10-step plan

10-step plan: staying safe online

Nobody wants to have their data stolen, their notebook to stop working, or strangers to have access to their phone details and email data. Fortunately, there are steps you can take to prevent this.

 The 10 steps are the basis for working online safely - at home, at work or on the road.

  • 1. Set a strong password, do not reuse it and never hand it over

    Nowadays, simple passwords are very easy to crack. The passwords used at the university must meet minimum requirements to reduce the risk of them being cracked to a minimum. Do not use that password to also log onto other websites or applications outside the University of Twente. There is no knowing what will happen to that password. Furthermore, hackers increasingly obtain passwords through other organizations, even large ones. If you use the same password, it can be used to log onto your university account and other locations where it is used. In order to remember all those different, strong passwords, we recommend using a password manager. There are various free and paid applications available. 

    You can find out if your password, and other data, have ever been leaked in a data breach. The website Have I Been Pwned has an extensive database of (almost) all data breaches. The university has a subscription for all email addresses within the utwente.nl domain. But it's advisable to check your other email addresses for leaked ones.

    Just like you should not re-use your password or give it to other organizations, you should not give your account’s password to third parties. Only use it to log onto the university’s official login pages. We will never ask you for your password through any other means.

    To find out more about using passwords and the password manager, take a look at the Password GuidanceYou can read all about how we deal with passwords at the university in our University of Twente password policy. 

  • 2. Always keep your computer, tablet, smartphone and apps up to date

    No software is flawless. Suppliers, researchers and other organizations continually discover new vulnerabilities in the software, which are then solved by the suppliers. Criminals try to use these weaknesses to take over your computer. Making sure your system is kept updated with the latest versions will usually give you the upper hand over criminals.

    Replace old operating systems such as Windows XP and Windows 7 or macOS High Sierra and macOS Mojave as soon as possible.

     Where possible, activate automatic updates on your devices and applications.

  • 3. Use a virus scanner and make sure it is up to date

    A virus scanner will help to limit infections if a criminal tries to install something on your system. Take care with email attachments or that useful little program on offer on an unknown website, because these may all contain malware. A good, up-to-date virus scanner ensures that any malware has only a very small chance of becoming active. Make sure that your virus scanner performs automatic updates.

    Paid virus scanners offer better protection against incidents. We recommend Microsoft’s standard virus scanner, Windows Defender, for Windows 10. In other cases we recommend using one of the following virus scanners:

    However, if you prefer to use a free virus scanner, then choose Avast Free Antivirus

  • 4. Make sure the information on your devices is encrypted and set a PIN

    Modern systems such as Windows 8 and 10, Android and iOS help protect your information if you lose your device.

    Your device can contain sensitive information without you realizing it. For instance, most email programs store emails on your device after retrieving them. These emails could contain personal information but also other sensitive information about the university or yourself. Browsers also sometimes save pages. In any case, they keep track of which pages you visited. You probably don’t want others to access that information if you lose your phone or notebook. In that case, a good password will help, but it is not always enough.

    Encryption saves your data in a way that can only be read when your device has been unlocked. Once you unlock an encrypted device, your data is decrypted. You will find further information about encrypting your device on the page Protecting data.

  • 5. Use a password-protected screensaver

    Lock your computer every time you walk away from your workplace. This prevents others accidentally or intentionally gaining access to your account and thus to your data. On Windows computers this can be done simply by using the Windows key and L.  

    Phones and tablets have an automatic screen-lock option if the device is not used for some time. A device can be made even more secure if the lock button is used, for example, when someone walks off for a moment without taking the device with him.  

  • 6. Use VPN when on a public WIFI network

    Most public WIFI networks are not encrypted, take the Enschede_stad_van_nu’ network for instance. As a result, other people can easily intercept your data traffic and read it. Even in cases when the traffic itself is encrypted, such as when visiting the university website, an attacker can assume the identity of the university. Most browsers give a warning in such a case, but many apps are not set up to detect this kind of breach of data traffic. By using a VPN, you can easily ensure the security of your device. You can find how to do this in the manual.

  • 7. Use a firewall

    A firewall protects your computer against outside attacks. Furthermore, a firewall can prevent an unwanted program sending information to criminals if for some reason the virus scanner fails to detect the malware. The firewall can easily be activated on a Windows device. Most paid virus scanners offer a firewall. In any case, that goes for the recommended paid virus scanners under step 3.

  • 8. Prevent other people from watching your screen or keyboard

    A lot of information is leaked by what is called shoulder surfing. This is when people look over your shoulder or from the train seat next to you to read what is on your screen. Try to ensure no one can stand behind you when you are working with confidential information. An even better option is to use a privacy screen on your notebook. This ensures only you can see the information.

    Make also sure nobody can watch what you type on your keyboard. Often they don't need to see all the characters you type. As long as they know a proximate location of the keys pressed they can guess whats you type.

  • 9. Be aware of what you share on social media and who can see it

    If you share a lot of personal information on social media, chances are this data will be misused. So take care when sharing personal details and limit who can see it. More information can be found on the Social media page.  

  • 10. Don't fall for the phishing emails

    Companies do not ask for personal or account information by e-mail. This also applies to the IT and HR departments. If you receive an email requesting account information, delete this email. Do not open attachments with suspicious or strange e-mail messages. Never click on links in emails, as they can lead to malware, but also be careful with links on websites. Instead, you visit the site directly. A tactic of cybercriminals is to send an urgent message. Be on your guard.