Information Security


Stay safe online at Oxford

Stay safe online at Oxford


Here at the University, we take information security very seriously. We rely on data for everything we do and everybody has a responsibility to make sure the information they access doesn't get hacked, infected, abused or destroyed by unscrupulous online scammers and spammers. People trust us to keep their personal details and research data safe, and they need to know we won't let them down. Here's how to secure your accounts, devices and data from day one, and where to go for support.



At a glance

In detail

Let's start with one of the most useful 45 minutes you can spend at work this year. The online information security awareness training module is available to anyone working at the University. It takes you through your responsibilities, spells out the risks you run if you fail to take them seriously, and explains how to protect the information you’re working with. All managers should ensure that everyone who has access to a computer as part of their work does the online training module.

If you work in a group handling high-risk data (for example, as a finance officer or in a medical research group) and you think the online module doesn't quite cover your needs, contact us to enquire about bespoke training we may be able to offer or help to arrange.

There's also a wide variety of online courses and information that we recommend to help you stay safe online:

Your Oxford Single Sign-On (SSO) account lets you access multiple services, including all University resources provided by IT Services and much more, via one handy login (hence the name). It's your keys to the kingdom, if you will.

Being able to access so much useful stuff through one single account makes your online life with the University a whole lot easier. On the flip-side, it's the kind of one-stop-shop account that hackers dream about and you need to guard it with all the security at your disposal.

First, your password is vital to defend against online attackers. When setting up your account, make sure you read our advice on how to create strong passwords. As an extra security measure, we get you to change your password annually (here's why). Set or change your password

Second, make sure you get clued up on 'phishing' because University email accounts are being increasingly targeted by scammers - often pretending to be from IT Services and requesting your login details. Remember, passwords are for you alone and you should never give them to anyone else including any University IT staff - we will never ask for them for any reason. While you can expect to receive genuine password expiry notices from IT Services once a year (as mentioned above), you will not be asked to respond directly to these notices.

Reporting phishing

If you receive an email that is asking you to divulge your sign-in details relating to a University service, please help us (and fellow members of the University) by reporting it immediately. Send the email as an attachment to

We recommend that you make use of mail filtering on your Nexus account to help screen out dubious emails and read our detailed advice on how to avoid email scams.

If you use your own device on the University network, you are responsible for keeping it secure to protect yourself, University data, and other devices and users. See our advice on how to protect your computer for more information.

Anti-virus software is an important line of defence against online attacks. The University has a site licence for the Sophos Anti-Virus client (for Windows, Apple Mac OS X and Linux) and it is available for members of the University to install on their devices for free.

To install Sophos Anti-Virus:

  1. Visit Software Registration and Download.
  2. Select 'Sophos Anti-Virus' and click submit.
  3. Download and install the appropriate Sophos client for your computer's operating system.

Doing this also makes sure that you are registered on a mailing list so that you receive important security announcements. IT Services also maintains a list of the latest virus alerts at the University.

If you have alternative anti-virus software that you are happy with, then it's fine to stay with that as long as it is kept up to date.

When you leave the University, you must remove the Sophos Anti-Virus product provided by the University from all your devices. (We recommend that you install an alternative anti-virus product in its place.)

Elsewhere on this website, we recommend a number of ways to back up your data regularly and securely. For staff and postgraduates, the University also runs a free backup service (called the HFS - register here), which lets users back up data on demand and/or on a weekly automatic schedule.

Encrypting your laptop will stop anyone getting at your personal data in the event it gets lost or stolen. Depending on your model of computer, you can find instructions here for doing this with either Windows Bitlocker or Mac Filevault (see the 'useful links' section below). The University also offers a whole-disk encryption service for University-owned machines. We strongly recommend you make use of this if your machine holds University data.

If your SSO account has been compromised, an attacker could get into your email and use it to send spam to others or abuse other sensitive University resources and tools you have access to. And no one wants that.

Change your passwords

First things first. Any passwords that have been exposed as a result of your account being compromised will need to be changed as soon as possible via the registration website or via your local IT Support staff.

However, this needs to be done from a machine that is free of malicious software (see below for more details). University passwords to change include:

  • Your Oxford Account(also known SSO) password, which you use for your University email account. You may also need to change your security question and answer if these have been used while your computer was compromised.
  • Your Remote Access Account password, which is used for VPN, Eduroam, etc.
  • Any passwords you use to log on to your college or departmental machines (e.g. Windows logins, passwords for college/departmental mail servers, SSH passwords, etc.).
  • Passwords for any other university accounts you use (e.g. OLIS, Society Accounts, accounts for departmental/college websites or email addresses, etc.).
  • Passwords for any other University/college services you use (e.g. Financials, Student Services, etc.).

Report it

Because we monitor network activity closely, we often spot unusual activity on your account before you do, but if you suspect for any reason that you have been hacked, let your local IT support team know immediately. They can find out if any harm has been done by the attack and take steps to limit the damage. This is even more critical if your SSO account gives you access to critical business systems such as Financials or HRIS, or any other system storing personal or confidential University data. It’s important you respond promptly to requests for information from IT staff and carry out the required steps they tell you.

Some University systems use the same SSO credentials as your Nexus account, so if your email was compromised, the attackers may have accessed other systems as well. Check the list of services which use SSO to see which systems may be at risk.

Clean your machine

If your account has been compromised because keylogging software or other malware has been installed on one of your devices, do not try to change your account passwords or access your account using this machine or reconnect it to a network elsewhere until it has been cleaned. There may be data that has been captured and is stored on your machine but that has not yet been transmitted to the attacker's site. There is nothing to gain (and plenty to lose!) by giving them more of your passwords or other data.

The simplest way to deal with malware on your machine is to disconnect it immediately from the network and take it to your local IT support staff. They will attempt to clean the malware, though be aware that often the only way to do this is to re-install the operating system from scratch. They will usually block the machine temporarily from the network in order to protect you, other users, and University data and systems from further attack.

Review your settings

To make it more difficult to assess how the attackers have used your account, they may have deleted large amounts of emails or set up rules to forward new emails to places you aren't expecting. You can start by checking your deleted items folder for the missing mail and disabling any mail filtering rules which you did not create. If you require any assistance with this, please contact your local IT support staff or the helpdesk.