Information Security

The University’s Staff and students must comply with the University’s Information Security Policy, available at https://www.infosec.ox.ac.uk/guidance-policy

The Division is working with Faculties to develop guidelines for Humanities staff, and to share good practice.

Training Module

All staff are encouraged to complete the online training module, available on the following web page: https://www.infosec.ox.ac.uk/guidance-policy/training-and-awareness

FOI

The University is subject to the Freedom of Information (FOI) Act and much of the written material that staff produce (including email communications and Microsoft Teams messages) is eligible to be requested. You can read more about the Act, and its exemptions, here.

If you are the subject of a FOI request, you will be contacted by the University’s FOI Office. Please inform matt.pickles@admin.ox.ac.uk of any requests after you receive them. You can email the University's FOI Office on foi@admin.ox.ac.uk.

Information security top tips

Expand All

 

Criminals operating online use hoax 'phishing' emails to trick people into parting with their passwords, credit card details and other personal information. Hoax emails can be difficult to identify. Some simple ways to avoid email scams:

  • Never reply to emails asking for your passwords or other login details. IT Services will never ask you to provide them with your login information via email or phone.  
  • Use the 'junk mail' filter to block spam. Guidance on how to use this feature is available on the IT Services website.
  • Do not follow links in emails that ask you to enter or change personal account information. Go directly to the website in question and log in to your account the normal way.
  • If you receive a phishing email that asks for University credentials such as your password, forward it immediately to phishing@it.ox.ac.uk.

For further information on avoiding email scams, visit the Information Security website or contact infosec@it.ox.ac.uk.

 

 

Encryption is a simple way to keep confidential documents secure, particularly when sharing files with colleagues.

  • Encrypt confidential documents before sending them via email. This will keep them safe even if they are sent or forwarded to the wrong recipient or are intercepted by hackers. 
  • Short videos with instructions on how to encrypt Word documents, Excel workbooks and PDFs are available on the Information Security YouTube channel.
  • Use a strong password. Guidance on creating strong passwords is available on the Information Security website.
  • Provide the recipient with the password to an encrypted document via means other than email.
  • Use an encrypted memory stick for transfer and storage of documents. Encrypted memory sticks can be purchased through the Online Shop.

For further information on managing confidential data visit the Information Security website or contact infosec@it.ox.ac.uk.

 

 

Creating strong passwords is a simple way to help protect the University’s vital information.

  • Never share your password with anyone, even people you trust; your account is yours alone.
  • For strong passwords, use long passwords.
  • Create a different password for every account. Using a password manager such as KeePass (available for download from the Oxford Applications installer on your PC) makes it easy to keep track of your various passwords.
  • If you've had your password stolen, change it and report it immediately to help@it.ox.ac.uk.
  • IT Services will never ask for your password. If you need to share your inbox with a colleague, contact IT Services to arrange access.

For further information on managing passwords, visit the Information Security website or contact infosec@it.ox.ac.uk.

 

 

Modern browsers make browsing simpler and improve web experience – remembering passwords, auto filling forms, saving settings and preferences. This information is stored in the background, and without users realising, can offer advertisers, spammers and hackers a wealth of personal and activity information to enable them to steal identities and commit fraud. Consider changing browser settings for the following items to improve security:

  • private browsing
  • cookies
  • pop-ups
  • delete browsing history on exit.

For more detailed information on protecting privacy online and how to change browser settings, visit the Information Security website or contact infosec@it.ox.ac.uk

 

 

Malicious software, known as ‘malware’, can give hackers access to your work files and emails, as well as to your personal data. Some simple ways you can protect your computer and laptop from malware:

  • Install anti-virus software on your machine and schedule frequent scans to check for issues. Sophos software can be downloaded for free from the IT Services website.
  • Keep your computer up-to-date by installing the latest upgrades to your operating system and web browsers as soon as they become available.  
  • Never download software or open attachments from sources that you do not know and trust.
  • Schedule regular back-ups of your files using encrypted devices. Your local IT services or the IT Services Desk can provide further guidance on safely backing up your work files in accordance to data protection regulations.
  • Encrypt your laptop. This will stop anyone getting at your personal data in the event it gets lost or stolen. Depending on your model of computer, you can find instructions here for doing this with either Windows BitLocker or Mac FileVault

For further information on protecting your computer, visit the Information Security website or contact infosec@it.ox.ac.uk.

 

 

Devices such as laptops, smartphones and tablets can provide easy access to personal data, bank and credit card details, and important documents. These small and portable devices can be easily lost or stolen and consequently data become vulnerable to misuse. Some simple ways to protect data:

  • Always enable a password/PIN-protected lock-screen that locks the device automatically when not in use.
  • Only install apps from trusted locations.
  • Install updates to the device and the installed apps. These usually contain security improvements to protect the operating system from the latest malware.
  • Set up a ‘remote wipe’ feature, if available, to remove all data should the device be lost or stolen.
  • Encrypt your laptop. This will stop anyone getting at your personal data in the event it gets lost or stolen. Depending on your model of computer, you can find instructions here for doing this with either Windows BitLocker or Mac FileVault.

For more detailed information on securing mobile devices, visit the Information Security website or contact infosec@it.ox.ac.uk.

 

 

Cloud services offer easily-accessible data storage and the ability to share data and documents with colleagues over the internet. However, cloud services can pose privacy concerns because the service provider can access the cloud data at any time and
potentially share it with a third party. Consider these points before using a cloud service:

  • Check the terms and conditions for security and privacy offered by the cloud service.
  • If the cloud service is hosted outside of the European Economic Area (EEA) then storing personal data in the cloud may be in contravention of the Data Protection Act.
  • Encrypt data that is processed or stored within the cloud to prevent unauthorised access.

For more detailed information on using cloud services safely, visit the Information Security website or contact infosec@it.ox.ac.uk.