Students

1. Keep your accounts safe

NEVER GIVE YOUR PASSWORD TO ANYONE. EVER.

CREATE DIFFERENT, LONG PASSWORDS FOR EVERY ACCOUNT

Passwords: make sure your password is easy for you to remember and hard for others to guess. Follow this advice for creating strong passwords and remember: IT Services and your college IT staff will never ask for your password.

If someone else does find out your password, you must change it immediately via IT Services' self registration website.

Use multi-factor authentication wherever it is offered. This adds an additional layer of security to an account, because someone needs not only your password to access your account, but also access to your other verification method such as an authenticator app or text message.

Your Oxford Single Sign-On (SSO) account has MFA enabled, so please make sure you have that set up correctly.

How would you feel if your personal data was used in a way you didn’t expect? Look after the data you have access to and treat others’ data as you’d expect yours to be treated. If you spot suspicious activity or a data breach, report this immediately.

2. Be cautious using public computers and wireless networks

Public computers and open wireless networks can be targeted by criminals who are able to record everything; from the sites you visit to the details you type. If you do use a public computer - for example in a cafe, library, or open computing room - try to avoid activities that require you to input confidential information, such as online banking. If you do have to complete a financial or confidential transaction:

• do not leave any information about yourself on the computer, simply clear the browser's History and/or Cache when you have finished
• consider changing your password (or other login details) when you get back to a computer that you trust
• consider setting up a separate email account (on Google Mail or Yahoo for example) to use when you are travelling
• if you have to leave your computer for any length of time, make sure that you lock the screen.

3. Keep your computer secure

USE STRONG PASSWORDS OR PINS ON SMARTPHONES, TABLETS AND LAPTOPS

MAKE SURE YOUR DEVICE’S SCREEN LOCKS AUTOMATICALLY WHEN NOT IN USE

There are thousands of pieces of software designed purely for malicious activity. We therefore recommend that you protect all of your internet enabled devices with anti-virus software.

Owners of computers connected to the University network are responsible for the installation and maintenance of up-to-date anti-virus software. Virus-infected computers can be barred from using the University network.

Members of the University can install the Sophos Endpoint Detection and Response (anti-virus) client on to their own computers for free. The anti-virus client is available for MS Windows, Apple Mac OS X and Linux.

4. Back-up your work

If you value your data you need to back up your files. You will have your own OneDrive account which stores your files in the cloud, and this should be sufficient to keep most files safe. For any files that are particularly valuable to you, you might also consider a physical backup, such as a USB drive or external hard-drive that you keep separate from your computer and which is free from any viruses.

5. Protect your devices and documents

ENCRYPT CONFIDENTIAL DOCUMENTS BEFORE SENDING AND DON’T USE UNENCRYPTED MEMORY STICKS

Online security isn't always enough: you also need to guard against mishaps in the real world. For example, your computer could break, get damaged, or be stolen. If your computer is stolen, you have not only lost the physical device and your data but you have also given someone else access to any stored usernames, passwords and account details.

While most areas in the University are secure from any non-University members, this can never be certain so make sure you take measures to secure personal items:

• lock down laptops and portable equipment, including using disk encryption 
• always keep an eye on your laptop when it's in a public place;
• encrypt confidential documents before sending email and only use encrypted memory sticks;
• in your room, keep devices out of sight and lock them away if possible; and
• when setting an auto-reply email message, do not give any indication that you will be away from your room or house.

6. Take your information security and data protection awareness training

Students are invited to take this short course aimed at keeping you safe online at Oxford. It takes around 10 minutes to complete and consists of short videos about phishing and social media, the dangers of social networking and student scams. 

If you handle university data as part of your studies or have been asked to provide a certificate to your department as proof of completion of the information security training, you should complete the Information Information Security and Data Protection course for Staff.

There is also an interactive activity within the course which we are aware some people with accessibility issues may not be able to do, so we have also offered an accessible version of the course which replaces the interactive activity with a video which conveys the same information.

As a student at Oxford, it’s important you have the knowledge, life skills and resources to navigate the digital landscape securely and that you know how to play your part in protecting University systems. Understanding cyber security is not just a precaution, it's a necessity. You are not required to complete the student training course, but we would strongly encourage you to do so.

You will need to login using your SSO (Oxford Single Sign-On), with multi-factor authentication (MFA).

This is the first time we have offered this training to students, so if you have any comments or feedback, please contact the Oxford Secure project team

Take the student training

Accessible version of the student training

Visit our 'I want to...' section to learn more about staying safe online. Below are some examples of the guidance available: