Oxford Secure

oxford secure logo orange

Oxford Secure is equipping staff and students with knowledge, life skills and resources related to cyber security and data protection, so they can act as a joined-up human firewall to safeguard the University.

A new Information Security and Data Protection training programme is being rolled in June 2024 - look out for your invitation to take part.

Here are the key things that everyone needs to know to keep yourself and our data safe:

1. Keep your accounts safe

Always create strong passwords and use multi-factor authentication when available for all your accounts. In particular, make sure your Oxford Single Sign-On (SSO) account is kept as secure as possible, as this is just the kind of account that hackers love, with access to multiple services within Oxford. Bear in mind that you may not think you have access to anything valuable, but once a hacker has access to even one SSO account, they have acces to numerous Oxford systems and can cause extensive damage.

2. Be careful with personal and research data

Data is the lifeblood of the University.

How would you feel if your personal data was used in a way you didn’t expect? Make sure that you only use personal data for the purpose for which it was collected, only keep it for as long as necessary, and dispose of it securely once it’s no longer needed.

Consider the need for sharing, think carefully about what you share before you share it and only share what’s necessary. The University’s Data Protection By Design framework is provided to enable staff to evidence how they are embedding data protection into all of their personal data processing activities.

It’s important to understand how to classify and handle University data securely and how the University implements the UK’s data protection legislation.

If you work with research data, then make sure you secure your research information.

3. Stop. Think. Click.

A staggering 82% of emails sent to University email addresses are blocked by the email security gateway as potential phishing. But of the remaining emails that get through, some will still contain phishing attacks and it’s important that we all know the signs and remembers to stop, pause and think before clicking on links. In particular, be cautious of clicking links on social media and in emails and opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people you know and trust).

4. Keep your devices secure and patched

It’s important that you keep all your devices secure, including personal phones and laptops. If you use a managed device at the University, then this should be kept secure and updated by your department or managed service provider. However, if you are using personal devices, then it’s your responsibility to keep the device safe and secure. Here are some key tips for protecting your computer and mobile device at Oxford.

5. If in doubt, report it

Don't delay, the longer you leave it the greater risk. All incidents should be reported immediately:

6. Take your information security and data protection training

It is a mandatory requirement for all staff to complete the information security and data protection training course, to ensure the University is compliant with UK data protection legislation. In addition, many research funding bodies now require proof that all staff are adequately trained before funding is approved. So it’s important that everyone to understand their responsibilities in relation to information security and data protection.

For students, we launched the first ever Student Information Security and Data Protection training course during Michaelmas term 2023. The course is 15 minutes long and will give you advice on how to stay at Oxford. 

If you handle university data as part of your studies or have been asked to provide a certificate to your department as proof of completion of the information security training, you should complete Staff course

Contact us


If you have questions about cyber security or data privacy, please contact the Information Security GRC team, mailto:grc@infosec.ox.ac.uk.

If you have any problems or questions with the training course, please see our Frequently Asked Questions - if this does not help you, please contact the IT Service Desk.


If you think you have been involved in a cyber incident or data breach, you must report it immediately: