10-step plan

Nowadays, simple passwords are very easy to crack. The passwords used at the university must meet minimum requirements to reduce the risk of them being cracked to a minimum. Do not use that password to also log onto other websites or applications outside the University of Twente. There is no knowing what will happen to that password. Furthermore, hackers increasingly obtain passwords through other organizations, even large ones. If you use the same password, it can be used to log onto your university account and other locations where it is used. In order to remember all those different, strong passwords, we recommend using a password manager. There are various free and paid applications available. 

You can find out if your password, and other data, have ever been leaked in a data breach. The website Have I Been Pwned has an extensive database of (almost) all data breaches. The university has a subscription for all email addresses within the utwente.nl domain. But it's advisable to check your other email addresses for leaked ones.

Just like you should not re-use your password or give it to other organizations, you should not give your account’s password to third parties. Only use it to log onto the university’s official login pages. We will never ask you for your password through any other means.

To find out more about using passwords and the password manager, take a look at the Password Guidance. You can read all about how we deal with passwords at the university in our University of Twente Guidelines on authentication. 

No software is flawless. Suppliers, researchers and other organizations continually discover new vulnerabilities in the software, which are then solved by the suppliers. Criminals try to use these weaknesses to take over your computer. Making sure your system is kept updated with the latest versions will usually give you the upper hand over criminals.

Replace old operating systems such as Windows XP and Windows 7 or macOS High Sierra and macOS Mojave as soon as possible.

 Where possible, activate automatic updates on your devices and applications.

A virus scanner will help to limit infections if a criminal tries to install something on your system. Take care with email attachments or that useful little program on offer on an unknown website, because these may all contain malware. A good, up-to-date virus scanner ensures that any malware has only a very small chance of becoming active. Make sure that your virus scanner performs automatic updates.

Workstations provided by the University have Microsoft Defender installed as the default virus scanner. Do not install other virus scanners as this will negatively impact the University's security.

Paid virus scanners offer better protection against incidents. We recommend Microsoft’s standard virus scanner, Windows Defender, for Windows 10. In other cases, we recommend using one of the following virus scanners:

However, if you prefer to use a free virus scanner, then choose Avast Free Antivirus. 

Modern systems such as Windows 8 and 10, Android and iOS help protect your information if you lose your device.

Your device can contain sensitive information without you realizing it. For instance, most email programs store emails on your device after retrieving them. These emails could contain personal information but also other sensitive information about the university or yourself. Browsers also sometimes save pages. In any case, they keep track of which pages you visited. You probably don’t want others to access that information if you lose your phone or notebook. In that case, a good password will help, but it is not always enough.

Encryption saves your data in a way that can only be read when your device has been unlocked. Once you unlock an encrypted device, your data is decrypted. You will find further information about encrypting your device on the page Protecting data.

Lock your computer every time you walk away from your workplace. This prevents others accidentally or intentionally gaining access to your account and thus to your data. On Windows computers this can be done simply by using the Windows key and L.  

Phones and tablets have an automatic screen-lock option if the device is not used for some time. A device can be made even more secure if the lock button is used, for example, when someone walks off for a moment without taking the device with him.  

Most public WIFI networks are not encrypted, take the Enschede_stad_van_nu’ network for instance. As a result, other people can easily intercept your data traffic and read it. Even in cases when the traffic itself is encrypted, such as when visiting the university website, an attacker can assume the identity of the university. Most browsers give a warning in such a case, but many apps are not set up to detect this kind of breach of data traffic. By using a VPN, you can easily ensure the security of your device. You can find how to do this in the manual.

A firewall protects your computer against outside attacks. Furthermore, a firewall can prevent an unwanted program from sending information to criminals if for some reason the virus scanner fails to detect the malware. The firewall can easily be activated on a Windows device.

A lot of information is leaked by what is called shoulder surfing. This is when people look over your shoulder or from the train seat next to you to read what is on your screen. Try to ensure no one can stand behind you when you are working with confidential information. An even better option is to use a privacy screen on your notebook. This ensures only you can see the information.

Make also sure nobody can watch what you type on your keyboard. Often they don't need to see all the characters you type. As long as they know a proximate location of the keys pressed they can guess whats you type.

If you share a lot of personal information on social media, chances are this data will be misused. So take care when sharing personal details and limit who can see it. More information can be found on the Social media page.  

Companies do not ask for personal or account information by e-mail. This also applies to the IT and HR departments. If you receive an email requesting account information, delete this email. Do not open attachments with suspicious or strange e-mail messages. Never click on links in emails, as they can lead to malware, but also be careful with links on websites. Instead, you visit the site directly. A tactic of cybercriminals is to send an urgent message. Be on your guard.