Security (ICT-security)

Work safely and respect the ICT Code of Conduct

When you work for AUAS as a researcher, teacher (or otherwise) or as a supplier you work with lots of ICT systems, (research) data, and possibly students' personal data. AUAS expects you treat all data and business information with due care.

Make sure you apply the AUAS ICT Code of Conduct. If you apply the ten golden rules for secure digital work (below) you are well on your way.

Ten golden rules for secure digital work

1. Ensure you have good basic security on your PC, laptop, phone and tablet. Install antivirus software and a firewall, set up automatic screen locking and immediately do software updates when prompted. Set up the functions to find and lock your device, so that you can erase or lock your data remotely in case of theft or loss.

2. When you leave your PC, laptop or tablet for a short while, lock the screen. Never leave behind any confidential information at your workstation.

3. Set up a different and strong password (at least 12 characters) for each of your accounts. Regularly update your passwords. Never allow others to use the password to your UvAnetID.
How to make strong passwords

4. Ensure you can recognise phishing emails. When you receive a suspicious email, always check the email address, links and attachments. Call the email sender if you don't trust the email.
How to recognise phishing emails

5. Use OneDrive and Teams to store your files securely. Files on OneDrive and Teams are encrypted and backed up.

6. Use OneDrive, Teams, ResearchDrive or SURFfilesender to share personal and confidential data securely (in encrypted format). Sharing data is more secure than emailing them.

7. Only use public networks with a secure VPN connection. Without a secure VPN connection, others can easily spy on you! Inside UvA buildings, use the secure networks 'eduroam' or 'hva'.

8. Only use software and apps for which the AUAS has entered into a data processing agreement with the supplier. The security and privacy of data is guaranteed only when there is a data processing agreement.

9. Regularly tidy up your email inbox, data and personal data. Only gather data you need for your purpose and don't store data any longer than necessary. Tidy up at the end of the teaching semester or (research) project.

10. Carefully consider which personal information you share on social media and who you link to. Hackers are watching! Activate privacy and security settings for all you social media accounts and use multi-factor authentication where possible.

Published by  ICT Services CISO 22 March 2024