We encourage all employees to complete basic information security training and to continuously update their knowledge of information security and safe behaviour.

    DISA – Digital Information Security Training for Everyone.

    We recommend the Swedish Civil Contingencies Agency's Digital Basic Information Security Training, DISA (it takes about 30 min to complete).
    Register here to have a link with the training sent to you.

    2. Follow the advice in our checklist

    The checklist provides practical advice on how to increase your IT and information security.

    IT and Information Security Checklist

    • Keep your computer and phone passwords private.
    • Lock your computer when you walk away from it.
    • Make sure you back up your data and install anti-virus software on your computer and mobile devices. Old software versions may have security vulnerabilities. Take advantage of Umeå University's client management.
    • Think about where you are and who is around you when you handle information, whether in conversation, printouts or on screen.
    • Use only IT services approved regarding both information security and personal data. The services procured and provided by ITS meet the stated requirements.
    • Be alert to phishing and similar attempts to trick you into divulging personal information via fraudulent emails or online forms. The University's IT staff will never ask you for your password in an email.
    • Do not store personal data or other sensitive information in cloud services, and remember to never send sensitive information by email.
    • Exercise good judgment when online. A single visit to a compromised website may be sufficient to infect your computer or mobile devices with malware. Report any incidents to abuse@umu.se. They can also offer advice and support.
    • Notify the University's Data Protection Officer (pulo@umu.se) if you are processing personal data.
    • Read and agree to the rules governing your rights and obligations as a user of the University's IT services. Normally you do this when you begin employment and receive your user identity.
    • Ensure that any information you need to save is archived. Prepare for archiving as soon as you start collecting data. Contact the Registrar and Archives for advice and support.

    3. Learn more about how to protect your information and that of the University

    Use secure login methods

    Read more about user accounts and more secure logins, such as MFA (Multi Factor Authentication).

    Protect yourself from phishing attempts and viruses

    • Read more about spam, phishing and viruses.
    • Make your computer more secure and keep it up-to-date with client management.
    • Use secure software.

    Protect your work documents

    Apply sensitivity labels to documents in M365.
    Store your documents in the right place based on security needs — Read more about recommended storage solutions and what you can store in M365.
    Ensure that you have backups of files outside of M365.

    Find the right level of protection, e.g. for information in a project

    Outside the workplace

    Additional reading:
    • What applies for remote work and how a Virtual Private Network (VPN) works.
    • What applies to business trips.
    Eduroam — certificate-based network.

    Mobile phone and app security

    Read more about security threats in mobile phones and applications (apps).

    When something happens

    • Reporting an IT security incident.
    • Reporting a personal data breach.

    Legal Affairs Office
    2/28/2024