Skip to main content

Information Security Tips

Security tips

Password strength

Your email address is one of the most valuable pieces of data malicious parties will attempt to acquire as it is often also your username. This is especially true for your university account as for many people this will be available on our website. The university recommends that you follow the NCSC guidance on generating a password and especially their advice to use a separate password to those you use for other accounts.

Changing passwords

If you do want or need to change your password there are instructions on how to do so on Exeter IT's web pages.

Password disclosure

You must never disclose your University IT account password to anyone. This includes your line manager, IT staff, personal assistants and members of your family. If someone demands a password, refuse to give it and refer them to the University's password policy.

NCSC Password Tips

How to change your password

Password Policy

Keep your software up to date

Equipment provided to you by the university will be periodically updated by Exeter IT. Updates are announced in the weekly bulletin and you should follow the instructions provided to ensure the updates complete successfully.

Personal devices should also be updated regularly. Ensure that automatic updates are turned on to ensure your devices receive the latest security updates.

There may be occasions when a device you require for work may not be able to be updated. This could happen when specific software is not available on secure versions of your operating system for example. In these cases, you should contact Exeter IT via SID so that they can make arrangements to ensure the system can continue to be used as securely as possible.

NCSC Software Update Advice

Raise a SID call

Addressing emails

Addressing emails incorrectly is the most common cause of a data breach at the university. You should be aware of the following points when addressing emails:

  • The account type of internal recipients is stored in the Title field of the address book. This allows you to see whether you are addressing email so staff or students.
  • Be wary of auto complete results. These often insert individuals with similar surnames or generic email addresses from other institutions you communicate with where the first part is the same.
  • Make sure you are using the BCC field if emailing groups.


Email attachments should be avoided if possible. Where you must regularly share data consider using a shared folder where access can be controlled.

If you are encrypting attachments, ensure that the password is transferred by another means. If both the attachment and the password, go to the same incorrect address the encryption is invalid.


You should be aware that the content of emails sent and received by your university account may be subject to disclosure under the Data Protection Act. You should be mindful of the email you send.


Attempts to gain access to your personal data by pretending to be a legitimate source are increasingly common and sophisticated. More information about these phishing attacks can be found in the Information Governance and Security training.

  • If you are uncertain about the source of an email do not click any links.
  • If you are concerned, consider how the purported source of the email would normally contact you
  • Contact the source via your normal method rather than the link.
  • For example; if an email appears to come from your bank call them or access their website directly.

ICO Spam Email Guidance

The ICO's IT Security top tips

Data Subject Rights Requests

Smartphones are the most convenient computing devices many people own. It is common for individuals to use either a personal or work provided smartphone to access and create data. The University has a Bring Your Own Device Policy which covers personal device use, those with devices provided by the university may contact Exeter IT for assistance.

Here is some general advice on how to use smartphones safely:

  • Back up your device regularly.
  • Activate the remote wipe function on your device.
    • This can be used proactively when a device is safely backed up.
  • Enable the strongest passcode your device allows.
  • Enable in app passcodes where appropriate, especially if devices are shared
  • If you need to use an unsecured Wi-Fi connection, for example at a cafe or hotel, use a VPN to protect your data.

NCSC Smartphone advice

Find, lock, or erase a lost Android device

iOS: Using Find My to erase data

Accessing the university VPN

Bring Your Own Device Policy

The university provide several storage locations for data with many different use cases. We have a dedicated page covering these options.

Data Storage Advice