10-step plan

10-step plan: staying safe online

Nobody wants to have their data stolen, their notebook to stop working, or strangers to have access to their phone details and email data. Fortunately, there are steps you can take to prevent this.

 The 10 steps are the basis for working online safely - at home, at work or on the road.

  • 1. Set a strong password, do not reuse it and never hand it over

    Nowadays, simple passwords are very easy to crack. The passwords used at the university must meet minimum requirements to reduce the risk of them being cracked to a minimum. Do not use that password to log onto other websites or applications outside the University of Twente. There is no knowing what will happen to that password. Furthermore, hackers increasingly obtain passwords through other organizations, even large ones. If you use the same password, it can be used to log onto your university account and other locations where it is used.

    We recommend using a password manager to remember all those different, strong passwords. The university recommends Bitwarden. Bitwarden is the winner of a European tender run by SURF and, among others, the University of Twente.

    You can find out if your password and other data have ever been leaked in a data breach. The website Have I Been Pwned has an extensive database of (almost) all data breaches. The university has a subscription for all email addresses within the utwente.nl domain. CERT-UT will warn the user if their data ends up in that database. But it's advisable to check your other email addresses for leaked ones.

    Just like you should not re-use your password or give it to other organizations, you should not give your account’s password to third parties. Only use it to log onto the university’s official login pages. We will never ask you for your password through any other means.

    To find out more about using passwords and the password manager, take a look at the Password GuidanceYou can read all about how we deal with passwords at the university in our University of Twente Guidelines on authentication

  • 2. Always keep your computer, tablet, smartphone and apps up to date

    No software is flawless. Suppliers, researchers and other organizations continually discover new vulnerabilities in the software, which are then solved by the suppliers. Criminals try to use these weaknesses to take over your computer. Making sure your system is kept updated with the latest versions will usually give you the upper hand over criminals.

    Replace old operating systems such as Windows XP and Windows 7 or macOS High Sierra and macOS Mojave as soon as possible.

     Where possible, activate automatic updates on your devices and applications.

  • 3. Use a virus scanner and make sure it is up to date

    A virus scanner will help to limit infections if a criminal tries to install something on your system. Take care with email attachments or that useful little program on offer on an unknown website, because these may all contain malware. A good, up-to-date virus scanner ensures that any malware has only a very small chance of becoming active. Make sure that your virus scanner performs automatic updates.

    Workstations provided by the University have Microsoft Defender installed as the default virus scanner. Do not install other virus scanners as this will negatively impact the University's security.

    Paid virus scanners offer better protection against incidents. We recommend Microsoft’s standard virus scanner, Windows Defender, for Windows 10. In other cases, we recommend using one of the following virus scanners:

    However, if you prefer to use a free virus scanner, then choose Avast Free Antivirus

  • 4. Make sure the information on your devices is encrypted and set a PIN

    Modern systems such as Windows 8, 10 and 11, Android, and iOS help protect your information if you lose your device.

    Your device can contain sensitive information without you realizing it. For instance, most email programs store emails on your device after retrieving them. These emails could contain personal and other sensitive information about the university or yourself. Browsers also sometimes save pages. In any case, they keep track of which pages you visited. You probably don’t want others to access that information if you lose your phone or notebook. In that case, a good password will help, but it is not always enough.

    Encryption saves your data in a way that can only be read when your device has been unlocked. Once you unlock an encrypted device, your data is decrypted. You will find further information about encrypting your device on the page Protecting Data.

  • 5. Use a password-protected screensaver

    Lock your computer every time you walk away from your workplace. This prevents others accidentally or intentionally gaining access to your account and thus to your data. On Windows computers this can be done simply by using the Windows key and L.  

    Phones and tablets have an automatic screen-lock option if the device is not used for some time. A device can be made even more secure if the lock button is used, for example, when someone walks off for a moment without taking the device with him.  

  • 6. Use VPN when on a public WIFI network (or your personal hotspot)

    Most public WIFI networks are not encrypted. As a result, other people can easily intercept your data traffic and read it. Even when the traffic itself is encrypted, such as when visiting the university website, an attacker can assume the university's identity. Most browsers warn in such a case, but many apps are not set up to detect this kind of breach of data traffic. By using a VPN, you can easily ensure the security of your device. You can find how to do this in the manual.

    Even better, use a personal hotspot on your phone. You will be sure you are the only one using that network.

  • 7. Use a firewall

    A firewall protects your computer against outside attacks. Furthermore, a firewall can prevent an unwanted program from sending information to criminals if for some reason the virus scanner fails to detect the malware. The firewall can easily be activated on a Windows device.

  • 8. Prevent other people from watching your screen or keyboard

    A lot of information is leaked by what is called shoulder surfing. This is when people look over your shoulder or from the train seat next to you to read what is on your screen. Try to ensure no one can stand behind you when you are working with confidential information. An even better option is to use a privacy screen on your notebook. This ensures only you can see the information.

    Make also sure nobody can watch what you type on your keyboard. Often they don't need to see all the characters you type. As long as they know a proximate location of the keys pressed they can guess whats you type.

  • 9. Be aware of what you share on social media and who can see it

    If you share a lot of personal information on social media, chances are this data will be misused. So take care when sharing personal details and limit who can see it. More information can be found on the Social media page.  

  • 10. Don't fall for the phishing emails

    Companies do not ask for personal or account information by e-mail. This also applies to the IT and HR departments. If you receive an email requesting account information, delete this email. Do not open attachments with suspicious or strange e-mail messages. Never click on links in emails, as they can lead to malware, but also be careful with links on websites. Instead, you visit the site directly. A tactic of cybercriminals is to send an urgent message. Be on your guard.