Metropolia's activities are guided by existing legislation of public authorities, which instruct on the proper accessibility, availability and integrity of documents and information systems and the data they contain. These policies are continuously developed, monitored and, where necessary, improved. These developments are carried out in cooperation with all Metropolia departments.

Information security in short

Information security is one of the means of achieving data protection. Information security refers to the appropriate protection of various data, systems, services and data transmission using administrative and technical measures. Administrative measures consist of a company’s practices, such as its password policy. Technical measures are protection mechanisms functioning in the background, including firewalls and identity management.

Data can be secured through a variety of technical measures, but as a user you are the most responsible for the security of your data.

It's highly recommended to complete the information security training in Moodle.

Adopt these best practices

1. Create a Strong Password and Use Passphrases
   Use a password that includes lowercase and uppercase letters, numbers, and special characters. Never share your password with anyone—if someone asks for it, they are likely a cybercriminal. Metropolia’s IT Serices will never request your password. A passphrase (e.g., a memorable sentence) can help you remember your password more easily. The recommended password length is 8–15 characters.
    
2. Use Unique Passwords for Different Services
   Do not use the same password for Metropolia's information services as you do for other digital services, such as social media, online stores, or personal email. Use password manager tools to securely manage and store your passwords.
    
3. Multi-Factor Authentication Adds an Extra Layer of Security
   Multi-Factor Authentication (MFA) requires a second method of verification in addition to your username and password. Many digital service providers, such as social media platforms, online stores, and email services offer MFA to enhance your account security.
    
4. Report All Problems and Incidents to the Helpdesk
   If you forget your password or accidentally click on a suspicious link, change your password immediately.  Report any irregularities to Metropolia’s Helpdesk.
    
5. Be Aware of Social Engineering
   Social engineering is a form of criminal activity where the attacker manipulates the victim into revealing sensitive information. The attacker may exploit the victim’s goodwill or lack of awareness. Always be cautious if someone asks you for information or actions that seem unusual.
    
6. Keep Your Devices and Applications Up to Date
   Cybercriminals exploit outdated software and services that contain security vulnerabilities. Updates fix these issues and improve protection. Make sure your operating system, applications, and browser are always up to date to maintain maximum protection against cyberattacks.

Table of contents

• General instructions
• Information Security and Artificial Intelligence (AI)
• Instructions for Information Security Threats
• Processing of information and documents
• Security and Privacy Guidelines for Metropolia's Remote Interviews
• Software and system procurement
• The Policies,Terms and Conditions of Information Security
• Training materials and Metropolia's information security courses

Note. Some instructions are only visible to logged in users. You can log in from the Login button in the upper right corner of the screen by using Metropolia, Haka or Visitor login.

Tietoturva ohjeistukset ja säännöt