The University of Southampton
SUSSED News

Managing third-party accounts

At the University, some of us may use third-party services such as Facebook, Twitter or MailChimp to support our work. These platforms allow us to interact with different university communities, create exciting content and send mass mails. Sometimes, you may need to set up an account to access these features.  

The Facebook, Mailchimp, Twitter, and YouTube logos.

Cyber criminals are known to target online accounts as it is a prime opportunity to send mass phishing emails, share malicious links or access account details. 

Here are some of the best practices we provide on the cyber security SharePoint site that you can adopt when managing third-party accounts: 

Best practices 

Setting up Multi-Factor Authentication (also known as 2-Step Verification) 

  • Some third-party accounts, such as online banking, already enable this security feature by default. Please note this would be provided by the third-party and separate from the MFA set up on your university account. 

Always check the website before signing in 

Monitor and review account activity regularly 

  • With some third-party services, you can view account history or sign-in reports to check who has logged into the account. 
  • This will also help you understand if you still require the third-party service. If you no longer require a third-party account, please delete it and the data associated with it. 

Reporting any suspicious activity as soon as possible 

  • If you notice any suspicious activity on your account, please change your password immediately and report this to the Information Security Team.

Additional best practices for teams 

If you are part of a team or group that uses the same third-party account(s) and shares account details, consider the following best practices: 

  • Set up and use a university shared mailbox account with a generic email address that is relevant to your team. Use this shared mailbox every time you create an account with a third-party service. 
  • Only give access to the members of your team who need it as part of their role. Maintain a record of users and update this list as and when team members change.

Further support and advice 

Footer block - blue

 
Share this post Facebook Google+ Twitter Weibo
Powered by Fruition