Tools & tips for working securely online
As a university employee, you probably work with personal data. How can you make sure you keep this data as secure as possible?
Sending e-mails to a large group of people
When sending an e-mail to a large group of people, it is important for privacy protection that you type the e-mail addresses in the ‘Bcc’ box (blind carbon copy). This ensures that the recipients cannot see who else is in the recipient list. It also prevents someone accidentally sending a response to all recipients using the ‘reply all’ option.
Storing and sharing files online? Use secure programmes
You can store files securely in the cloud using SURFdrive & SURFfilesender, so you can always access your files and share them easily. SURFdrive has been specially developed for use in higher education and research. It has all the features of WeTransfer, Dropbox, OneDrive and Google Drive, plus it’s more secure.
The overview of software and collaboration tools contains a list of secure programmes.
Working from home with Remote Workplace
Always use the ‘Remote Workplace’ to access files in your workspace from a non-university computer, at home or on a public computer. If that is not possible for any reason, use a service like SURFdrive. Never save files online, only open them.
You can fully or partially encrypt files containing confidential data so they can only be accessed using a password. You can find the procedure to encrypt a file in the Manual for processing confidential data (Dutch only).
You can use ‘secure printing’ to print documents containing confidential information (such as documents containing personal data) using a password. You can find instructions for secure printing in the Manual for processing confidential data (Dutch only).
Reporting suspicious activity
Internet criminals sometimes try to use e-mails to gain access to your ULCN account details (phishing), for example by creating e-mails with a layout that makes you think they’re from Leiden University. You might be asked to send your account details or to log in on a page that looks like your familiar log-in screen. Never respond to these e-mails; delete them from your inbox immediately. ULCN will never ask you for your account details.
However, ULCN will send you e-mails regarding the status of your account and your password. If you would like to change your password, never click on a link in an e-mail.
In the first instance, report any loss of confidential information to your supervisor. If another type of information is concerned, report this to the ISSC Helpdesk (tel. 8888) or the IT contact person.
Digital confidential information can be encrypted. Confidential documents in paper format should be kept in a locked cupboard. If an unauthorised colleague needs access to these documents, this is only permitted under the supervision of the administrator responsible.
Use a ‘pass phrase’ instead of a password.
A simple phrase is harder to crack (and often easier to remember) than a password, especially if the phrase also contains a special character and a number. A password made up of a combination of special characters, letters and numbers is difficult to crack. Here are some tips to help you set a secure password:
- Include a combination of numbers, letters and special characters.
- The longer the password, the better.
- Use several capital letters.
- Make sure the password is not in any way related to the application you are using.
- Don’t use common expressions, sayings or proverbs.
- Don’t use personal information such as names, birthdays or mottos.
Your mobile device
If you have synchronised your e-mail and calendar to your personal smartphone or tablet, or if you use your phone or tablet for work in another way, make sure the device is secure. For example, make sure you can wipe the device remotely in the event of loss or theft. You can also install eduVPN. eduVPN makes untrusted, public networks secure, by establishing an encrypted connection. Watch the instruction video how you install eduVPN.
Install the latest security updates on all your devices.
Do not store information on portable memory units such as USB sticks or external hard drives.
What else can you do?
You can also help prevent data leaks and ensure a secure working environment:
- Never share your ULCN account with anyone else.
- Keep your passwords secret and don’t use your ULCN password on other websites.
- Don’t reply to spam or phishing e-mails.
- Lock your computer screen if you leave your workspace.
- Don’t lose sight of USB sticks or external hard drives containing confidential information.
- Look out for ransomware: don’t open e-mail attachments from unknown senders. Ransomware is a virus that encrypts files and then demands money in return for the key that will make the files available again.