At the University, some of us may use third-party services such as Facebook, Twitter or MailChimp to support our work. These platforms allow us to interact with different university communities, create exciting content and send mass mails. Sometimes, you may need to set up an account to access these features.
Cyber criminals are known to target online accounts as it is a prime opportunity to send mass phishing emails, share malicious links or access account details.
Here are some of the best practices we provide on the cyber security SharePoint site that you can adopt when managing third-party accounts:
Best practices
Setting up Multi-Factor Authentication (also known as 2-Step Verification)
- Some third-party accounts, such as online banking, already enable this security feature by default. Please note this would be provided by the third-party and separate from the MFA set up on your university account.
Always check the website before signing in
- If the website seems suspicious or questionable, please avoid it and report it to the Information Security Team.
Monitor and review account activity regularly
- With some third-party services, you can view account history or sign-in reports to check who has logged into the account.
- This will also help you understand if you still require the third-party service. If you no longer require a third-party account, please delete it and the data associated with it.
Reporting any suspicious activity as soon as possible
- If you notice any suspicious activity on your account, please change your password immediately and report this to the Information Security Team.
Additional best practices for teams
If you are part of a team or group that uses the same third-party account(s) and shares account details, consider the following best practices:
- Set up and use a university shared mailbox account with a generic email address that is relevant to your team. Use this shared mailbox every time you create an account with a third-party service.
- Only give access to the members of your team who need it as part of their role. Maintain a record of users and update this list as and when team members change.
Further support and advice
- Staff and PGRs, if you haven’t already done so, please ensure you complete the two mandatory cyber security training courses. Please feel free to take the training again if you would like to refresh your cyber security awareness.
- If you do have any cyber security related questions or concerns, please contact ServiceLine who will be able to support you.
- More information can be found on the Cyber Security SharePoint site.