Computer security and personal data protection
The IT security of infrastructures, systems, services and data made available to university students (e.g. Wi-Fi, email, etc.) plays an essential role in the correct functioning of the information technology in use.
The ICT Security Staff Office of the University of Milan, in line with national legislation and university regulations:
- promotes the adoption of IT good practice for data protection to minimize the risk of accidents;
- intervenes by limiting or impeding access to IT resources if behavior occurs that could endanger the university IT systems’ security and services.
Upon enrolment, students will be informed of their University of Milan credentials, consisting of a username (corresponding to the student’s university email address) and a password, which is generated automatically by the authentication system.
It is good practice to change your password during the first access to online services, while respecting the following requirements, which are considered good practice for access security.
The University of Milan uses the network services provided by GARR, the Italian University and Research Network. The use of the GARR Network and its services is subject to compliance with the Acceptable Use Policy (AUP) by all users.
The University e-mail service is periodically subject to a particular type of cyberattack, referred to as phishing, which aims to steal the user’s access credentials.
Generally, in these cases, the sender of the emails pretends to be the administrator of the university's email system who is reporting a serious problem that can be solved only by replying to the email and indicating the user’s credentials; or the message may include a link that leads to a fraudulent site in which the user is required to indicate their username and password. Examples of this type of e-mail are below:
Dear User, your email inbox is full and so it is not possible to send or receive further emails. To resolve this problem, please connect to the site: http://securemail.unimi.it.globetrotter.info/ and enter your username and password.
Dear user, due to an unfortunate technical problem the email system must be reset. To complete this operation, your credentials are needed in order to recover your email chronology. Therefore, please reply to this email including the following information:
These messages are false. The administrators of the university IT services never ask for your credentials by email.
Falling into this trap could lead to a series of repeating episodes that could be personal or collective, and which are quite dangerous.
Stolen email credentials can be used to generate large streams of unwanted and/or dangerous emails (even millions of emails in just a few minutes). These malicious streams of messages from our servers compromise their reputation internationally, and can lead to inclusion on penalty blacklists, which, in the most serious cases could lead to blocking the entire university email service for hours or even days.
The ICT Security Staff Office publishes warnings of current attacks and phishing attempts through the portal dedicated to the university staff.