Ten-step plan: staying safe online

Nobody wants to have their data stolen, their laptop to stop working, or strangers to have access to their phone details and email data. Fortunately, there are steps you can take to prevent this.

 The ten steps are the basis for working online safely - at home, at work or on the road.

Set a strong password, do not reuse it and never hand it over

Nowadays, simple passwords are very easy to crack. The passwords used at the university must meet minimum requirements to reduce the risk of them being cracked to a minimum. Do not use that password to also log onto other websites or applications outside the University of Twente. There is no knowing what will happen to that password. Furthermore, hackers increasingly obtain passwords through other organizations, even large ones. If you use the same password, it can be used to log onto your university account, and other locations where it is used. In order to remember all those different, strong passwords, we recommend using a password manager. There are various free and paid applications available. LastPass is a user-friendly option.

Just like you should not reuse your password or give it to other organizations, you should not give your account’s password to third parties. Only use it to log onto the university’s official logon pages. We will never ask you for your password.

To find out more about using passwords and the password manager, take a look at the Password GuidanceYou can read all about how we deal with passwords at the university in our University of Twente password policy (in dutch only). 

Always keep your computer, tablet, smartphone and apps up to date

No software is flawless. Suppliers, researchers and other organizations continually discover new vulnerabilities in the software, which are then solved by the suppliers. Criminals try to use these weaknesses to take over your computer. Making sure your system is kept updated with the latest versions will usually give you the upper hand over criminals.

Where possible, activate automatic updates on your devices and applications.

Use a virus scanner and make sure it is up to date

A virus scanner will help to limit infections if a criminal tries to install something on your system. Take care with email attachments or that useful little program on offer on an unknown website, because these may all contain malware. A good, up-to-date virus scanner ensures that any malware has only a very small chance of becoming active. Make sure that your virus scanner performs automatic updates.

Paid virus scanners offer better protection against incidents. We recommend Microsoft’s standard virus scanner, Windows Defender, for Windows 10. In other cases we recommend using one of the following virus scanners:

However, if you prefer to use a free virus scanner, then choose Avast Free Antivirus

Make sure the information on your devices is encrypted and set a PIN

Modern systems such as Windows 8 and 10, Android and iOS help protect your information if you lose your device.

Your device can contain sensitive information without you realizing it. For instance, most email programs store emails on your device after retrieving them. These emails could contain personal information but also other sensitive information about the university or yourself. Browsers also sometimes save pages. In any case, they keep track of which pages you visited. You probably don’t want others to access that information if you lose your phone or laptop. In that case, a good password will help, but it is not always enough.

Encryption saves your data in a way that can only be read when your device has been unlocked. Once you unlock an encrypted device, your data is decrypted. You will find further information about encrypting your device on the page Protecting data.

Use a password-protected screensaver

Lock your computer every time you walk away from your workplace. This prevents others accidentally or intentionally gaining access to your account and thus to your data. On Windows computers this can be done simply by using the Windows key and L.  

Phones and tablets have an automatic screen-lock option if the device is not used for some time. A device can be made even more secure if the lock button is used, for example, when someone walks off for a moment without taking the device with him.  

Use VPN when on a public WIFI network

Most public WIFI networks are not encrypted, take the Enschede_stad_van_nu’ network for instance. As a result, other people can easily intercept your data traffic and read it. Even in cases when the traffic itself is encrypted, such as when visiting the university website, an attacker can assume the identity of the university. Most browsers give a warning in such a case, but many apps are not set up to detect this kind of breach of data traffic. By using a VPN, you can easily ensure the security of your device. You can find how to do this in the manual.

Use a firewall

A firewall protects your computer against outside attacks. Furthermore, a firewall can prevent an unwanted program sending information to criminals if for some reason the virus scanner fails to detect the malware. The firewall can easily be activated on a Windows device. Most paid virus scanners offer a firewall. In any case, that goes for the recommended paid virus scanners under step 3.

Use a webcam cover

Criminals can switch on your webcam without you knowing it. This allows them to watch the room you are in. That might mean that not only you are visible, but also the whiteboard with confidential information behind you. Most devices are not only used in the office but also in the living room and perhaps even in the bedroom. A webcam cover prevents a criminal from watching, whereas when you want to use the camera, you can just remove the cover.  

Prevent other people from reading your screen

A lot of information is leaked by what is called shoulder surfing. This is when people look over your shoulder or from the train seat next to you to read what is on your screen. Try to ensure no one can stand behind you when you are working with confidential information. An even better option is to use a privacy screen on your laptop. This ensures only you can see the information.

Be aware of what you share on social media and who can see it

If you share a lot of personal information on social media, chances are this data will be misused. So take care when sharing personal details and limit who can see it. More information can be found on the Social media page.