COVID-19: Data privacy and cybersecurity

If you haven’t done so already, please read the University’s working from home advice.

With many of us working from home, there is an increased need to be responsible where data protection and information security are concerned, and as such, we would ask staff to:

  • Ensure your devices are secure and register an alternative email address.
  • Be aware of email scams and phishing attacks, report it and tell us if you did anything with it.
  • Report potential personal data and cybersecurity breaches.
  • Ensure your data protection and information security training is up to date.

Further details on how to ensure you stay safe are provided below.

Computer security

Whether you use a University computer, or your own computer, it is extremely important that you ensure it is set up correctly. This includes: registering an alternative email address in case of account recovery; using Sophos Intercept X (the University’s preferred end-point protection software); and enabling automatic updates. The InfoSec website has helpful guidance on how to protect your computer. If you are unsure about any of the above and require assistance contact your local IT support or email grc@infosec.ox.ac.uk

Email scams (‘Phishing’)

The University is experiencing an increase in social engineering attacks known as ‘phishing’. These attacks are often used to trick staff into clicking on malicious hyperlinks and/or revealing sensitive information such as login credentials. If you receive a suspected ‘phishing’ email forward it to phishing@infosec.ox.ac.uk. Include with your email whether or not you divulged any credentials, downloaded any attachments, or clicked on any links. The InfoSec website contains more information on how to avoid email scams.

Data breaches

If you suspect a data breach report it immediately, please do not delay reporting any incidents.

Find out how to report by visiting the recently updated Staff guidance on data breaches on the Compliance website. To accompany the guidance we have produced examples of data breaches including breaches which may occur while working from home. Breach incidents relating to personal data must be reported to data.breach@admin.ox.ac.uk  and relating to cybersecurity must be reported to oxcert@infosec.ox.ac.uk.

Information security and data privacy training

All University staff must be trained in information security and data privacy. To achieve this we provide an online information security and data privacy training course which takes approximately one hour and must be renewed every twelve months. There is no cost for the training course. For more details, or if you have any questions, please contact your local administrator or email grc@infosec.ox.ac.uk