Digital Security at the University Now – digital security review 1/2025

Digital Security at the University Now is a review of topical matters related to information security and digital security at the University. From now on, the review will be published four times a year in Flamma and the Studies Service. We will include a selection of topical matters from the National Cyber Security Centre’s publications as well as the University’s digital security news.

infographic The University's information security in figures, the information can be found in text under the image — The University's information security in figures from 1 December 2024 to 31 January 2025:
Incoming phishing messages: 671672.
17600 automatic alerts received by the information security team (Microsoft Sentinel).
University staff and students’ Outlook reports about phishing messages and junk mail: 7002.
25 tickets received by the information security team.
Number of IT Security Tests completed: 5885.

On this review:

News from the National Cyber Security Centre
The Information Security Manager's 2024 report on information security
What is multi-factor authentication (MFA) and why is it an important part of the University's information security?

1. News from the National Cyber Security Centre

In this section, we gather topical content from the latest publications and reviews of the National Cyber Security Centre.

Recently reported scams: Suomi.fi phishing text messages (National Cyber Security Centre’s weekly review)
See other news from the National Cyber Security Centre on the National Cyber Security Centre website under Information Security now.

2. The Information Security Manager's 2024 report on information security

In terms of digital security, the University had a relatively quiet year in 2024. However, this does not mean that there were fewer attacks. Phishing attempts, malware attacks and password cracking were continuous, but fortunately almost all of them were blocked.

The number of credentials that fell into the wrong hands decreased for the second year in a row, which was a very positive development. A big thanks for this goes to the entire University community: your ability to both identify and avoid scams is very important.

As attackers become increasingly skilful, the University must also develop its own resilience, which is why several projects to raise the security level will be implemented in 2025. Most importantly, the use of multi-factor authentication will be expanded in March. Follow news in Flamma to stay up to date on events!

3. What is multi-factor authentication (MFA) and why is it an important part of the University's information security?

The most common way to log in to different services and systems is to use a username and a password. However, this is a fairly light form of protection and is therefore easy to crack. Multi-factor authentication (MFA) literally means that a person’s identity is verified using various authentication methods.

The most common form of multi-factor authentication is two-factor authentication (2FA). Two-factor authentication uses two different authentication methods when users log in. Two-factor authentication enables users to reliably prove that they are the person they claim to be. Two-factor authentication can prevent almost all attempts to crack and hijack accounts. The additional verification effectively prevents unauthorised users from gaining access even if the password is cracked or stolen. MFA also helps prevent passwords from being cracked in one system and misused in another.

At the University of Helsinki, the recommended way to use MFA is to install the Microsoft Authenticator app on your smartphone. Logins are then approved through push notifications on the phone. There are other ways to use MFA, and these are described on the IT Helpdesk instructions site. MFA is easy to deploy and use, and there is no need to remember separate usernames. Using MFA in as many services as possible increases the scope of information security and reduces the chances of usernames being misused in other University services. With MFA, you can protect not only your own information but also that of the entire community.

In addition to University services, MFA should be implemented in other available applications and services. It is particularly important to protect accounts that contain personal data and payment information. For instructions on deploying MFA in different applications, see the National Cyber Security Centre’s page.