 |
- Store
data in your My Documents folder only and not directly on the PC’s local hard disk. On University PCs, saving to your My
Documents folder stores your data in a secure central personal file store. When
you log on to the network, this synchronises with your PC or laptop, meaning
that you will still have password-protected access to your data when not
connected to the University network.
- Lock
your office if you are the last to leave.
Laptops are particularly at risk, so we
recommend the following:
- Never
leave your laptop unattended. A computer lock can be used to secure your laptop
while you are away. Laptops should be stored in a locked filing cabinet.
- When
ordering a laptop, purchase insurance from the supplier cover for it.
University insurance does not cover laptop losses.
- Avoid
using obvious laptop bags or a bag with the computer company’s name on it.
- If
the nature of your work requires that store data on the local hard disk rather
than your personal file store, make sure you back-up critical files frequently
and store backup media securely.
- Take
advantage of password locking features – see your laptop manual for details.
- Keep
your laptop away from accessible windows
- Record
the make, model and serial number of your computer and devices associated with
it, and keep these separate from your laptop.
- Report
any theft of your laptop immediately to Security, and/or the Police. Notify
your line manager of any sensitive corporate that was held on the device. Call
the IT Service Desk for further advice.
- And if you are travelling with your laptop:
- Do
not leave your laptop visible in an unattended vehicle. Lock it in the boot of
the vehicle or take it with you.
- Keep
it with you at all times where possible.
- Make
the bag stand out from all other bags. An unusual colour or bright labels
attached to the bag make it easier to locate.
- When
flying, keep your laptop as hand luggage.
- Use
the hotel safe to store your laptop when away from your hotel room.
- Save
documents to your personal file store on a frequent basis. If this is not
available, e-mail them to yourself, or copy them to another disk/device,
keeping the disk/device securely but separate from the laptop.
|
 |
The majority of serious data breaches involve the loss of removable media such as USB sticks. Most removable media is easy to lose, you are advised to purchase encrypted USB sticks if you intend to use this type of media for storage of University data.
Advice:
- Don’t
put sensitive data onto temporary or portable media.
- Use
an encrypted USB memory stick if you need to store sensitive data on a portable
device.
- If
you do use portable media for backup, store it in a secure location.
- Activate
your mobile phone security – check your phone’s manual for advice on how to do
this.
- Treat
portable media as you would treat a laptop.
- Store
your information in your personal file store or, if available/appropriate, a
shared area on a central server. Data held in these locations is regularly
backed up. In the event of a hardware or system failure, the data will be
restored. However, if you accidentally delete your data, you won’t be able to
get it back.
- Keep
a backup of any important files you are working on, even if they are stored on
an IT server, to guard against accidental corruption or deletion.
|
 |
- Store your files in your personal filestore (“My Documents” if you have the Windows Secure
Desktop), which only you have access to.
- Always lock the screen/keyboard on your PC
before you leave it unattended
- Do not share passwords.
|
 |
- Choose your password carefully. Avoid words
in the dictionary, or words or numbers that someone might guess, e.g. your car
registration number, NI number, partner’s name or date of birth. Passwords are
harder to break if they include numbers and/or punctuation. You could also run
two short words together, or use an acronym - made by taking the first letter
of every word of a memorable phrase.
- Writing your password down should be avoided,
but if you do have to write it down, store it in a private place, such as your
wallet or purse.
- Do not tell anyone your password.
- Do not let ANYONE else use your ID and
password, even for what you think is a legitimate business need. This is a
potential disciplinary offence.
- The security of your password is your
responsibility. If you think someone else knows it, contact the IT Service Desk
on ext. 2000 for advice on changing it.
|
 |
- Don’t install software on your PC unless it
comes from a known, reputable source.
- Make sure you have anti-virus software
running on your PC and that it is being updated regularly. If you think it
isn’t, check it with the IT Service Desk on ext. 2000.
- Be careful about the web sites you visit and
do not download or attempt to install any software or software “plug-ins”
unless you are confident of the source/supplier. Remember also that there may
be licensing implications e.g. software that is free for personal use may not
be free in a commercial environment.
- Do not follow links in unsolicited emails or
respond to requests for personal or business details – even if these seem
legitimate. They are most likely not.
- Ensure there are no “back doors” into your
PC; do not connect a modem to your PC at the University, do not install “remote
control” software.
- Do not set up a wireless network. Wireless
networks should only be set up with IT Services’ involvement, using equipment
known to work with the security systems already in place. See the IT Services
website at http://www.wlv.ac.uk/its/default.aspx?page=7019 for more information.
|
 |
This is a
risk where you are accessing University IT facilities remotely from home using
your own computer, or taking files home to editing on your home PC. Please note
that IT Services do not support home PCs – the advice given is general good
practice, dos and don’ts.
- Ensure that your Windows PC is set up to
download and install critical software and security updates and that your
Windows Firewall is switched on. Controls for these can be found in the Control
Panel or right-click My Computer>Options.
- Ensure that your PC is running anti-virus and
anti-spyware software and that it is being updated regularly. Staff and
students of the university are entitled to use F-Secure Anti-Virus software on
home PCs.
- Do not run as administrator of your own
machine – set up a separate admin user and password for making changes or
installing software.
- Ensure there are no “back doors” into your
PC. Do not allow remote connections to your PC (note this is set to ALLOW as
default). These setting can be changed from My Computer>Properties.
- Be very careful about the web-sites you
visit. Some websites will try to install malware on your PC as soon as you
visit them.
- Do not store University business data on home laptops or desktops.
|
 |
If you
have a wireless network at home, make sure you take steps to make it secure.
Many wireless networks are not secure out-of-the-box ; please read the manual to find out how to secure it. If you are not sure about
some of the terms used below, you probably shouldn’t be setting up a wireless
network. Seek advice from the retailer or the supplier’s support.
- Change your wireless router’s username and
password to something other that “admin” and “password” – unbelievably many are
shipped with such defaults that are simple to guess.
- Use wireless encryption such as WEP, or
preferably WPA, to secure your network. This requires you to define a
passphrase and/or generated key for access to your network, which you then
share with people as required.
- If possible, set your router up to prevent
access by unidentified computers by registering the MAC addresses of those that
you want to allow on your network.
- Don’t broadcast your SSID as this makes your
network visible to all wireless devices.
|
 |
- Ensure that your PC is running a virus
checker, and that it is being updated regularly. If you think it isn’t, check
it with the IT Service Desk on ext. 2000.
- Never delete a file if you are told to by an
email – even if it appears to come from IT Services or a legitimate source like
Microsoft.
- Do not click on web links in unsolicited
emails or provide and personal information via such links.
- If you are not sure what to do, phone the IT
Service Desk on ext. 2000 and ask for advice.
- Never circulate instructions on what to do
about a virus. Instructions can often be hoaxes and can include instructions to
delete important files.
- Always ring IT Services on ext. 2000 to
report a virus alert if you receive one.
Further advice on protecting your computer from viruses can be found on the IT Services
website at http://www2.wlv.ac.uk/its/selfhelp/help/virus/HowtoProtectYourComputerfromViruses.asp.
|
 |
- Make sure you have permission to store and
manipulate confidential or sensitive information. Business critical data should not be stored on home computers, iPhones or any unencrypted removable media.
-
Encrypt any confidential information that you
are authorised to send outside of the University. Also ensure any confidential data being transferred by partner agencies to the University complies with the data encryption requirements suitable for this type of data. Please see the IT Services website
at http://www2.wlv.ac.uk/its/selfhelp/help/powerarchiver/PowerArchiverHelp.asp.
Do not send unencrypted confidential
information by email. Email is not a secure means of transmitting confidential
information. Please see the IT Services website for tips on keeping your email secure and protecting yourself from phishing attacks.
- Do not let anyone see confidential
information on your screen. You should be aware of how open your working
environment is, and whether your computer screen is
visible to visitors or students, for example.
- Print to MFD printer wherever possible as
these require that you authenticate yourself before your documents are printed.
If printing to an open printer, always collect your output from the printer
straight away.
- Dispose of confidential waste according to
your School or Departmental policy.
|
 |
There
should only be one copy of corporate data at any one time with perhaps a backup
copy. Additional copies of data can lead to disparity and inaccuracies.
- If you need to share data, shared drives and
public folders are useful storage facilities and using these will avoid
duplication of information.
- Databases. The creation of databases using software such as MS
Access to hold information already contained in the University corporate
systems (e.g. the Finance System, SITS or Personnel) should be avoided. If you
think you need to do this, contact the IT Service Desk for advice. The
retention of data – particularly personal and sensitive data (e.g. A student record with their grade) needs to be accurate and
auditable and is protected by legislation. If you hold unauthorised data about
other people, then YOU PERSONALLY may be in contravention of the law.
|
 |
- Lecture notes and other learning materials
should be put on WOLF, rather than on a personal website. All websites
containing learning materials or information for students must conform to
accessibility legislation and most unofficial websites don’t. You should not
publish learning materials or related information on your own website.
|
For further advice about anything mentioned
in this document, please contact the IT Service Desk on ext. 2000, or
01902-322000 from outside the University.
