Here are the key things that everyone needs to know to keep yourself and our data safe:
1. Keep your accounts safe
Always create strong passwords and use multi-factor authentication when available for all your accounts. In particular, make sure your Oxford Single Sign-On (SSO) account is kept as secure as possible, as this is just the kind of account that hackers love, with access to multiple services within Oxford. Bear in mind that you may not think you have access to anything valuable, but once a hacker has access to even one SSO account, they have acces to numerous Oxford systems and can cause extensive damage.
2. Be careful with personal and research data
Data is the lifeblood of the University.
How would you feel if your personal data was used in a way you didn’t expect? Make sure that you only use personal data for the purpose for which it was collected, only keep it for as long as necessary, and dispose of it securely once it’s no longer needed.
Consider the need for sharing, think carefully about what you share before you share it and only share what’s necessary. The University’s Data Protection By Design framework is provided to enable staff to evidence how they are embedding data protection into all of their personal data processing activities.
It’s important to understand how to classify and handle University data securely and how the University implements the UK’s data protection legislation.
If you work with research data, then make sure you secure your research information.
3. Stop. Think. Click.
A staggering 82% of emails sent to University email addresses are blocked by the email security gateway as potential phishing. But of the remaining emails that get through, some will still contain phishing attacks and it’s important that we all know the signs and remembers to stop, pause and think before clicking on links. In particular, be cautious of clicking links on social media and in emails and opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people you know and trust).
4. Keep your devices secure and patched
It’s important that you keep all your devices secure, including personal phones and laptops. If you use a managed device at the University, then this should be kept secure and updated by your department or managed service provider. However, if you are using personal devices, then it’s your responsibility to keep the device safe and secure. Here are some key tips for protecting your computer and mobile device at Oxford.
5. If in doubt, report it
Don't delay, the longer you leave it the greater risk. All incidents should be reported immediately:
6. Take your information security and data protection training
We have launched the first ever Student Information Security and Data Protection training course during Michaelmas term 2023. The course is 15 minutes and will give you advice on how to stay at Oxford.
If you handle university data as part of your studies or have been asked to provide a certificate to your department as proof of completion of the information security training, you should complete Staff course.
In April 2024, we will be rolling out the brand new staff training course from MetaCompliance to the entire collegiate university. In the meantime, please continue taking the old course – the content is still correct and will help keep you safe.
We urge everyone to take this course – it’s a requirement for all staff to take training to ensure the University is compliant with UK data protection legislation.
Many research funding bodies now require proof that all staff are adequately trained before funding is approved, so it’s important that everyone, not just the researchers who will be handling research data, understand their responsibilities in relation to information security and data privacy.
