Teesside Security Controls

Many of you will have already attended the Universities Information Security training programme (if you are new to the organisation and have yet to book on click here) and hopefully found it useful. The training highlights the pitfalls of being online and how to avoid being the victim of criminals and scammers. The whole thrust of that training is to equip people with the skills to recognise when something is wrong and when to proceed with caution. That personal vigilance is in many ways the last line of defence. However, this is a world of defence and counter-attack.  We understand how difficult it can be to spot a phishing email, and to that end the University has implemented some enhanced security features to help keep us all safe

The first of these is something called email advanced threat protection and it offers two levels of protection Safelinks and Safe Attachments.

Safelinks & Safe Attachments​

This feature checks all external links (URLs) in an email for references to malicious or other dubious websites. You might notice links that look like the one below.

https://emea01.safelinks.protection.outlook.com/?url=http%3a%2f%2fwww.samilaiho.com%2f&data=01%7c01%7cj.belt%40tees.ac.uk%7ccc475f6deb1a4a3ccc2c08d361a439b9%7c43d2115ba55e46b69df7b03388ecfc60%7c1&sdata=bsPi%2fto2gsPRpb3a%2fLjnVSd4gxV0C11XAvQSJPvqv7c%3d

Even perfectly safe links will display in this new format, if on clicking the link is classified as safe you will be taken to the target website.  However, if the link is suspicious you will be greeted with this instead.

pic1.png 

The Safe Attachments feature looks at attachments received (externally) in a similar way. E-mail attachments are inspected by an automated process in a virtual environment to see if the recipient opening it would trigger malicious activity like downloading code to your PC, or interfering with the workings of your PC.  If it looks malicious the attachment will be stripped out of the email.  As a result of this feature some external attachments might be slightly delayed while inspection and testing is performed. As with any kind of service like this there will be occasional false positives, and false negatives so common sense should still be applied when opening messages especially if you are unsure of the content and sender.

Blocking Malware & Phishing sites

The second layer of protection is automated anti-phishing protection. Hopefully the Safelinks feature already described will catch most malicious links, but just in case the delivery route is different the University has implemented a tool that will prevent web access to known malware and phishing sites. An example of what that looks like is shown below.

2019-06-12 15_19_45-Web Page Blocked.png
 

Multi Factor Authentication

Finally, the third layer of protection is Multi-Factor Authentication (MFA).

A nefarious third party who has managed to get their hands on your userid/password can in theory use those details to access University resources. A small subset of resources is available externally i.e. without having to be onsite and will shortly be protected by MFA as part of a rolling program including CRM, Outlook Web access, Unity, Terminal services.

So what is it? Basically to gain access to a protected University resource externally you will need your userid, password and a third factor which is a physical item. In our case, and for greatest accessibility, that third factor will be a mobile phone. Thus a thief who has your id and password is unlikely to also have access to your mobile phone and therefore will not be able to gain access to protected resources. Clearly, this protection comes at the price of inconvenience but the costs of a data breach (under the coming changes to the data protection act) and the damage to reputation are extremely severe. Training and guidance will be provided in advance of any changes so as to cause minimum disruption as will be making the MFA experience as slick as possible.​