IT security - policy, procedure and guidance
I.T. Security – practical tips for keeping your data safe and secure
The University of Huddersfield has an IT Security Policy which defines what we all must do in order to keep our data and IT systems safe and secure. We also have an IT Security Procedure Manual which gives practical advice and describes procedures that must be followed to implement the provisions of the Policy.
You should read both of these documents.
Here are some of the key points:
Why IT security is important
Whatever role you have in the University some of the data you use may be sensitive (e.g. racial or ethnic origin, some research data) or confidential (e.g. name, address, financial details), and so you must ensure you keep it safe.
Also, these days we access data using a wide range of devices, some of which are not owned by the University. The same standard of security applies to all devices, irrespective of ownership – including the ones that you own yourself.
In a nutshell, you must treat University information as you would wish your own details to be handled.
Logging in and passwords
Use a strong password by including uppercase, lowercase, numbers and special characters. Keep it a secret. Full advice on password strength is available in the IT Security Procedure Manual.
Don’t use the same password for work and personal use.
Never share your login details with anyone, for any reason
Never leave your computer left unlocked and unattended. Log out or lock it first.
Always take care before opening attachments or links, especially if you are not expecting them. Before you click on a link, hover your cursor over it to check its true destination.
Only send sensitive or confidential information electronically if it is encrypted. For advice on encryption, contact I.T. Support (01484 473737).
Phones, tablets and other mobile devices
If you are using your own device for University business, please be aware of your responsibilities under the Using Your Own Device Policy.
Ensure that all your mobile devices have University-approved security controls, and that a passcode/password is used. Further advice is available from I.T. Support (01484 473737).
Only store sensitive or confidential data on an encrypted mobile device.
You should report stolen or lost phones as soon as possible to Telephone Services firstname.lastname@example.org (01484 472627).
Using cloud storage
Only keep sensitive or confidential data in cloud storage that has been approved by the University.
Working away from campus
Use Unidesktop to access systems and data when you are off-campus.
Encrypt all laptops you use for University purposes. Some countries have restrictions on encryption so check before you go abroad. Further advice is available from I.T. Support (01484 473737).
Web browsing and social media
Before you log in to a supposedly secure website, check in your browser’s address box that you can see the padlock symbol. This indicates that the site is secure.
Consider the consequences carefully before you give out any personal or University details on social media.
Disposing of equipment
University-owned equipment must be securely disposed of via I.T. Support (01484 473737). You must also ensure that any University data and attached email accounts are deleted from your own equipment before you dispose of it.
Reporting concerns or security breaches
Report any IT security incidents or concerns straight away to I.T. Support (01484 473737).