How can I e-mail files securely?
Always send University emails from your work account; don’t use Gmail or Hotmail, etc. You can send confidential messages (and attachments) using SURFfilesender. More information about sending secure e-mails can be found here.

How can I share and send files?
If you want to share files with internal or external colleagues, you can use Office 365 (e-mail), SURFdrive and OneDrive. If some files are too large to send via e-mail, use SURFfilesender. You can use these services using your ULCN account. More information about sending and sharing files is available on this page.

Is there a secure alternative to WhatsApp?
Signal is a secure alternative to WhatsApp. Read more about Signal.

Where should I report incidents?
Information security is essential for Leiden University. This means not only that we deal with (sensitive) information in a secure and conscious manner, but also that incidents are reported as soon as possible. For information on who to contact in the event of incidents, visit this page.

How can I recognise phishing e-mails?
We all occasionally receive an email from an unknown sender, with content we weren’t expecting or that raises our suspicions in some other way. Information on phishing can be found on this page.

How do I set up a secure connection (with a VPN)?
Make sure you use a secure internet connection and install a VPN. The University has one that you can use for free. 

How do I work securely from home?
Read more about working securely from home.

How do I make sure I am digitally safe when working from home?
Information on being digitally safe can be found on this page.

How do I make sure online meetings are secure?
Inform yourself by reading tips on ensuring secure online meetings.

How do I create strong passwords?
More information about creating strong passwords.

What are password managers?
Password managers store your passwords in encrypted form so that they can only be decrypted with your master password. Generally speaking, there are two variants of password managers: local managers and cloud services. They are also available as a separate application or as an add-on in your web browser. Many of these services help you not only with creating and storing passwords but also by proactively warning you if one of your passwords has appeared in a data breach and by automatically filling in your password on genuine sites; they will not fill in the password on a phishing site, even if this looks exactly like the genuine site.

What is multi-factor authentication (MFA)?
The Security Office advises that you should make sure that all your important services, such as your email (where you often receive recovery messages if you have forgotten a password), are protected with multi-factor authentication (MFA). With this, you not only give your password but also an additional confirmation, often with a six-digit security code or a push notification. You must therefore never share these codes with anyone else. If you receive an unsolicited text message containing a code of this kind, or if someone phones you and asks for the code in your app, this is often a sign that attackers have obtained your password.

What are the (dis)advantages of cloud services?
The big advantage of cloud services is that your passwords are easily accessible. You can access them on multiple devices, such as your laptop and smartphone. You also don’t lose all your passwords at once if you lose a device. Tip: make sure that you store your multi-factor authentication (MFA) recovery code safely (e.g. by printing it out and keeping it in a safe place at home) in case you lose your factor. The big disadvantage of a cloud password manager is that, although quite rare, attacks can occur because you are dependent on the security and reliability of the cloud supplier.

What are the (dis)advantages of local password managers?
Your passwords are safely encrypted and are only stored on your device itself. This means you are not dependent on other people’s security. The disadvantage is that you must make careful back-ups of your password manager yourself because if you lose your local files, or if your device is lost or broken, you will have permanently lost all your passwords.

What does the Security Office advise?
The Security Officers themselves still use password managers, in order to generate a unique and strong password (or password sentence) for each service. They make sure that their master password is especially secure by using a very long and naturally unique password sentence. They also use multi-factor authentication (MFA) for all important services because then if a password is compromised, an attacker can’t simply log in using that password alone.

The Security Office therefore still advises you to use a password manager and always set up multi-factor authentication wherever possible. Which solution is most appropriate for you is your own choice. The Security Office recommends the open-source solutions KeePass for a local password manager and Bitwarden for the cloud variant.

Where can I save information securely?
Request a secure alternative (such as OneDrive) for the J drive or P drive from the ISSC helpdesk. You can also use SURFdrive. This is a personal cloud storage service for the Dutch education and research sector for storing, synchronising and sharing files easily.

How do I set a password for a file?
You can protect Word and Excel files with a password. This ensures that others can’t simply open and edit the files. This can be useful for files containing confidential data, or if you don't want people to be able to edit the data. A guide to encrypting documents is available here (Dutch only).

How do I print securely?
Employees who need to print confidential documents can use secure printing. Documents printed using secure printing are automatically deleted from the printer's server. Guide for printing securely (Dutch only). Do not leave confidential documents in or near the printer. When you have finished printing, don’t forget to remove the original document from the scanner and don’t leave your LU card at the login station. 

Can I install software myself?
Most work laptops are managed laptops and are managed by the ISSC. This means that you can’t just install software yourself, as you would on your own personal devices. The programmes that you can install on your managed laptop are available in the Software Center. To find them, type ‘Software Center’ in your laptop’s search bar.  All these programmes are safe. 

If you need to use special software for your work and it is not part of the package offered via the Software Center, you can request it via the ISSC helpdesk portal.