Advice and guidance
Key messages 2018
Use the Information Security Toolkit to find out how to protect you and your data from common cyber security attacks and threats.
Check out our cyber videos (shorts) for interactive guidance.
- Keep emails personal data free, or the contents is
there for all to see!
Emails are like messages in a bottle, they can end up anywhere and be read by anyone, as they travel over the internet to the recipient.
- Be aware, contact with care.
It is very easy to accidentally send confidential information to the wrong person.
- Think before you click that link!
Be cautious and always think before you click links, open attachments, or download files in emails you receive, regardless of who sent them.
Only use your official UWE Bristol email account when undertaking University business. When communicating with students/colleagues on UWE business, use their official UWE Bristol accounts only.
- Carefully consider if sending confidential information by email is appropriate (e.g. a more secure, method is to send a link from a secure storage area). Sensitive issues are most often best discussed in person.
- When sending confidential information by email, clearly state 'confidential' in the subject line and protect the email by restricting access.
- Settle the text of your email first before adding the addressees in the “To” or “Cc./Bcc.” boxes.
- Keep email trails limited to the intended purpose of the communication. Avoid long email trails. Always start a new trail for a new subject matter.
- Be cautious and always think before you click links, open attachments, or download files in emails you receive, regardless of who sent them (for more information on malicious emails see 'How to spot phishing' below).
- Forward any suspicious messages to firstname.lastname@example.org so IT Services can investigate new threats. Then delete the email from your inbox.
- Remember, if an email is too good to be true, it probably is.
- Use the “Bcc.” option to provide “hidden” recipients with "interesting" information.
- Click any links or attachments in emails, unless you already know what they contain.
- Respond to suspicious email messages from:
- Anyone, including IT Services, that ask you to confirm your password or personal information or demand an immediate response or threaten loss of accounts or services.
- Unrecognised senders.
Undertake a regular (e.g. monthly or quarterly) audit of your stored emails and retain only those that are necessary for the ongoing intended purpose. General emails that retain no significant use should be “double deleted” (i.e. deleted from the relevant folder and then again from the deleted folder. Microsoft have guidance on how to empty the Deleted Items folder).
For further advice and guidance, please refer to Email use within the Information Security Toolkit.
- Be smart, restart.
Restart your devices each day so they receive regular software and vital security updates.
This will help to keep your information safe and your devices secure.
Your devices work hard to keep you connected,
so give them a break by shutting them down regularly, this will
save a bit of energy too.
Good for the environment, good for you.
Mac computers are just as vulnerable to
viruses and other threats as Windows PCs are, so please make sure
you keep them updated.
Protect data and my devices
- To be tight lipped, you must encrypt.
Encrypting data makes the information unreadable. Recipients can easily decrypt the data, if they are provided with the decryption key.
Check out this short cyber video for interactive guidance.
Encryption is the method by which plaintext, or any other type of data, is converted from a readable form to an encoded version, that can easily be decoded with the decryption key.
It can be applied to both stored data, computer drives or USB storage devices and data transferred through networks.
Everyone must take steps to secure all their devices to reduce the risk of a data breach. Portable devices, such as smartphones and tablets are mobile computers and so they are also exposed to many of the same malware (e.g. virus) as desktop computers.
If you store data, emails or photos on a University managed or personal portable device, then you should encrypt the device to protect this information:
If you would like to transport or store information outside the IT storage facilities you must take reasonable steps to protect data.
- Restrict access to Microsoft Work, Excel and PowerPoint files
- Protect (encrypt) other files using 7-Zip
For further advice and guidance, please refer to Protect data and my devices within the Information Security Toolkit.
Home vs. UWE Bristol
- When working elsewhere, take extra care.
Remote access increases the risk of data being accidentally or maliciously copied, modified, hidden or destroyed.
The UWE external access (XA) allows staff and students to access their personal drive H: and faculty shared drives S: (and also T: for staff members) from private devices over the internet.
Don't use personal / privately owned computers to read, store or process confidential or restricted information.
Information that is held or processed on systems outside of UWE Bristol Infrastructure is generally more exposed to being compromised, corrupted or lost than information that is held or processed on systems within the University.
Anyone that accesses, produces or stores UWE Bristol information on privately owned computer equipment is responsible for the security of both the data and the device holding it. In order to protect UWE Bristol information, such machines must have adequate Anti-Virus protection, as well as an active firewall and all available security and maintenance patches applied.
UWE Bristol email addresses should only be used on websites and applications that are UWE Bristol approved and always use a different password each time.
Time to crack your 7 letter password? Two seconds.
Time to crack your 14 letter passphrase? 730 years.
Make it long, make it unique and never share it.
A unique and strong password reduces the risk of data breaches and protects you from many threats such as identity theft. One of the most common ways that hackers break into computers is by guessing passwords.
UWE Bristol is a Cyber Essentials certified organisation.