Stay safe online
Don’t respond to emails or phone calls requesting confidential University information, including staff or student information, financial results or sensitive research data.
It’s easy for an unauthorised person to call and pretend to be a University employee or one of our suppliers or contractors. Stay on guard to avoid falling for this scam, report any suspicious activity to IT Services, and protect your personal information just as closely.
When you access sensitive information from a non-secure computer, like one in an internet café or a shared machine at a hotel, you put the information you’re viewing at risk.
Installing updates for your operating system and software is critical, even on personal devices. Don’t forget to update your anti-virus software. You should access computer systems as a standard user, not with administrator access rights, whenever possible.
Be aware of sensitive data that you come into contact with and associated restrictions. Preview the University Privacy Management Plan and the Information Security Data Classification procedure to understand data protection requirements.
Don’t leave sensitive written or printed information on your desk. Keep your desk tidy and documents locked away. It makes the office look more organised, and reduces the risk of information leaks.
In general we recommend you:
- Do not store sensitive data (e.g. personal and student records, health information, etc.) on your workstation, laptop or mobile device.
- Move records to TRIM (staff system) where appropriate, to help manage security and retention.
- Always use encryption when storing or transmitting sensitive data.
Always lock your computer and mobile phone when you’re not using them. You work on important things, and we want to make sure they stay safe and secure.
Locking your phone and computer keeps your data and contacts safe from prying eyes. If you keep sensitive information on a flash drive or external hard drive, make sure to keep these locked as well, whether through encrypting or physically protecting the device.
Always report any suspicious activity to IT Services. Part of our job is to stop cyber attacks and to make sure our data isn’t lost or stolen. All of our jobs depend on keeping our information safe. In case something goes wrong, the sooner we know about it, the faster we can deal with it.
If you notice suspicious activity relating to your own account, report it and reset your password immediately.
Don’t use obvious passwords, like “Password1!” or obvious character sequences on the qwerty keyboard, like “Qwerty1!". It is more effective to use a complex password like $e7enal1ig@t0r5inmyb^th (seven alligators in my bath). NB: do not use that example – invent your own!
Include different letter cases, numbers, and special characters when creating your password. Use different passwords for different websites and computers, so if one gets hacked, your other accounts are not compromised.
Remember to change your password (click here) every 12 months and use multi-factor authentication if it’s available. Click here to learn more about password security.
Don’t let curiosity get the best of you. Always delete suspicious emails and links. Opening or viewing suspicious emails and links can compromise your computer and create unwanted problems without your knowledge.
Remember, if something looks too good to be true, it probably is.
Before you connect to any public wireless hotspot – like on an airplane, in an airport, hotel, train/bus station or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network. Using your mobile network connection is generally more secure.
Malicious applications often pose as legitimate programs, like games, tools or even anti-virus software. Malicious code is also commonly found in freeware and shareware found on the internet. Attackers aim to fool you into infecting your computer or network. If you like an application and have a business case for legitimate use, contact the IT Service Desk to look into it for you before installing.
Back up data on a regular basis and keep copies in multiple locations. If you are a victim of a security incident, the only secure way to recover is to erase all data and reinstall the system. Backups are especially crucial with the increased prevalence of ransomware viruses and malicious spam.