All members of the University community—students, faculty, and staff alike—are responsible for protecting the IT resources they use or manage. Access to the University's information, devices, and systems has with it a duty to use it responsibly and in accordance with information security policy and requirements.

To report suspicious or malicious emails to the security team, please utilize the Report Message button inside Outlook. Please see our guide on reporting phishing through outlook here.

Change your password  immediately by going to www.tudublin.ie/password Then contact the service desk using the information below providing full details of the incident. 

Opening Hours: Monday to Friday - 9am to 5pm

Self Service: Self service portal
Phone:  01 220 5123
Email: itsupport@tudublin.ie

To change your office 365 email password please go to www.tudublin.ie/password 

Confirmed or suspect information security breaches should be reported promptly via the Support Desk.

Examples of incidents that require reporting include: 

• Accidental loss or theft of sensitive data or equipment on which such data is stored (e.g. loss of laptop, paper records) 

• Unauthorised use, access to or modification of data or information systems (e.g. sharing passwords to gain access to access or change information) 

• Unauthorised disclosure of sensitive or confidential information (e.g. email sent to wrong individual or sensitive document sent to incorrect address or individual) 

• Compromised user account (e.g. account details obtained through phishing) 

• Successful or unsuccessful attempts to gain unauthorised access to University information and/or information systems 

If you receive a phone call you don’t feel comfortable with, do not give any information and end the conversation. 

You can always ask further questions about the nature of the call and why they are calling you specifically in order to try and ascertain who you are speaking to and whether it is a legitimate telephone call. 

Do not provide the caller with any details or information about the University where you are unsure who you are speaking to. 

If in doubt, ask them to contact you via email confirming who they are and why they are looking to speak with you. 

Phishing is a form of online fraud. In a typical phishing incident, you may receive an email or pop-up message that claims to be from colleague or another business or organisation that you may have previously dealt with for example PayPal or Bank of Ireland. The message may ask you to ‘update,’ ‘validate,’ or ‘confirm’ your account information.

Please use the report the report message function in Microsoft Outlook to report any Phishing emails you receive. If you do fall victim to a Phishing attempt please contact IT support straight away. 

You can find more information about in our Phishing section here.

Below are some quick tips t stay safe online. 

Keep your computers and mobile devices up to date.

Having the latest security software, web browser, and operating system are the best defences against viruses, malware, and other online threats. Turn on automatic updates so you receive the newest fixes as they become available.

Set strong passwords.

A strong password is at least eight characters in length and includes a mix of upper and lowercase letters, numbers, and special characters.

Watch out for phishing scams.

Phishing scams use fraudulent emails and websites to trick users into disclosing private account or login information. Do not click on links or open any attachments or pop-up screens from sources you are not familiar with.

Keep personal information personal.

Hackers can use social media profiles to figure out your passwords and answer those security questions in the password reset tools. Lockdown your privacy settings and avoid posting things like birthdays, addresses, mother’s maiden name, etc. Be wary of requests to connect with people you do not know.

Secure your internet connection.

Always protect your home wireless network with a password. When connecting to public Wi-Fi networks, be cautious about what information you are sending over it.

For more information on protecting your identity see the section "Protect your identity" on the Technology Services Security page here.

You can find a full list of IT Security policy's in the Technology Services section of the TU Dublin website here.   

One Drive will allow you to share files securely  via the web from any device, wherever you are. The University also has access to HEAnet FileSender which you access using single sign on with your TU Dublin email address and password.

HEAnet FileSender is a secure way to share large files with anyone!

Login here to upload your files or invite people to send you a file.

You can find more information on securing your device and the University's data on the IT Security section of the TU Dublin website here. 

If you're looking for information on IT security at TU Dublin, the IT Security webpage is a great resource. It has a comprehensive collection of details that might help you with your query.

Alternatively, if you need more personalized assistance, don't hesitate to contact the Support Desk. They're equipped to handle any IT-related questions or issues you might have.

Microsoft Copilot is the only AI assistant supported for use at TU Dublin. Please ensure all AI-related tasks and queries are used through this platform.

File Sensitivity Labels are a feature that has been deployed to the University’s Microsoft Office applications. These allow you to label a file that may be highly sensitive or personal/confidential, that shouldn’t be in the public domain and/or have restricted access.

Using these labels will allow staff to spot materials that shouldn’t be shared or stored in unrestricted areas, as well as trigger helpful prompts if being sent by email, warning of the file’s sensitivity.

The label feature can be found in the Office ribbon in the “Home” tab on the far right hand side. Visibility of the label itself is found in the file name, visible in Windows File Explorer and Microsoft 365 online.

If you don't see the button: note that it's not available in older versions of Office. We recommend you upgrade to Office 365. Please log a call with the IT Support Desk. 

DLP is a security solution that identifies and helps prevent unsafe or inappropriate sharing, transfer, or use of sensitive data. It monitors and protects sensitive information across various platforms and helps TU Dublin comply with regulations like GDPR.

DLP combines people, processes, and technology to detect and prevent data leakage.

Sensitivity Labels allow classification and protection of data based on its sensitivity level. They ensure that information is handled appropriately and securely. These labels can be linked to DLP policies to enhance data protection.

The key benefits include maintaining regulatory compliance, detecting and blocking suspicious activity, monitoring data access and usage, and providing an extra layer of security to prevent unauthorized access to sensitive content.

For any questions or concerns regarding IT security or DLP, you can contact the Technology Services Support Desk.

The IT security policies, including those related to DLP, can be found on the TU Dublin website under the IT Security Policies section.

If you suspect a breach of data security, immediately report it to the TU Dublin Technology Services Support Desk and Data Governance. 

DMARC is an internet-based technical specification that describes how to make email easy to identify and authorise. Many email providers worldwide, including Google, Yahoo, Microsoft, and AOL, support it.

DMARC serves as a robust defence against phishing attempts on our organisation and others, as well as spam using our domain names. It also empowers receivers, including ourselves, to verify the authenticity of emails sent with our domain, thereby enhancing email security.

Once DMARC is deployed, it enables us to reject emails that aren't authentically from us, safeguarding our domains. However, it's important to note that this may affect emails you automatically forward from us to another destination, addressing a potential concern you might have.

DMARC may prevent forwarding from being successful if a server or mailbox is configured to forward emails from our domain to another destination automatically. Typically, the forwarder will receive a delivery failure, citing DMARC as a reason for emails affected by this behaviour.

Multi-factor Authentication (MFA) or Two-step verification is a security feature that TU Dublin has deployed to protect your account.

Two-step verification is more secure than just a password

• It relies on two forms of authentication: something you know, and something you have with you.

Why is it useful? 

• Using two-step verification can help protect your account, as it prevents malicious hackers from signing in to your account if they know your password.
• TU Dublin highly recommends using the Microsoft Authenticator App

Multifactor Authentication (MFA) also known as two-step verification is more secure than just a
password because it relies on two forms of authentication: something you know, and something you
have with you. This adds a critical second layer of security when users sign-in to their TU Dublin
Office 365 account. The something you know is your password, while the something you have with
you is your phone. Using MFA can help to stop malicious hackers from signing in as you, even if they
get your password.

MFA works by requiring both of the following verification methods to access your TU
Dublin account:

• Something you know (your TU Dublin username & password)
• Something you have (a trusted device - your mobile phone).

Authenticator APP

The Microsoft Authenticator app helps you sign in to your accounts when you're using two-step verification. Two-step verification helps you to use your accounts more securely because passwords can be forgotten, stolen, or compromised. 

Microsoft Authenticator will prompt you to enter a number displayed on the sign-in screen when approving an MFA request in Microsoft Authenticator. This is called number matching and it further protects you from potential accidental approvals and phishing attempts.

When you use your TU Dublin email address and password to sign in to an application connected to Office 365 you will be prompted to enter a number in the authenticator app. 

Code sent by SMS text message 

When you use your TU Dublin email address and password to sign in to an application connected to Office 365 you will be prompted to enter a code on screen which will be sent to your registered mobile device. 

Microsoft will enable the new number matching feature by default in early 2023 for all users of the Authenticator app. With number matching, a number is displayed to a user when they sign in, and instead of entering this number on the device they are signing into, they confirm the number on their MFA smart device.

No. Microsoft will be enforcing the number match experience for all Office 365 users globally starting February 27, 2023

Yes, you can change the verification method at any time.
Browse to the following site https://aka.ms/mfasetup
Sign in with your TU Dublin email address and password.

MFA can slightly increase the time it takes to log in, but it also increases the security of the account. The added time is minimal and worth the increased security.

Your mobile device number is stored securely within TU Dublin’s Microsoft Office 365 tenant and is
only used for the purpose of your account security. It is not visible to members of Technology Services

If you do not want your number stored within the tenant choose the Microsoft Authenticator App as
your preferred method.

Browse to the following site https://aka.ms/mfasetup
Here you will see the options that are currently enabled for your account.
Edit the number in the Authentication phone field.

While on the any of the TU Dublin campus networks, MFA is not required, but should you access any
of your Office 365 services from anywhere else you will be challenged for MFA.

Yes, it is possible to view and or edit the number devices that you have setup the Microsoft
Authenticator app on.
Browse to the following site https://aka.ms/mfasetup
Sign in with your TU Dublin email address and password.
Here you will see a listing of devices that have the authenticator app installed. From here you have
the ability to delete any of these devices. Simply select Delete beside the device you wish to remove.
If you would like to add an additional device. Download the Authenticator App to your device and
then select “Set up Authenticator app” and follow the instructions here.

The Microsoft Authenticator app collects three types of information:

• Account info you provide when you add your account. This data can be removed by removing your
  account.
• Diagnostic log data, which resides only in the app until you choose to Send Logs to Microsoft
  through the app's Help menu. These log files contain personal data, like your email addresses (such
  as, firstname.surname@tudublin.ie), server/IP addresses, and device data (such as, device name and
  operating system version), with the personal data limited to info necessary to help troubleshoot app
  issues. You can view these log files in the app at any time to see the info being gathered. If you send
  the log files, the Authentication app engineers can use it to troubleshoot customer-reported issues.
  
  
• Non-personally identifiable usage data, such “started add account flow/successfully added account,”
  or “notification approved.” This data is an integral part of our engineering decisions and helps us
  determine what features are important to you, and where improvements need to be made in the
  form of updates to the apps. You, as an app user, see a notification of this data collection on first
  launch of the app, and are informed that it can be turned off on the app’s Settings page. You can
  enable or disable this setting at any time.

No. If you are prompted to approve a sign in but haven't tried to sign into anything, there is the
possibility that there was an application that automatically started with your password saved
attempting to log in, or your sign-in attempt was sent twice (e.g. refreshing a log in page).
If the sign in request appears during a time where you have not attempted to sign in or open
applications recently, it may be someone else attempting to access your account without your
permission. If you are ever unsure, click deny and contact IT Support to report suspicious activity.

IT Security schedule regular security awareness sessions for staff throughout the year hosted by our partners in HEAnet. 

The sessions will focus on:

Cybersecurity trends

Phishing and social engineering

Email security.

Password management

Malware protection and Ransomware

Endpoint device security

You can find the full schedule for the year here. 

Students can simply click on the link below to start a free online security training course which will provide you with essential cyber security skills to help you protect your information.

Topics include:

Phishing

Malware

Password Management

Apply Now: Cyber Security Training

Our Cyber Champions have two main tasks:  

1. Inform colleagues how to spot and report phishing 
2. Encourage colleagues to complete annual cyber security training. 

Champions are responsible for liaising with their colleagues in their respective department/division. For example, a champion from the Department of Computing is only expected to reach out to their peers in Computing, not Finance, HR, etc. 

Champions can also share periodic security updates from the cyber security team. Templates will be provided, and champions are welcome to tailor guidance to fit their department/division’s unique needs. Cyber security topics shared will be light touch and as informative but non-disruptive to staff as possible.

To volunteer as a champion, please complete the cyber security awareness training hosted by HEAnet. You can find a list of scheduled training here. Alternatively, take part in your department/division’s group training session, speak to your department manager to ask when your training is scheduled.

When you’ve completed awareness training, please email itsupport@tudublin.ie to register your interest in being a Cyber Champion. The cyber security team will email back with more information once enough staff have volunteered to organise an induction meeting for the first champions. 

Yes, if you wish to use a cloud application or service from a third-party that will host or process sensitive or personally identifiable information you must engage with the Cloud Service Provider request process. 
TU Dublin is obligated under its Cloud Services Policy and article 28 of the GDPR (General Data Protection Regulation) to review and approve all cloud services in use within the University.

You can find more information on the Cloud Service Provider request process and how to apply for an assessment here. 

If a third-party organisation or external data hosting service will host or process senstive or personal data, then you must engage with the Cloud Service Provider request process.

Data Processing is defined as “any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

If you are unsure if a third-party service will be processing personal data, please contact the Cloud Service Provider Approval Group at cspag@tudublin.ie 

A request should be made using the following Microsoft form:

https://forms.office.com/pages/responsepage.aspx?id=yxdjdkjpX06M7Nq8ji_V2jQbTFC3jM1Bs6ZN8L7QZUxURVhTQkdFSjNXUElIMlUyMlkyUkNONFBZRy4u

Please note: Heads of Discipline, Heads of School or Heads of Functional Area will need to approve any requests being submitted for review by CSPAG.  The Cloud Service Provider Assessment Group will then log and process the request.

Once it has been logged by CSPAG, the requester will receive an email with links to the External Data Hosting Questionnaire and the Data Protection Impact Assessment form. The completed documents should be returned to CSPAG@tudublin.ie

External Data Hosting Questionnaire

The third-party service provider must complete the External Data Hosting Questionnaire. This will allow Technology Services assess the security of the Cloud Service provider.

www.tudublin.ie/media/website/connect/technology-services/documents/External-Data-Hosting-Questionnaire-v1.3.docx

Data Protection Impact Assessment (DPIA)

The requester and not the third party must complete the DPIA.  A DPIA aims to identify risks arising out of the processing of personal data and to minimise those risks where possible.

https://www.tudublin.ie/explore/gdpr/data-protection-impact-assessment/

The review process may take 6-8 weeks to complete, commencing once all requested documentation has been received by CSPAG.  

Once all documentation has been received by the CSPAG, the following will happen:

• The External Hosting Questionnaire, along with any additional documentation will be reviewed to ensure that the Cloud Service Provider have acceptable IT security and data privacy policies and procedures in place to minimise the risk of loss or exposure of TU Dublin data.
• The DPIA will be reviewed to ensure that TU Dublin are compliant with data protection law.
• Members of IT Support and IT infrastructure will be consulted to ensure there are not additional concerns with the requested Cloud Service Provider.

Please note: Members of the CSPAG may need to contact the requester throughout this process to seek additional information from them directly or the Cloud Service Provider.  It will be the responsibility of the requester to obtain this information from the Cloud Service Provider when requested.