Information security

Information matters to all of us. Whether it's at home or at work, as a member of our University, you need to know how to protect and manage the information in your care. This includes information that could be commercially sensitive or confidential and also personal information.

Failing to protect personal information, in particular, could lead to the University being fined and could damage our reputation.

Your responsibilities

As with all risks, managing them isn't about ignoring them or avoiding them. It means that we all take responsibility, stop and think before we act.

As a member of our University you're required to protect and manage the information in your care. Here are the core expectations that the University has of you:

• All staff and students must follow the University's IT Acceptable Use Policy and our Information Security Policy (.pdf)
• All staff should also complete the How We Work at Essex annual booster on Moodle 
• Report an information security incident

Security awareness

• Avoiding phishing scams
• Disposal of information

Keeping information secure 

Here are some simple tips to help you keep the information you handle secure.

Hard copy and paper information

• Don't leave papers lying around on your desk. Lock them away at the end of the day.
• Keep cupboards, desk drawers and filing cabinets locked and don’t leave keys in the locks.
• Never use a fax machine to send anything confidential
• All confidential materials should be placed in the confidential waste consoles provide in various locations across our Colchester Campus. You can find out more about disposal of information and where to find a confidential waste console on our disposing of documents webpage
• Never leave bagged waste for shredding in corridors or other public spaces.

Your workspace

• If you have an office to yourself then lock it whenever you leave it, even if you are only popping out for two minutes – it’s so easy to get waylaid.
• If you’re in a public or shared office make sure that your monitor is in a position that prevents casual visitors being able to see what’s on it. Consider having a privacy screen for your monitor.
• If your work area has a door that needs a staff badge or a keypad to get in them, don't hold the open for people you don't know and who may not have the right to access your work area.
• Minimise open windows on your computer if you have a visitor who could see your computer screen.
• Lock your computer screen when you leave it.
• Don’t leave papers lying around on your desk. Lock them away at the end of the day.
• Avoid taking information away from your office – either in paper form or on removable media. Use the Open VPN system instead.
• Encrypt removable media wherever possible.
• Follow our guidance on mobile devices

Emails

• Make sure you take the time to check that you are sending an email to the right person. Avoid using the Outlook “suggest names” function, type in the exact email address, or right click on the name in the “to” box to view and check the properties before you send.
• When forwarding emails, especially long trails of emails, check that there is no sensitive, confidential or personal information in one of the earlier emails in the thread that the people you're about to forward to ought not to see.
• See our advice on how to avoid phishing scams

Sharing information

• If you are asked for information verbally – especially if it’s personal information - then always take time to check the identity of the caller. Read our Third Party Contact Guidance for more on this.
• Never divulge or share passwords, and change passwords if you think that anyone else knows them.
• If you need to write a password down then keep the note away from your computer and try not to make it obvious what it is.

Also see

• The Information Commissioner has advice on how to safeguard your personal information (.pdf)
• Quick Guide - Information security (.pdf)
• Quick Guide - Looking after employee information (.pdf)