Stay safe online at Oxford

Here at the University, we take information security very seriously. We rely on data for everything we do and everybody has a responsibility to make sure the information they access doesn't get hacked, infected, abused or destroyed by unscrupulous online scammers and spammers. People trust us to keep their personal details and research data safe, and they need to know we won't let them down. 

Read on to find out what you can do to stay safe online as a member of the University.

At a glance

 Do our online information security awareness training

 Report phishing emails and incidents

 Install Sophos Anti-Virus, free with the University

 Back up your data regularly


Learn more about information security

The University’s online information security awareness training course takes you through your responsibilities, highlights security risks, and explains how to protect the information you work with. Managers should ensure that everyone who has access to a computer as part of their work completes the training on an annual basis.

If you work in a group handling high-risk data (for example, as a finance officer or in a medical research group) and you think the online module doesn't quite cover your needs, contact us about bespoke training that we may be able to offer or arrange for you.

Secure your Oxford Single Sign-On account

Your Oxford Single Sign-On (SSO) account lets you access multiple services, including all University resources provided by IT Services and much more, via one login. Being able to access so much useful information through one account makes your online life with the University a whole lot easier. On the flip-side, it's the kind of one-stop-shop account hackers dream about, and you need to guard it with all the security at your disposal.

  • First, create a strong password to defend against online attackers. As an extra security measure, we get you to change your password annually (here's why). Set or change your password
  • Second, get clued up on 'phishing'. University email accounts are increasingly targeted by scammers – often pretending to be from IT Services and requesting your login details. Remember, you should never give passwords to anyone, including any University IT staff – we will never ask for them for any reason

Reporting phishing

If you receive an email that asks you to divulge any of your University sign-in details, please help us (and fellow members of the University) by reporting it immediately. Send the email as an attachment to We also recommend you make use of mail filtering on your Nexus account to help screen out dubious emails, and read our detailed advice on how to avoid email scams.

Keep your personal devices secure

If you use your own device on the University network, you are responsible for keeping it secure to protect yourself, University data, and other devices and users. See our advice on how to protect your computer for more information.

Anti-virus software is an important line of defence against online attacks. The University has a site licence for the Sophos Anti-Virus client (for Windows, Apple Mac OS X and Linux) and it is available for members of the University to install on their devices for free.

To install Sophos Anti-Virus:

If you have alternative anti-virus software that you are happy with, then it's fine to stay with that as long as it is kept up to date. When you leave the University, you must remove the Sophos Anti-Virus product from all your devices. (We recommend you install an alternative anti-virus product in its place).

Back up and protect your data

Elsewhere on this website, we recommend a number of ways to back up your data regularly and securely. For staff and postgraduates, the University also runs a free backup service (called the HFS - register here), which lets users back up data on demand and/or on a weekly automatic schedule.

You should also encrypt your laptop so that, if it’s stolen or lost, no one can get at your personal data. You can do this with either Windows Bitlocker or Mac Filevault.  The University also offers a whole-disk encryption service for University-owned machines. We strongly recommend you make use of this if your machine holds University data.