Frequently asked questions about privacy and security
Below you will find frequently asked questions about privacy and security. If your question is not listed, or if you have a follow-up question, please contact the Privacy Office or the Security Office.
How can I e-mail files securely?
Always send University emails from your work account; don’t use Gmail or Hotmail, etc. You can send confidential messages (and attachments) using SURFfilesender. More information about sending secure e-mails can be found here.
How can I share and send files?
If you want to share files with internal or external colleagues, you can use Office 365 (e-mail), SURFdrive and OneDrive. If some files are too large to send via e-mail, use SURFfilesender. You can use these services using your ULCN account. More information about sending and sharing files is available on this page.
Is there a secure alternative to WhatsApp?
Signal is a secure alternative to WhatsApp. Read more about Signal.
What is automatic forwarding and why can I no longer use this functionality?
Automatic forwarding, or auto forwarding as it’s also known, is an option that allows you to automatically forward incoming emails to another email address. If emails are automatically forwarded to an external address, protected, sensitive or confidential information may accidentally be shared outside the university. Automatic forwarding to an external email address is therefore almost always a violation of the General Data Protection Regulation (GDPR). It is also common for hackers who have gained unauthorised access to an account to automatically forward all emails in order to learn more about the user, find out confidential information or use your email address to send spam.
To protect your data, increase security and comply with the GDPR, automatic forwarding will therefore be deactivated for all staff. You will find the policy on this measure on the page Privacy and security policy documents (log in to access this page).
What emails can I still forward, either automatically or manually?
You will still be able to automatically forward university emails to internal email addresses, for example to a colleague or group mailbox to ensure continuity of work in case of absence. You will also still be able to manually forward emails, to both internal and external email addresses. However, you are strongly urged to be aware at all times of what data you are forwarding, and to whom.
Can I apply for an exception?
Yes, but only if you can demonstrate that there is a compelling reason to permit automatically forwarding emails in specific instances. You can use the exception procedure to explain why. The Security Office will review your request and offer advice. Always discuss any exception requests with the Security Officer or Information Manager from your own faculty or unit before submitting them.
Where should I report incidents?
Information security is essential for Leiden University. This means not only that we deal with (sensitive) information in a secure and conscious manner, but also that incidents are reported as soon as possible. For information on who to contact in the event of incidents, visit this page.
How can I recognise phishing e-mails?
We all occasionally receive an email from an unknown sender, with content we weren’t expecting or that raises our suspicions in some other way. Information on phishing can be found on this page.
How do I set up a secure connection (with a VPN)?
Make sure you use a secure internet connection and install a VPN. The University has one that you can use for free.
How do I work securely from home?
Read more about working securely from home.
How do I make sure I am digitally safe when working from home?
Information on being digitally safe can be found on this page.
How do I make sure online meetings are secure?
Inform yourself by reading tips on ensuring secure online meetings.
How do I create strong passwords?
More information about creating strong passwords.
What are password managers?
Password managers store your passwords in encrypted form so that they can only be decrypted with your master password. Generally speaking, there are two variants of password managers: local managers and cloud services. They are also available as a separate application or as an add-on in your web browser. Many of these services help you not only with creating and storing passwords but also by proactively warning you if one of your passwords has appeared in a data breach and by automatically filling in your password on genuine sites; they will not fill in the password on a phishing site, even if this looks exactly like the genuine site.
What is multi-factor authentication (MFA)?
The Security Office advises that you should make sure that all your important services, such as your email (where you often receive recovery messages if you have forgotten a password), are protected with multi-factor authentication (MFA). With this, you not only give your password but also an additional confirmation, often with a six-digit security code or a push notification. You must therefore never share these codes with anyone else. If you receive an unsolicited text message containing a code of this kind, or if someone phones you and asks for the code in your app, this is often a sign that attackers have obtained your password.
What are the (dis)advantages of cloud services?
The big advantage of cloud services is that your passwords are easily accessible. You can access them on multiple devices, such as your laptop and smartphone. You also don’t lose all your passwords at once if you lose a device. Tip: make sure that you store your multi-factor authentication (MFA) recovery code safely (e.g. by printing it out and keeping it in a safe place at home) in case you lose your factor. The big disadvantage of a cloud password manager is that, although quite rare, attacks can occur because you are dependent on the security and reliability of the cloud supplier.
What are the (dis)advantages of local password managers?
Your passwords are safely encrypted and are only stored on your device itself. This means you are not dependent on other people’s security. The disadvantage is that you must make careful back-ups of your password manager yourself because if you lose your local files, or if your device is lost or broken, you will have permanently lost all your passwords.
What does the Security Office advise?
The Security Officers themselves still use password managers, in order to generate a unique and strong password (or password sentence) for each service. They make sure that their master password is especially secure by using a very long and naturally unique password sentence. They also use multi-factor authentication (MFA) for all important services because then if a password is compromised, an attacker can’t simply log in using that password alone.
The Security Office therefore still advises you to use a password manager and always set up multi-factor authentication wherever possible. Which solution is most appropriate for you is your own choice. The Security Office recommends the open-source solutions KeePass for a local password manager and Bitwarden for the cloud variant.
Where can I save information securely?
Request a secure alternative (such as OneDrive) for the J drive or P drive from the ISSC helpdesk. You can also use SURFdrive. This is a personal cloud storage service for the Dutch education and research sector for storing, synchronising and sharing files easily.
How do I set a password for a file?
You can protect Word and Excel files with a password. This ensures that others can’t simply open and edit the files. This can be useful for files containing confidential data, or if you don't want people to be able to edit the data. A guide to encrypting documents is available here (Dutch only).
How do I print securely?
Employees who need to print confidential documents can use secure printing. Documents printed using secure printing are automatically deleted from the printer's server. Guide for printing securely (Dutch only). Do not leave confidential documents in or near the printer. When you have finished printing, don’t forget to remove the original document from the scanner and don’t leave your LU card at the login station.
Can I install software myself?
Most work laptops are managed laptops and are managed by the ISSC. This means that you can’t just install software yourself, as you would on your own personal devices. The programmes that you can install on your managed laptop are available in the Software Center. To find them, type ‘Software Center’ in your laptop’s search bar. All these programmes are safe.
If you need to use special software for your work and it is not part of the package offered via the Software Center, you can request it via the ISSC helpdesk portal.