Information Security

politécnico de leiria

Information Security

Email

Email is the most used communication service in organizations and therefore a source of risks and one of the most used means for the spread of malicious programs. Each user is responsible for the use and activities associated with his or her email account. It must be used appropriately, without harming the image or functioning of Politécnico de Leiria.

The use of Politécnico de Leiria’s email to send offensive or inadequate information or content is therefore prohibited. Moreover, the use of Politécnico de Leiria’s email for the processing of personal matters is also prohibited.

Forwarding emails

It is not advisable to forward emails from internal accounts to external accounts. Forwarding messages between email boxes is also not recommended and should only occur with the authorization of the owners of the email accounts or in special cases (for example, illness).  

Email attachments

Email is a popular means of spreading malicious software (malware) (for example, viruses, Trojan horses). It is important that you are aware of this fact when receiving email messages which contain attachments or links to download from external websites. As antiviruses software are not infallible, the best defence is prudence and the following actions are advisable:

  • Do not open attachments from unknown sources.
  • Do not open attachments that you did not expect to receive from known addresses.
  • Never open attachments which have executable file extensions (eg .exe,.bat,.com,.dll).
  • Do not open attachments that have more than one file extension.
  • When in doubt, email the IT Services for a second opinion (dsi@ipleiria.pt).

Verify the recipients

When sending messages, it is essential to ensure that the recipients you have entered are correct, ie they are the recipients who should receive and have access to the information that is being sent. If necessary, conveniently use the options ‘Blind carbon copy’ and ‘Reply to all’.

Sensitive personal information

Sensitive, confidential or any other type of information concerning personal/private data should only be sent via email in an encrypted format. The keys/passwords used in these processes should be sent through another means of communication.

Disclaimer

When sending sensitive information, ie containing personal, private data classified as secret or confidential, the email message should be accompanied by a disclaimer, informing that the information sent is exclusively for the recipient(s), and that its distribution is prohibited.

Example: This message contains information classified as confidential or privileged. If you are not the intended recipient, kindly inform the sender via email and delete the message as well as all its contents.


information security

Clean Desk Policy and Use of Equipment

All members of Politécnico de Leiria’s community should take into account the clean desk policy, in order to ensure that private, secret or confidential information is not disclosed.

Workplace

The workspace should be clear of any document or any computerised information containing personal data or secret and/or confidential information, which is left unsupervised for a long period of time or at the end of the working day.  

All information containing personal, private, secret or confidential data should be removed from the table after use and stored in a safe place and with controlled access.

Equipment

All documents and physical means of information should be kept in appropriate drawers with locks and/or any other type of safe furniture, when not being used, especially after working hours.

Computers and mobile devices should be blocked whenever the user is absent and turned off at the end of the working day.

All printed copies with personal, private, secret or confidential information, used or processed by support equipment (eg printers, photocopiers, scanners) should be removed immediately after their processing is completed.

Outside the workplace

No information with reserved access can be removed from the facilities without authorisation.

Outside the Politécnico de Leiria’s facilities, any member of the academic community is responsible for safeguarding the equipment as well as for the information to them entrusted.  


information security

Personal data privacy and protection

The new General Data Protection Regulation (GDPR) came into force in 2018, in order to bring more digital security to the European Union.

Personal data

Personal data is all the information regarding an identified or identifiable person (name, address, assets, income, dates, card numbers, telephone number, IP, videos, picture, race, biometric data, presence sheets, assessment, curriculum vitae, etc.).

Personal Data Protection Department

The Politécnico de Leiria’s Personal Data Protection Department (DPO) is responsible for the protection of data and can be contacted by email (dpo@ipleiria.pt).

Personal data should not be collected either in paper or electronic format without first informing the Personal Data Protection Department (DPO).

Personal data breach

When there is a personal data breach, and a personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data, the security incident must be immediately reported by email (privacidade@ipleiria.pt).

The DPO has the responsibility and obligation to notify the authorities of any leak or loss of personal data that occurred in the organisation unless the personal data breach is not likely to result in a risk to the rights and freedoms of the natural persons.  

Sending data

When sending personal data to others, this should be encrypted or protected with a password (the password should not be sent via email).

Extra caution should be taken when processing documents containing critical information, as in the case of medical information or information concerning minors.

Before submitting information via email of a dissemination nature, such as information about training sessions, educational offers or of any other similar nature, be sure that the recipient of the message has given their written consent to receive this type of information. If you do not have this consent, try to obtain it, by email, before sending the information.

Personal data erasure

When destroying or erasing personal data, they must be permanently erased/destroyed, thus ensuring that they will not be recovered by third parties.