Information Security

Information Security

Email

Email is the most used communication service in organizations and therefore a source of risks and one of the most used means for the spread of malicious programs. Each user is responsible for the use and activities associated to his or her email account. It must be used in an appropriate manner, without harming the image or

functioning of the Polytechnic of Leiria. The use of the Polytechnic of Leiria’s email to send offensive or inadequate information or contents is therefore prohibited. Moreover, the use of the Polytechnic of Leiria’s email for the processing of personal matters is also prohibited.

Forwarding emails

It is not advisable to forward emails from internal accounts to external accounts. Forwarding messages between email boxes is also not recommended and should only occur with the authorization of the owners of the email accounts or in special cases (e.g. illness).  

Email Attachments

The email is a popular means of spreading malicious software (malware) (e.g. virus, Trojan horse). It is important that you are aware of this fact when receiving email messages which contain attachments or links to download from external websites. As antiviruses are not infallible, the best defence is prudence and the following actions are advisable:

  • Do not open attachments from unknown sources.
  • Do not open attachments that you did not expect to receive from known addresses.
  • Never open attachments which have executable file extensions (e.g. .exe,.bat,.com,.dll).
  • Do not open attachments that have more than one file extension.
  • When in doubt, ask IT Services for a second opinion.

Verify the recipients

When sending messages, it is essential to ensure that the recipients you have entered are correct, i.e., they are the recipients who should receive and have access to the information that is being sent. If necessary, conveniently use the options “Blind carbon copy” and “Reply to all”.

Sensitive Personal Information

Sensitive, confidential or any other type of information concerning personal/private data, should only be sent via email in encrypted format. The keys/passwords used in these processes should be sent through another means of communication.

Notice/Disclaimer

When sending sensitive information, i.e., containing personal, private data classified as secret or confidential, the email message should be accompanied with a notice/disclaimer, informing that the information sent is exclusively for the recipient(s), and that its distribution is prohibited.

Example: This message contains information classified as confidential or privileged. If you are not the intended recipient, kindly inform the sender via email and delete the message as well as all its contents.


SEGURANÇA DA INFORMAÇÃO

Clean Desk Policy and Use of Equipment

All the members of the Polytechnic of Leiria’s community should take into account the clean desk policy, in order to ensure that the private, secret or confidential information is not disclosed. The following actions should therefore be taken into consideration:

Espaço de trabalho

The workspace should be clear of any document or any computerised information containing personal data or secret and/or confidential information, which is left unsupervised for a long period of time or at the end of the working day.  

All information containing personal, private, secret or confidential data should be removed from the table after use and stored in a safe place and with controlled access.

Suportes

All documents and physical means of information should be kept in appropriate drawers with locks and/or any other type of safe furniture, when not being used, especially after working hours.

Computers and mobile devices should be blocked whenever the user is absent, and turned off at the end of the working day.

All printed copies with personal, private, secret or confidential information, used or processed by support equipment (e.g. printers, photocopiers, scanners) should be removed immediately after their processing is completed.

Fora do espaço de trabalho

No information with reserved access can be removed from the facilities without authorization.

Outside the Polytechnic of Leiria’s facilities, any member of the academic community is responsible for the safeguard of the equipment as well as for the information to them entrusted.  


SEGURANÇA DA INFORMAÇÃO

Personal Data Privacy and Protection

The new General Data Protection Regulation was published in the Official Journal of the European Union and is applicable as of the 25th of May of 2018. With regard to the new regulation, it is important to note that:

Dados Pessoais

Personal data is all the information regarding an identified or identifiable person (name, address, assets, income, dates, card numbers, telephone number, IP, videos, picture, race, biometric data, presence sheets, assessment, curriculum vitae, etc.).

Gabinete de Proteção de Dados

The Personal Data Protection Department (DPO) of the Polytechnic of Leiria is responsible for the protection of data and can be contacted through dpo@ipleiria.pt.

Personal data  should not be collected whether in paper or electronic format without first informing the Personal Data Protection Department.

Violação das políticas de privacidade

When there is a personal data breach, and a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data, the security incident must be immediately reported to privacidade@ipleiria.pt.

The DPO has the responsibility and obligation to notify the authorities of any leak or loss of personal data that occurred in the organisation, unless the personal data breach is not likely to result in a risk to the rights and freedoms of the natural persons.  

Transmissão de dados

When sending personal data to others, this should be encrypted or protected with a password (the password should not be sent via email).

Extra caution should be taken when processing documents containing critical information, as in the case of medical information or information concerning minors.

Before submitting information via email of a dissemination nature, such as information about training sessions, educational offers or of any other similar nature, be sure that the recipient of the message has given their written consent to receive this type of information. If you do not have this consent, try to obtain it, by email, before sending the information.

Eliminação de dados pessoais

When destroying or eliminating personal data, they must be permanently erased/destroyed, thus ensuring that they will not be recovered by third parties.