Information Security

politécnico de leiria

Information Security

Email

Email is the most used communication service in organisations and, therefore, a source of risks and one of the most used means for the spread of malicious programs. Each user is responsible for the use and activities associated with their email account. It must be used appropriately, without harming the image or functioning of Politécnico de Leiria.

The use of Politécnico de Leiria’s email to send offensive or inadequate information or content, as well as to process personal matters, is forbidden.

Forwarding emails

It is not advisable to forward emails from internal accounts to external accounts. Forwarding messages between email boxes is also not recommended and should only occur with the authorization of the owners of the email accounts or in special cases (for example, illness).  

Email attachments

Email is a popular means of spreading malicious software (malware) (for example, viruses, Trojan horses). It is important that you are aware of this fact when receiving email messages which contain attachments or links to download from external websites. As antiviruses software are not infallible, the best defence is prudence and the following actions are advisable:

  • Do not open attachments from unknown sources.
  • Do not open attachments that you did not expect to receive from known addresses.
  • Never open attachments which have executable file extensions (eg .exe,.bat,.com,.dll).
  • Do not open attachments that have more than one file extension.
  • When in doubt, email the IT Services for a second opinion (dsi@ipleiria.pt).

Verify the recipients

When sending messages, it is essential to ensure that the recipients you have entered are correct, ie they are the recipients who should receive and have access to the information that is being sent. If necessary, conveniently use the options ‘Blind carbon copy’ and ‘Reply to all’.

Sensitive personal information

Sensitive, confidential or any other type of information concerning personal/private data should only be sent via email in an encrypted format. The keys/passwords used in these processes should be sent through another means of communication.

Disclaimer

When sending sensitive information, ie containing personal, private data classified as secret or confidential, the email message should be accompanied by a disclaimer, informing that the information sent is exclusively for the recipient(s), and that its distribution is prohibited.

Example: This message contains information classified as confidential or privileged. If you are not the intended recipient, kindly inform the sender via email and delete the message as well as all its contents.


information security

Clean Desk Policy and Use of Equipment

All members of Politécnico de Leiria’s community should take into account the clean desk policy, in order to ensure that private, secret or confidential information is not disclosed.

Workplace

The workspace should be clear of any document or any computerised information containing personal data or secret and/or confidential information, which is left unsupervised for a long period of time or at the end of the working day.  

All information containing personal, private, secret or confidential data should be removed from the table after use and stored in a safe place and with controlled access.

Equipment

All documents and physical means of information should be kept in appropriate drawers with locks and/or any other type of safe furniture, when not being used, especially after working hours.

Computers and mobile devices should be blocked whenever the user is absent and turned off at the end of the working day.

All printed copies with personal, private, secret or confidential information, used or processed by support equipment (eg printers, photocopiers, scanners) should be removed immediately after their processing is completed.

Outside the workplace

No information with reserved access can be removed from the facilities without authorisation.

Outside the Politécnico de Leiria’s facilities, any member of the academic community is responsible for safeguarding the equipment as well as for the information to them entrusted.