IT Security - Policy, Procedure and Guidance

  • I.T. Security – practical tips for keeping your data safe and secure

    The University of Huddersfield has an IT Security Policy  which defines what we all must do in order to keep our data and IT systems safe and secure.   We also have an ‌IT Security Procedure Manual which gives practical advice and describes procedures that must be followed to implement the provisions of the Policy.

    You should read both of these documents.

    Here are some of the key points:

    Why IT security is important

    Whatever role you have in the University some of the data you use may be sensitive (e.g. racial or ethnic origin, some research data) or confidential (e.g. name, address, financial details), and so you must ensure you keep it safe.

    Also, these days we access data using a wide range of devices, some of which are not owned by the University.  The same standard of security applies to all devices, irrespective of ownership – including the ones that you own yourself.

    In a nutshell, you must treat University information as you would wish your own details to be handled.

    Logging in and passwords

    Use a strong password by including uppercase, lowercase, numbers and special characters.  Keep it a secret.  Full advice on password strength is available in the IT Security Procedure Manual.

    Don’t use the same password for work and personal use.

    Never share your login details with anyone, for any reason

    Never leave your computer left unlocked and unattended.  Log out or lock it first.

    Email

    Always take care before opening attachments or links, especially if you are not expecting them.  Before you click on a link, hover your cursor over it to check its true destination.

    Only send sensitive or confidential information electronically if it is encrypted.  For advice on encryption, contact I.T. Support (01484 473737).

    Phones, tablets and other mobile devices

    If you are using your own device for University business, please be aware of your responsibilities under the Using Your Own Device Policy.

    Ensure that all your mobile devices have University-approved security controls, and that a passcode/password is used.  Further advice is available from I.T. Support (01484 473737).

    Only store sensitive or confidential data on an encrypted mobile device.

    You should report stolen or lost phones as soon as possible to 2nd Line IT Services mobilerequests@hud.ac.uk (01484 471007).

    Using cloud storage

    Only keep sensitive or confidential data in cloud storage that has been approved by the University.

    Working away from campus

    Use Unidesktop to access systems and data when you are off-campus.

    Encrypt all laptops you use for University purposes.  Some countries have restrictions on encryption so check before you go abroad.  Further advice is available from I.T. Support (01484 473737).

    Web browsing and social media

    Before you log in to a supposedly secure website, check in your browser’s address box that you can see the padlock symbol.  This indicates that the site is secure.

    Consider the consequences carefully before you give out any personal or University details on social media.

    Disposing of equipment

    University-owned equipment must be securely disposed of via I.T. Support (01484 473737).  You must also ensure that any University data and attached email accounts are deleted from your own equipment before you dispose of it.

    Reporting concerns or security breaches

    Report any IT security incidents or concerns straight away to I.T. Support (01484 473737).