Working securely online
All employees of Leiden University handle data or personal information. And it is very likely that, at some point or another, everyone will receive a suspicious email or have to deal with other attempts by hackers to gain access to this data. Some cybercriminals try to obtain data because they want to make money from it; others collect knowledge on behalf of other parties. For the university, it is important that employees share the right data with the right people; we are all responsible for making sure that this happens.
Six tips for being digitally safe at work
Long, unpredictable passwords are the best. On the Strong passwords page, you can find tips for creating strong passwords that are easy for you to remember.
Good to know: ULCN occasionally sends messages about the status of your account and password, but never asks you for your password.
Chances are that, at some point or another, all employees will receive a phishing email containing a dangerous link or attachment. On the Phishing page, you will find tips on how to recognise and report suspicious emails.
The first step towards good digital security is to make sure you always have the latest updates installed on your device. If updates are available, you will automatically receive notifications on your computer and phone. If you have a university laptop, you should install the updates using the Wi-Fi network in one of the university buildings.
If you want to save and send files, use OneDrive or SURFdrive. This is safer than using USB sticks or external hard drives. Send work emails using your university account, and not via other services such as Gmail or Hotmail.
On the page about saving and sharing files you will find more information about SURFdrive and SURFfilesender, encrypting files, safe printing and sending emails to a large group of people.
Whether you have a long meeting or just pop out for a cup of coffee, it is important to lock your computer. It is also advisable to keep your digital folders and your desk tidy. This reduces the chance of anyone accessing your data.
If you are not using the university’s Eduroam network, make sure your connection is secure. Give your home router a strong password, or use your own mobile hotspot. Public networks, such as those at hotels or in trains, are not secure unless you connect via VPN. Watch the instruction video on how to install eduVPN. For more tips, see the page on mobile devices.
Reporting suspicious activity
Report (potential) phishing attempts, data breaches and malware to the ISSC helpdesk (tel. 8888). You must also notify your supervisor of any loss of confidential data.
When reporting a phishing email to the ISSC, be sure to include the email as an attachment. You can do this as follows:
- In Outlook, click on “Home” in the top left.
- Then click on “Forward”, then on “More”.
- Here you will see the option to forward the message as an attachment.