The increased use of the Internet has brought with it a certain amount of convenience, and support has been provided for online classes or remote work. However, there are also problems caused by users not abiding by Internet etiquette, and network crime is on the rise. Especially, the time and expenses spent for repairing damage caused by virus infection - due to lack of security measures, being a victim/cause of secondary damage of unauthorized access or information leaks due to carelessness - cannot be ignored.
In order to protect the important information capital owned by Kyushu University at anytime and anywhere, it is important for us to implement information security measures and an information security policy, to prevent the utilization of information for false purposes, unauthorized access to our networks, information leaks, and other such incidents. Members of staff must have a strong awareness of information security measures, and strive to prevent incidents, while at the same time, implementing swift countermeasures if an incident does occur, and strive to prevent secondary damage from occurring. The University communications route for notifying any such incident, as well as the measures required for investigating, responding and reporting any such incident, are defined by the Information Infrastructure Initiative.
If you become a victim and cause secondary damage at the same time, you will experience emotional distress from spending a large amount of precious time repairing the damage. To prevent causing such incidents through improper use of the computer network, please be careful at home as well as at the University.
In order to ensure that Kyushu University faculty members, students and other users can utilize the networks, calculation functions and other information infrastructure with peace of mind, we have defined a basic information security policy that must be strictly adhered to by those providing the relevant infrastructure, and by all those using it. When in doubt about the use of information assets, please refer to the security policy and stick to the operational rules. When you use devices belonging to the University at home, please make sure to follow the rules of the University as well as your department. Especially, follow the rules set by the University according to the confidentiality of the information.
○Measures to deal with copyright infringement, information incidents, and compliance with laws
When using the computer network, make sure you are in compliance with laws. Never commit illegal acts such as the use of a non-genuine copy of Windows which is a copyright infringement and a license violation, or any other unauthorized use of commercial software. Making profits from the mining of virtual currency on campus is forbidden since it is considered an improper use of information devices and electricity.
Kyushu University restricts the use of all software that could lead to illegal acts such as the infringement of copyright, or result in the leaking of personal or other information. Please do not use this type of software at the University as well as at home. Please uninstall such software if it was installed before entering the school. There is a restriction on accessing websites which could lead to illegal acts such as the infringement of copyright on campus. In case it is necessary to access it, however, for education and research reasons, the restriction can be lifted through request. All access from outside the campus to inside the campus is restricted in general to prevent various cyber-attacks via remote internet access. In case it is necessary to access it, however, for education and research reasons, the restriction can be lifted through request.
○Learning and Self-check regarding information security measures
To improve security measures university-wide, e-learning as well as self-checks regarding information security, have been conducted every year for all the university faculty and administrative staff.
- ＊Learning regarding information security measures
All the faculty and administrative staff must take e-learning to improve knowledge and awareness regarding information security measures.
- ＊Self-check regarding information security measures
All the faculty and administrative staff conduct self-checks with an online questionnaire regarding the basic information security measures of information security policy.
○Information security measures
Listing examples of security threats in view of recent security incidents to take information security measures.
- ・Be aware of suspicious e-mails
Many suspicious e-mails have been received targeting Kyushu University faculty and administrative staff. Many of the contents do not appear to have bad intentions. It is important to be security-conscious and suspicious regarding e-mails you receive. Comprehensive judgement is needed to discern suspicious e-mails and careful examination of the contents of the e-mail from various aspects is necessary. Furthermore, when information to join a web conference is received via e-mail, please carefully make sure the URL is correct.
If you receive a suspicious e-mail, please inform the Information Infrastructure Initiative. Sending suspicious e-mails you received to your department for the purpose of calling attention to it is dangerous and could lead to spreading the damage. In fact, an incident was reported in which a forwarded e-mail within campus contained malware. If you receive a suspicious e-mail, make sure to contact the Information Infrastructure Initiative first.
- ・Managing passwords
When setting up a password, please follow the Kyushu University password policy. (* Please refer to “Managing SSO-KID and password policy” for more details.) If passwords for SSO-KID or other systems do not follow the Kyushu University password policy, change the password immediately. Moreover, reusing the same password could make you the target for password list type attacks, so do not reuse the same passwords and manage them properly. Do not tell others your passwords or ID (such as SSO-KID) unnecessarily.
- ・Virus Countermeasures
Install an anti-virus software such as Windows Defender to protect your computer from computer viruses. Make sure the computer you are using at the University now has active anti-virus software. Update the virus definition file so that the anti-virus software is the newest version.
- ・Preventing information leakage
The most common incidents when using University devices outside the workplace is loss and theft. When it is necessary to take out your work PC or USB with personal or confidential information in it, please manage the information assets properly while following Kyushu University Regulations for the Management of personal information as well as the rules of your department.
○Other things you need to be careful of
- ＊Do not lend your ID to others
Do not allow your friends or others off campus to access the on-campus network or computer/smartphone authentication with your university-wide ID (SSO-KID, Student ID). If a friend who uses your computer causes an information incident, you will also be held accountable for that.
- ＊Avoid inappropriate use of social media or bulletin boards
Please avoid inappropriate or extreme posts on social media such as Twitter, Facebook, LINE or online bulletin boards. Because of its anonymity, some have posted extreme comments on social media and this has resulted in inquiries to the University, or in some cases, one’s identity being revealed to the public. Even if posted anonymously on the internet, after some research, the source can be identified.
- ＊Understand new threats
Every year attacks with new methods are confirmed, such as Tech Support Scams and bank transfer fraud using a short message service.
Check the newest information on threats provided by the IPA regularly. By understanding the information on threats, harm can be prevented.
○Flow of response when an incident occurs
If an information security incident occurs (either externally or internally inflicted), it is necessary to identify this as early as possible, and take measures to prevent the situation developing any further. In such a case, make an immediate report (initial report) to the Kyudai Computer Security Incident Response Team at the Information Infrastructure Initiative according to the “Flow chart of communications and processes when an information security incident occurs” listed below. Please communicate the details of the incident using the document formatted for an Information Security Incident Report.