Stay secure while working and teaching remotely

The University’s Information Security team is working hard to reduce the risk of significant security incidents and data breaches while we are all working and studying remotely. There are some simple steps that all members of the University should take to help reduce the risk of cyber attacks:

1. Be aware that the University is experiencing a high volume of information security incidents and take action. Phishing attempts often involve very credible looking emails which seek to get your Single Sign-On (SSO) credentials. If you have received such an email or other suspicious communication, please report it to phishing@infosec.ox.ac.uk stating how you engaged with it. Don’t be shy, your report is treated in the strictest confidence. If you don’t explain how you interacted with the phishing email, one of the team will have to call you back.
2. Register an alternative email address. All users are required to register or update an alternative email address via the IT Services Registration service. Without this in place, the Information Security team will be unable to notify users of account compromises and restoration will be problematic.
3. Download the University’s preferred end-point protection software (anti-virus) – Sophos Intercept X. Information on how to do this is available via the Endpoint Security page on the IT Services Help site. The service is available for Windows, Linux and Mac operating systems. Don’t just rely on free anti-virus.
4. Enable automatic updates. Please ensure you have automatic updates enabled on any computer you are using for study or work. Updates, patches and security updates must be installed without delay on operating systems and hosted applications. It is the University’s policy to ensure that all devices on the University network meet a minimum level of IT hygiene. Helpful guidance is available from Protect my computer.

While we continue to work and study in this dispersed way, our use of Nexus365 Teams has increased dramatically. Teams is the University’s approved service for video conferencing and new features to improve its use in an educational setting are being added all the time. To help University members understand the risks and benefits of different video conferencing services we have compiled a simple assessment of the popular tools. However, our advice is that Teams should be used where possible to reduce the potential data privacy risks with other services.

Don’t forget that the Information Security website has a wealth of information to support all University members, particularly working from home IT security advice, guidance on using the University’s VPN abroad, handling data securely and timely reminders about following good practice to create strong passwords.