Last Update:2025/02/06

Security

1. Be aware of security

When using various online services, not only campus information services, constantly pay attention to security. An example is given below. These are just a few examples.

1. Application of a security update program

Should you discover a security risk or defect with the basic software (OS) installed on your personal computer, tablet or smartphone, etc., apply software fix or patch that is provided by the manufacturer.

2. Installation of an anti-malware tool

As a method for preventing damages due to malware (malicious program), one basic measure that can be done at the private individual user level is to install security measures. At Tohoku University, security software is provided for use by students and faculty members. See this page  (on-campus access only) for details.

3. Encryption

On the Internet, in general, unless various information is protected by methods such as encryption, the information will be sent over the network without any concealment. Information such as this will also be leaked to third parties. It is extremely risky to interact or communicate with others without encrypting confidential information.

4. Confirm with whom you are communicating

Given that you cannot see who you are communicating with over a network, there is no guarantee if who you are communicating with is an actual person or the person with whom you intended to communicate. In light of this, people are deceived by fake websites and, input and send their confidential information, including their personal information. As a result, there is a risk their secrets will be stolen. Prior to sending confidential information, make it a habit to confirm the validity of the person with whom you are communicating, such as obtaining a digital signature.

5. Do not lightly upload personal information

Be aware that information on the Internet can be seen by anyone around the world. Uploading information that can easily identify an individual, including on social media, can trigger disastrous consequences.

6. Cyber attacks via email

There are many incidents where emails are used in cyber attacks. Be extremely cautious of emails from an unknown sender, particularly emails such as this with an attached file or which contain a link in the main body of the email. Email attacks by a person impersonating a legitimate sender are also increasing. Make it a habit to carry out a strict check not only of the ‘From’ field in emails but also the validity of the main body of an email and the digital signature.

7. Points to note concerning USB memories

A USB memory is convenient. However, this is also one of the most frequently used tools for launching a malware attack. There is a risk of inserting a USB memory from an unknown source or which is unidentified into your device. Also, there are frequent cases of students forgetting and leaving their USB memory stick plugged into a device at the PC laboratory. Depending on the situation, this could lead to a serious leak of personal information therefore be careful not to forget your USB memory stick. To prevent the leak of information, if possible, lock your USB memory with a password.

7. Points to note concerning printers

When using a printer in the PC Laboratory or other places, make sure to confirm in advance which printer will be used to print out. Before you realize it, you may print out confidential information, including your transcripts, at a printer in a completely different location.

8. Others

At Tohoku University, a guidebook on information security has been prepared. The guidebook can be accessed here so refer to this as well (it is necessary to implement authentication by DCMail or TU email to view).

2. What to do when you think something is wrong

Consult with the following entities as soon as possible in the event you believe your ID and/or password might have been stolen, when you believe something is wrong, or in case you notice something suspicious.

3. Others

  • In the event suspicious behavior, including the hijacking of or an attack on the account of a specific individual, is detected, action should be taken, such as the administrator temporarily freezing the relevant account without permission from the account owner.
  • You should not connect to the network and use an older version of an OS or applications that are no longer supported by the manufacturer/developer and no longer receive security fixes. In the event there is no choice but to use this software, use it in an environment that is disconnected from the network.
ページTOPへ戻る