Top tips for safe computing

Information Security is vitally important to everyone. A breach of Information Security poses a risk to the University, as well as to all users of the University network.

Below are some top tips for keeping safe online. We recommend that you also read our Keep IT safe and   pages and, if appropriate, the security tips for users of social media and for users of smartphones and iPads.

Things you should always do

Always run anti-virus software on your computer and make sure the definitions are up to date

Always use strong passwords and keep them completely secret

Always use a locking screen saver on your computer

Always make sure your computer has up-to-date security

Always treat University information as you would wish your details to be handled by your bank, government departments, etc

Things you should never do

Never share your password with anyone, use the same password for multiple systems, or store your password in a browser or application

Never keep personal or confidential information on portable equipment (eg USB memory sticks or laptops) unless protected against unauthorised access

Never send your password in reply to an email, or click links or attachments in emails unless you know the sender and you were expecting the message

Never log in over the Internet except on a secure connection (look for the browser's locked padlock symbol)

Never pass on details about yourself to anyone you do not know (eg through social networking sites like Facebook)

Further information

Always run anti-virus software on your computer and make sure the definitions are up to date

If you do not protect your computer against viruses and malware you can lose your own work and cause major problems for yourself and for other network users. The Anti-malware Policy requires that all computers connected to the University network (including ResNet) must have a working anti-virus program. New viruses, or new ‘strains’ of existing ones, are being discovered all the time, so it is essential that your virus definitions are kept up to date.

Always use strong passwords and keep them completely secret

The strength of a password depends on its length, complexity and randomness. You can increase the complexity of your password by using numbers and punctuation as well as alphabetic characters in both upper and lower case. Strong passwords cannot easily be guessed or broken using a computer program that can try many different possible passwords.

Your University password gives access to your emails and information about you so it is essential that you use a strong password. University passwords must be kept safe and secure and only used by those authorised to do so. Action may be taken against users who are responsible for security breaches.

Please follow our guidance on choosing a password and change your University password if you doubt its strength.

If you use a portable device to access University systems (including email), it is vital that the device is protected by at least a 'passcode', and preferably a longer password that includes alphabetic and special characters.

You should ensure that you have good password security for your personal and University social media accounts.

Always use a locking screen saver on your computer

Locking your computer allows you to keep all the current applications open and running during a temporary absence from the device. Use of a locking screen saver will help to prevent any access by others, but this is only a mild deterrent and is relatively easy to bypass.

Always make sure your computer has up-to-date security

Updates are often released to close security loopholes that could be exploited by hackers. You should promptly install all security patches for your operating system(s), applications and browser plugins. Note that smartphones, such as the iPhone, also need their security to be updated regularly.

Always treat University information as you would wish your details to be handled by your bank, government departments, etc

University data must be managed in a way that protects its confidentiality, integrity and availability. The regulations for using computing facilities set out some basic responsibilities with respect to information security; the University is developing that will provide more guidance and assistance.

Make sure you have backup copies of your files.

We recommend that students use their secure filespace on the U: drive for the storage of work that needs to be accessible from more than one computer.

Never share your password with anyone, use the same password for multiple systems, or store your password in a browser or application

If you share your password, you could be held responsible for what others do with it. It should never be necessary for you to share your password with anyone else. (It is possible to share a mailbox. If you need to share files with others in your Professional Service or College, you can use secure shared network filespace (N: drive).) If you need advice on how to work collaboratively without sharing passwords, please contact the Contact us.

The University will never ask for your password on the phone or by email.

If you use the same password for multiple systems and your password is compromised on one of the systems then your accounts on the other systems would be vulnerable.

For security reasons you should never store your University password in a web browser or an application. If you have already saved your University password in this way, please delete it from the browser or application.

Never keep personal or confidential information on portable equipment (eg USB memory sticks or laptops) unless protected against unauthorised access

Personal information is defined as any information relating to a living individual who can be identified either from the data, or from that information used in conjunction with other information that may be available. Confidential information is privileged or proprietary information that could cause harm (including reputational damage) to the University or individual(s) if compromised through alteration, corruption, loss, misuse, or unauthorised disclosure.

Portable equipment is easy to lose and will be attractive to thieves wanting the equipment itself and/or the data it holds. There can be no absolute guarantees where security is concerned but such information must not be readily accessible by any unauthorised person. We recommend certain encrypted memory sticks and external hard drives, and options for the encryption of University-owned laptops. The University's Policy for Information Security on laptops and portable media makes security through encryption a requirement for laptops and similar equipment used by staff to store certain types of data.

Never send your password in reply to an email, or click links or attachments in emails unless you know the sender and you were expecting the message

University passwords must be kept safe and secure and only used by those authorised to do so. You should never disclose your password, even to University IT staff. Action may be taken against users who are responsible for security breaches.

Email phishing attacks are now very common. You should not respond to ‘phishing’ emails, which attempt to obtain personal details from you (eg username, password and/or bank details) via messages that pretend to be from a trusted source.

Be aware that some emails contain malicious hypertext links that will not link to the site that you expect. It is safer to type in the URL yourself than to click a link in an email.

You can preview shortened URLs (which have been produced by services such as TinyURL and bit.ly) and see the real destination URL.

Viruses can be spread in email attachments so you should never click an attachment unless you are expecting it or the context convinces you that it is genuine. It is easy to forge email addresses, so do not assume that a message is from someone you know just because it appears to be from their address.

Further guidance is available in our email tips and the Good practice guide: Email.

Never log in over the Internet except on a secure connection (look for the browser's locked padlock symbol)

Use of the University of Exeter’s wired network (this includes use of the partner networks at the Cornwall campuses) is secure when access is on site and entirely through this network.

The University’s wireless network is being upgraded and a high-speed wireless service is currently being introduced on all University of Exeter campuses. We recommend that all University staff connect to the UoE_Secure part of the new service, which should be available in all locations where the high-speed wireless network is installed.

When off site, secure mechanisms for log in and subsequent access are provided by VPN, the University portal, secure FTP and the University thin client homeworking facility.

When you connect to a secure website such as the University portal, a locked padlock symbol will be displayed in the browser window (not in the webpage itself) to denote at least 128-bit security.

Never pass on details about yourself to anyone you do not know (eg through social networking sites like Facebook)

Fraudsters can use your details to impersonate you, to obtain credit cards in your name, to guess at the answers to bank security questions or to obtain access to more of your personal information. Keeping your information private will help to protect you from identity theft and fraud.

You are advised not to make your full name, your full address, your postcode, your date of birth, your National Insurance number, your telephone number, your bank account details or your credit card details publicly available or to give the information to anyone you don't know. It is also wise not to make your mother’s maiden name, your birthplace, your current place of study, other places of study (eg last school attended), your current employer, your recent addresses and other personal information (eg the names of your pets, your favourite film, your favourite colour) publicly available. If you are asked to provide personal information or to make it publicly available, always ask yourself why you are being asked to do so.

Beware of disclosing your holiday dates and/or your location details on social networking sites where thieves might note that your house would be empty.

The security tips for users of social media provide further information on how to protect your privacy.