Be information-secure with dynamic working
While working from home, ‘on the move’, away from your normal work area on one of the University campuses or at any remote location in the UK or internationally, these practices will help keep safe the information and data you need to use. Guidance on IT Support is also available below.
Working safely when not working on campus
- If you don’t have a separate workspace in your home, store any devices, notebooks, and equipment out of sight at the end of the day. This will protect them from being opened accidentally, reduce the risk of them being stolen and help separate your work and home life.
- If you need to leave your computer, even for a short time, don’t forget to lock it to prevent it being accidentally opened or edited by inquisitive children or pets!
- There has been an increase in phishing attacks against the University, please be extra-vigilant and look out for suspicious emails and weblinks. If you are unsure about an email, please contact the IT Service Desk: IT.Services@lboro.ac.uk.
- Office 365 allows you to safely control and share access to information. This is much safer than sharing passwords via email. You can find out how to share files using One Drive, and how to stop sharing them on LinkedIn Learning. If you do need to share a password with a colleague for a system or service not covered by Office 365, share password information via the phone or video call.
- If you are using a University managed computer, your machine will continue to receive monthly security updates. If you are using a personal device, ensure you install and keep anti-virus software and the operating system up to date.
- Avoid sending any personal or confidential information using email. You should use your University OneDrive account to share these files directly. If you accidentally share information with the wrong person or group, you can revoke access to the file easily, if you send the file by email attachment it is very unlikely you will be able to recall the information. You can find out how to share files using One Drive, and how to stop sharing them on LinkedIn Learning.
- When sending emails always double check you have selected the correct individuals contact details. Find out more about checking you are sending emails safely.
- If you are using email to send information to a large group of staff, students or external customers, use Bcc to avoid accidentally disclosing their email details to a wider audience and prevent recipients from using the ‘Reply All’ function.
- If you are using the recording function on an on-line conferencing tool (e.g. MS Teams) to help take notes or minutes of the meeting, make sure you have asked the permission of everyone before the meeting and that you delete the recording as soon as you have finished using it.
Working with confidential information and data
- Please avoid storing any work information, and particularly personal or confidential information on removable storage devices (e.g. data sticks), if this is essential, the device must be encrypted.
- Avoid printing or working with paper documents that contain confidential or personal information as they can easily become lost, accidentally re-used as ‘scrap paper’, or left vulnerable to theft if they are not safely destroyed. If you must work with sensitive paper documents, ensure they are stored safely, preferably in a locked cabinet, and shredded when no longer needed. If you do not own a shredding device, you should tear or cut the information into small pieces before binning it.
If you are using your personal computer to work from home
- If you don’t have a password set up, only use a simple password, or you haven’t changed your password in a long time, consider setting up a strong password to help protect any personal or confidential information you might need to access or use while you are working from home. Avoid using any existing passwords. You can find out more information on setting up a strong password on IT Services' password page.
- If other family members have access to the home computer, set up a separate user profile and login details for your work to help avoid the risk of accidental access, use or viewing of University systems or data.
- If you are working using a personal device, try to avoid mixing up work documents with your saved personal documents by saving information to your university one drive account or workspace.
- If you haven’t already installed anti-virus software on to your home computer, you can install Microsoft Defender, the approved University anti-virus product which is provided for free to all University staff.
If you need to complete or refresh your mandatory information security training module
New staff are expected to complete the online information security training module within two weeks of joining the university, the information security training is included on the induction checklist your manager will give to you when you start.
The training is designed to assist you in understanding the role that you play in combatting information security breaches, such as phishing attacks and helps ensure care is taken to protect and respect the privacy of individuals, whose personal data we need to collect and use.
The University requires that you retake the training module every two years to refresh your awareness of information security risks and good practice when working with information about people. Your Data Co-ordinator will remind you when it’s time to refresh your training.
The information security training module is available through Learn.