As part of an ongoing security project, Information Services and Governance & Assurance teams have been working collaboratively to improve our security controls. 

During the Covid-19 pandemic, as many of our core university activities move online, the importance of Digital Security across our global estate has never been more critical.

Cyber criminals continue to target UK Universities, including Nottingham, and robust controls are necessary to prevent attackers from gaining a foothold onto university systems. 

Throughout 2021 the teams are planning a number of security enhancements to university systems and services which will be of benefit to all staff, students and visitors.

Below is an overview of these activities, with an indicative timeline (from February 2021 – Summer 2021) of the changes being introduced: 

What security enhancements are being planned? 

February 2021

• New ‘phishing’ button in Outlook – In order to assist users who have been subject to a ‘phishing’ attack, we have enabled a ‘Report Message’ button within the client and web versions of Microsoft Outlook. The button will send a report directly to the University IT Security team, making it much easier for users to report phishing emails quickly. For instructions and to find out more, visit our SharePoint site. 

Spring 2021

• Multi-Factor Authentication for Virtual Desktop users – Following the introduction of our new cloud-based Windows Virtual Desktop service last year, between February and April, we will be enhancing authentication by the introduction of Multi-Factor Authentication (MFA). This means users will need to use MFA to gain access. This has been successfully enabled for staff who already have MFA setup. We will announce a date when the use of MFA will be enforced for all other Virtual Desktop users. 

• University Phishing Campaign – Later this year, the Governance & Assurance team will be refreshing and re-launching a University ‘Phishing’ campaign. Further details will follow over the coming months. 

• Password policy update – We are in the process of updating the University IT account password policy and introducing new password check features. The new policy will come into force from Tuesday 2 March for new users and anyone changing or resetting their password. There is no action required at this present time. 

Spring and Summer 2021

• Enhanced Passwords for staff, students and visitors – Later this year we will also be asking staff, students and visitors to re-visit their current University password and will be targeting individuals where required, to enhance their existing credentials – more details to follow. 

• Remote Device Patching – Whilst a large proportion of staff work away from campus, we have encouraged regular connection to the VPN in order to download the latest software and security updates. To make this an easier process for staff and postgraduate researchers with university managed devices, we will be introducing a new automated patching service (‘Intune’ software from Microsoft). 

• Multi-Factor Authentication for Microsoft 365 (Office 365) – To increase digital security of our core Microsoft applications, we will be looking to introduce Multi-Factor authentication for Office 365 – more details to follow. 

We hope that you find this advance notification of these projects useful and reassuring that Digital Security of our systems and users are of paramount importance to the University. 

We will endeavour to communicate early with stakeholders regarding proposed changes and to offer support as we work through this wider plan to implement these important and essential security changes. 

Thank you for your support.