Information Security

Protect your information

Members of the University have an obligation to protect their information and that of others.

All staff and students must adhere to the University's Digital Technology Acceptable Use Policy and Janet Acceptable Use Policy.

The University's detailed Information Security Policy can be found here.

Important Advice to follow:

It is vital that IT Services is warned of any phishing attempts or any unsolicited, malicious email communication or scams against University services as quickly as possible so that staff can act swiftly to limit the potential for abuse. We strongly encourage you report such attempts to us via emailing Spam Support or by logging a call in our IT Service Desk. We aim to respond within 5 working days of receipt.
IT Services will never ask for your password by email or via the IT Service Desk.
Make use of strong passwords that will not be easily guessed.
Keep software up to date by running updates and use anti-virus software.
Be cautious what websites you visit and enter personal information into. Make sure they are legitimate.
Maintain regular backups of important data.

Need Help or Advice?

If your information or computer equipment may have been compromised contact the IT Service Desk.

Password Advice

Never Reveal your Password

IT Services staff will never request your password via phone or email. If anyone does request your password, you should seek advice from the IT Service Desk.

Use a Strong Password

The guidance below is the latest best practice for creating a strong password for your University account:

Maintain a password that adheres to an 8-character minimum length requirement.
Password strength is generally qualified in terms of the probability of a computer cracking it within a reasonable amount of time.
While a longer password maybe stronger, password length should be balanced against whether it is memorable. When users forget their password, they will often choose a weaker password as a result.
Character-composition requirements are no longer mandatory, e.g. use of upper/lower case, numbers, special characters, etc.
Passwords (or passphrases) should be a combination of random common words and/or names that are meaningful to the end user.

Examples:
1. dogwalkingfootballsnowboarding
2. circuitsdrinkingwalkingyoga
3. musicmountainbikefoodchildren

Do not use a single word (e.g. “princess”) or a commonly-used phrase (e.g. “Iloveyou”).
Do not use a password that is the same or similar to one you use for another personal account, e.g. social media. If those accounts were hacked and password stolen, it would compromise your University account.
Make your password hard to guess even by those who know a lot about you, e.g. avoid the names and birthdays of your friends and family, your favourite bands, phrases you like to use, etc.
Change your passwords if you believe that your account has been compromised.
Note: You may be forced to change your password forthwith if IT Services suspects that your account has been compromised.

Turn on Two-Step Verification (or Multi-Factor Authentication)

Where it is available, registration for two-step verification (or multi-factor authentication) is encouraged by providing additional security information about yourself.
If you turn on two-step verification and then try to sign in via an unrecognized device, you will be asked for extra authentication in addition to your password.
A new security code can be sent to your mobile phone as a text message or through a linked authenticator app installed on your smartphone.
Two-step verification boosts account security by making it more difficult for hackers - even if they know or guess your password. It also improves the user experience through the ability to self-serve and remove the need to contact the IT Service Desk for password-related queries.
Ensure you maintain your current security information, e.g. alternate email address or phone number) as this helps to verify your identity if you forget your password or if someone else tries to take over your account.

Backup Advice

Performing regular backups is a vital task to prevent loss of data.

There are many causes of loss of data including hardware/software failure, malicious and accidental loss.

How to Backup your Data

Backup important data to a USB drive or external hard drive.
Backup data locally and to ISS managed storage or online storage.
Perform backups regularly.
Use folders and file names with the date/time.

Data Recovery?

If you fear you may have lost data through accidental deletion, hardware failure or malicious behaviour you can contact us for advice on data recovery options.

While at Swansea University you will be protected against a number of in-coming attacks by our firewall and security measures. However, there are other ways of getting infected or having the security of your machine compromised that the University network administrators cannot protect you against. The best way to protect against this is to regularly update software and run anti-virus/spyware software.

Top Tips to Avoid Malware

Set Windows Updates to run automatically (or your package manager if you use Linux).
Keep your anti-virus software definitions up to date.
Always use the latest release of your web browser.
Avoid unknown websites and links and never run any applications not from a trusted source.

What to Do If You Think Your Computer May Be Infected

If you think your device may be infected with malware, disconnect your machine from the network and contact the IT Service Desk.

Information Security

Protect your information

Password Advice

Backup Advice

Malware Advice

Contact the IT Service Desk