Information Security FAQs
Below is a collection of the most commonly asked questions, it is not exhaustive. If you cannot find the answer to your question, please email email@example.com
- Use secure means to access University information (e.g. Virtual Private Network (VPN), OnedriveforBusiness, remote access to N and O drive via website)
- Do not store local copies of High Sensitive and Personal /Confidential University information - see the Information Classification and Handling table for advice on storage
- Delete your browsing history for shared personal computers to remove any cached session details
Where assignments do contain the student name and ID number i.e. not anonymous marking then you should not use your personal mobile device to store or transport the assignments as this information is classed as 'Personal/Confidential' as an individual can be identified. You must access them remotely via the VPN, the University Onedrive service, or the N and O drive accessed via the webmail.
The Information Security Policy is not encouraging a 'clear desk policy'. However there are some areas of the University which routinely manage personal or sensitive data where individual managers may choose to implement such a policy.
- Lock your computer when you are not at your desk by pressing Alt + Ctrl+Del all at once and then clicking on 'Lock'
- Create a strong password: making it 8 characters or more long, use lower and upper case letters, numbers and punctuation. You can set up your own security questions for reseting your password by following this link.
- Clear your desk of any sensitive information when you leave the office, and lock it away
- Lock the door and windows when you leave the office
- Only save date in your department's shared drive, your N drive or the University's OnedriveforBusiness. Your desktop (C drive) is not backed up so you may lose your important data if you have computer trouble.
- If you need to throw out information that is classed as 'Highly Sensitive' or 'Personal/Confidential' then put it in one of the Confidential Waste Boxes that are around the University or ask Facilities to tell you where the nearest one is.
If you need to access 'Highly Sensitive' or 'Personal/Confidential' Information from home or anywhere else, you need to do it securely, using one of the following methods:
- The University's Virtual Network Service (VPN)
- University of Worcester OneDriveforBusiness
- Access your N or O drive, via Webmail
Good practice would be:
- Don't leave it lying around where anyone could access it
- Password protect the date if its on a mobile device or memory stick. Use Rights Management Services to protect documents
- Don't work on the information in public (e.g. cafes, buses, trains etc)
- Make sure your mobile device is encrypted
Many of us rely on our phones and tablets on a day to day basis - so make sure you protect yourself:
- Keep devices physically secure and take reasonable measures to reduce the risk of theft or loss (e.g. keeping the device on your person andout of sight, do not leave unattended in hotel rooms etc)
- Secure access to devices using an appropriate passcode, passphrase or similar; where appropriate default settings hsould be changed to allow use of more advanced passcodes
- Set devices to automatically lock after a pre-defined period of inactivity (usually no more than a few minutes)
- Keep software on mobile devices up to date with the latest version
- Only install apps from trusted locations. For University owned devices this has to be through the IT Helpdesk
- Be careful who can read information when viewing in public areas
- Report theft or loss of mobile devices to the IT Helpdesk, Information Assurance (firstname.lastname@example.org) and your department
If you are unsure if the information you are working on or accessing is classed as Highly Sensitive or Personal/Confidential then you need to look at the Information Classification and Handling webpage.
Here you will find a flowchart that helps you work out the category of your information and a table which gives examples of the different categories of information and how you can process and store them.
'Cloud Services' is a general term for anything that involves delivering hosted services via the Internet.
You may have encountered the Cloud as a way of storing information remotely i.e. iCloud, Dropbox, Google Docs. However, some of the options are not secure and therefore careful consideration needs to be given when considering using a Cloud Service for University Information.
Any information classed as Highly Sensitive or Personal/Confidential should only be shared by the University's approved Cloud Service - OnedriveforBusiness.
Cloud Services such as Dropbox and Google Docs are not permitted for these categories of data/information as they are not secure, they are not hosted within the European Economic Area and are therefore not protected by EU Data Protection law.
The University contracts out the disposal of confidential waste. Information and data that is classified as 'Highly Sensitive' or 'Personal/Confidential' should be placed in the Confidential Waste disposal boxes which are placed around the University - not the plastic recycling boxes.
If you are unsure of the location of your nearest Confidential Waste Box please ask Facilities.
The boxes are emptied on a fortnightly basis and the contents shredded off site.
If your local Confidential Waste Box is full or you have a large quantity of confidential waste please contact Facilities who will arrange an additional collection.
Please do not shred your confidential waste - shredded paper causes issues for both the Confidential Waste Shredding service equipment and for normal waste collection service equipment.
Edward Elgar Building
University of Worcester
Worcester WR2 6AJ
Tel: 01905 543032/ 01905 855014