Protect my computer
If you go online without taking steps to protect your laptop or desktop PC, you risk giving threat actors (individuals or groups that perform malicious acts against a person or organisation) free access to all your emails, photos, work and online accounts. Malicious software ('malware' for short) is so sophisticated these days, some programs can get inside your machine and send a record of everything you write or do. They can even take over your webcam. Fortunately, there are a few simple precautions you can take to stop others stealing or destroying the contents of your computer.
At a glance
Install all security updates to your operating system, web browser and other software
Install anti-virus software, keep it updated and schedule regular scans
Never install pirated software or open attachments from sources you don’t know or trust
Schedule regular backups of all your files
Computer security at Oxford
If you're using computers, laptops or other devices on the University network, or when using University data, you need to make sure they’re secured against malware, threat actors and accidental loss or theft. It is the University’s policy to ensure that all devices on the University network meet a minimum level of IT hygiene. If your machine is managed by your IT department then that’s down to them. On the other hand, if you’re running your own devices you need to make sure you know what you’re doing.
Use an entirely self-managed machine (personal or University-issued) configured to meet the requirements below
Use a University-issued machine which is managed by your local IT department but allows use of administrator accounts. Ensure the requirements below are adhered to
Use University-issued devices which are entirely managed by your local IT department with no personal administrator accounts
University PC security requirements
All devices used for University data and/or on the University network should meet the following basic requirements:
Hints and Tips
Use a supported operating system
- The most recent operating systems will still be receiving security updates but some older ones don’t
- Microsoft’s security lifecycle has guidelines on the support it provides to its operating systems
- Officially Apple only supports the latest version of its operating system
Apply security updates
- Configure your operating system, web browsers and all other applications to find and automatically install updates.
- Keep an eye on this website and vendor sites or mailing lists for information on new security alerts and bulletins.
Use different accounts for different users
- Make sure you set up friends, family or other users with their own unique accounts. Ensure they are ‘standard’ accounts rather than administrator.
- Make use of guest accounts for temporary access to devices.
Use a strong password for all accounts
- See our advice on choosing strong passwords.
Use anti-virus (AV) software
- Configure AV software to update as frequently as the software allows and at least daily.
- Schedule and perform regular scans for malware.
- AV should be configured to detect all known types of malware (e.g. rootkits and potentially unwanted applications).
- All staff and students are automatically entitled to a free copy of Sophos Anti-Virus, for as long as you’re here. It’s available for PC, Mac and Linux, and you can grab a copy at the IT Services website.
Use a modern web browser
- We recommend Chrome, Firefox, Edge, or Safari.
- Internet Explorer is still required for access to some services.
- Make sure they’re configured to update automatically.
Use trusted USB devices only
- Don’t share USB storage devices with colleagues and don’t plug untrusted USB devices into your machines.
- Disable autorun for newly-connected devices.
Only install trusted applications
- Get your software from reputable sources and never install pirated applications.
Use a personal device firewall
- For example use Windows or Apple personal firewalls. A number of options are available on Linux distros.
Lock your devices when unattended
- Make use of password-protected screen savers and make sure they activate after a period of inactivity (e.g. 15 minutes).
Back up University data
- Make use of the University’s HFS system, free for staff and postgrads.
- Contact your local IT team for departmental backup services
- If you’re using your own cloud or USB devices, make sure you encrypt the data or devices to protect against theft or accidental loss.
Encrypt laptops and other portable devices
- The University has a whole disk encryption service which is free to all departments. Contact your local IT support staff for more information
- You can also use built-in encryption solutions like Bitlocker for Windows or FileVault for OSX.
- Be sure to keep any recovery tokens secure but accessible in the event of an emergency.
Disable Office Macros by default
- Read Microsoft’s guide to macro settings in Office.
Wipe hard drives securely prior to disposal or re-use
- If the device is encrypted, delete the encryption key or password used to encrypt the device. This can be particularly useful for Solid State Drives.
- Use a tool such as DBAN or Apple's Disk Utility tool.
How to avoid computer viruses and other nasties
Even if you have anti-virus software to tackle adware, spyware, trojans, worms and every conceivable type of malware, you still can't afford to get complacent or careless. The most common (and easily avoidable) ways in which people let their machines get infected are:
- Opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people they know and trust)
- Installing dodgy software (either pirated copies or downloaded from sketchy websites)
- Using infected USB sticks
- Browsing the internet with an old operating system and browser
- Clicking phishing links on social media and in emails
Cut out or cut down on these risky activities and you will dramatically reduce your exposure to malware.
Reducing the risk
There are several more things you can actively do to reduce risk even further:
Hints and Tips
Keep your operating system up to date
- Always install the latest security updates.
Install anti-virus software
- Sophos is free for all University members.
- Be sure to keep your antivirus up to date.
- Run an antivirus scan on a regular basis to make sure that nothing has crept in.
Install the latest updates to your web browser and other software
- If your software has an option to install updates automatically, turn it on.
- Never ignore messages telling you that new updates are available. Make the time to install them.
Change your operating system or software if they are no longer supported
- You wouldn't drive your car if it failed it's MOT, would you? Don't use software which is no longer supported.
Make sure the firewall installed on your machine is activated
- Your firewall is there to protect you from attackers on the Internet. You should never turn it off.
- Sometimes, you may find that specific pieces of software need access through your firewall in order to work properly. Make sure to only give them the access they need and no more.
Never install pirated software
- Once you've installed pirated software there's no telling what it could do. Don't trust it.
- Only download and install software from reputable sources.
Log in as a ‘normal user’ to your computer
- Working as an administrator can make it easier for malware to get inside your machine.
- Create a second account to be the administrator and only use it when you actually need it.
More good tips to protect your computer
Back up your data. Schedule regular updates to a portable hard drive/storage device using, for example, Windows Backup or Mac Time Machine. Or use secure online cloud storage, such as OneDrive, Google Drive or Dropbox. And encrypt your backups.
Lock your screen whenever you leave your desk – you could give an opportunistic thief access to your usernames, passwords and other personal details.
Encrypt your laptop so that, if it’s stolen or lost, no one can get at your personal data. You can do this with either Windows Bitlocker or Mac Filevault.