Find out how to play your part to keep Oxford University cyber secure
Oxford Secure is equipping staff and students with knowledge, life skills and resources related to cyber security and data privacy, so they can act as a joined-up human firewall to safeguard Oxford’s uniqueness.
A new cyber security and data privacy training programme is being rolled out during Michaelmas term 2023 - look out for your invitation to take part.
Here are the key things that everyone needs to know to keep yourself and our data safe:
1. Keep your accounts safe
Always create strong passwords and use multi-factor authentication when available for all your accounts. In particular, make sure your Oxford Single Sign-On (SSO) account is kept as secure as possible, as this is just the kind of account that hackers love, with access to multiple services within Oxford. Bear in mind that you may not think you have access to anything valuable, but once a hacker has access to even one SSO account, they have acces to numerous Oxford systems and can cause extensive damage.
2. Be careful with personal and research data
Data is the lifeblood of the University.
How would you feel if your personal data was used in a way you didn’t expect? Make sure that you only use personal data for the purpose for which it was collected, only keep it for as long as necessary, and dispose of it securely once it’s no longer needed.
Consider the need for sharing, think carefully about what you share before you share it and only share what’s necessary. The University’s Data Protection By Design framework is provided to enable staff to evidence how they are embedding data protection into all of their personal data processing activities.
If you work with research data, then make sure you secure your research information.
3. Stop. Think. Click.
A staggering 82% of emails sent to University email addresses are blocked by the email security gateway as potential phishing. But of the remaining emails that get through, some will still contain phishing attacks and it’s important that we all know the signs and remembers to stop, pause and think before clicking on links. In particular, be cautious of clicking links on social media and in emails and opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people you know and trust).
4. Keep your devices secure and patched
It’s important that you keep all your devices secure, including personal phones and laptops. If you use a managed device at the University, then this should be kept secure and updated by your department or managed service provider. However, if you are using personal devices, then it’s your responsibility to keep the device safe and secure. Here are some key tips for protecting your computer and mobile device at Oxford.
5. If in doubt, report it
Don't delay, the longer you leave it the greater risk. All incidents should be reported immediately:
- Breaches involving personal data: contact the Information Compliance Team email@example.com
- IT security related incidents such as malware or hacks: Oxford University Emergency Response team (OxCERT) firstname.lastname@example.org or 82222
- Phishing email or other malicious email sent to your Oxford University email address: forward it to email@example.com
6. Take your information security and data privacy training
We are launching a new information security and data privacy training course during Michaelmas term 2023 for staff and students. Keep an eye out for your invitation to take the new course. In the meantime, please continue taking the old course – the content is still correct and will help keep you safe.
We urge everyone to take this course – it’s a requirement for all staff to take training to ensure the University is compliant with UK data protection legislation.
Many research funding bodies now require proof that all staff are adequately trained before funding is approved, so it’s important that everyone, not just the researchers who will be handling research data, understand their responsibilities in relation to information security and data privacy.