Skip to main content

Information Security FAQs

Information Assurance

Information Security FAQs

Below is a collection of the most commonly asked questions, it is not exhaustive.  If you cannot find the answer to your question, please email infoassurance@worc.ac.uk

Can I use my personal computer/device for work?

We recognise that staff and students will at times use their personal computer and devices to access and process University information.

Individuals are required to manage the risks associated with the use of a personal or shared computer or device for University information.

You are responsible for the protection and secure disposal of ‘Highly Sensitive’ and ‘Personal/Confidential’ information.

  • Do not store local copies of Highly Sensitive and Personal/Confidential University information – see the Information Classification and Handling Policy for advice on storage
  • Delete your browsing history for shared personal computers to remove any cached session details.

Can I use my personal computer/device for marking assignments?

You can use your personal mobile device if the assignment ONLY has the student’s ID number i.e. anonymous marking.  If you follow the Information Classification Flowchart the second question you are asked is “Are individuals identifiable from the information?” and in the case of anonymous marking the answer to this would be ‘No’ so the information is classed as Non-Sensitive/Open.  However it is recommended that you do not transport or store student assignments on your personal mobile device but access them via: the University OneDrive service, SharePoint, University’s VPN and WVD services.

Where assignments do contain the student name and ID number i.e. not anonymous marking then you should not use your personal mobile device to store or transport the assignments as this information is classed as ‘Personal/Confidential’ as an individual can be identified.  You must access them remotely via the VPN, the University OneDrive service.

How do I keep information safe on campus?

The Information Security Policy is not encouraging a ‘clear desk policy’.  However there are some areas of the University which routinely manage personal or sensitive data where individual managers may choose to implement such a policy.

  • Lock your computer when you are not at your desk by pressing Alt + Ctrl+Del all at once and then clicking on ‘Lock’
  • Create a strong password: making it 8 characters or more long, use lower and upper case letters, numbers and punctuation.  You can set up your own security questions for resetting your password by following this link.
  • Clear your desk of any sensitive information when you leave the office, and lock it away
  • Lock the door and windows when you leave the office
  • Only save data to your University OneDrive, or SharePoint sites. Your desktop and local C drive are not backed up, so you may lose your important data if you have a problem with your computer.
  • If you need to throw out information that is classed as ‘Highly Sensitive’ or ‘Personal/Confidential’ then put it in one of the Confidential Waste Boxes that are around the University or ask Facilities to tell you where the nearest one is.

How do I keep information safe off campus?

If you need to access ‘Highly Sensitive’ or ‘Personal/Confidential’ Information from home or anywhere else, you need to do it securely, using one of the following methods:

  • University of Worcester’s OneDrive or SharePoint
  • The University’s Virtual Private Network (VPN), or Windows Virtual Desktop (WVD) Services

Good practice would be:

  • Don’t leave it lying around where anyone could access it
  • Password protect the date if its on a mobile device or memory stick. Use Rights Management Services to protect documents
  • Don’t work on the information in public (e.g. cafes, buses, trains etc)
  • Make sure your mobile device is encrypted and access is protected by a passcode or Biometric fingerprint authentication.

How do I secure my mobile device?

Many of us rely on our phones and tablets on a day to day basis – so make sure you protect yourself:

  • Keep devices physically secure and take reasonable measures to reduce the risk of theft or loss (e.g. keeping the device on your person and out of sight, do not leave unattended)
  • Secure access to devices using an appropriate passcode, passphrase or similar; where appropriate default settings should be changed to allow use of more advanced passcodes
  • Set devices to automatically lock after a pre-defined period of inactivity (usually no more than a few minutes)
  • Keep software on mobile devices up to date with the latest version
  • Only install apps from trusted locations. For University owned devices this must be from approved sources.
  • Be careful who can read information when viewing in public areas
  • Report theft or loss of mobile devices to the IT Service Desk, Information Assurance (infoassurance@worc.ac.uk) and your department

How do I know if information is Highly Sensitive or Personal/Confidential?

If you are unsure if the information you are working on or accessing is classed as Highly Sensitive or Personal/Confidential then you need to look at the Information Classification and Handling webpage.

Here you will find a flowchart that helps you work out the category of your information and a table which gives examples of the different categories of information and how you can process and store them.

How can I use Cloud Services for University information?

‘Cloud Services’ is a general term for anything that involves delivering hosted services via the Internet. 

You may have encountered the Cloud as a way of storing information remotely i.e. iCloud, Dropbox, Google Docs.  However, some of the options are not secure and therefore careful consideration needs to be given when considering using a Cloud Service for University Information.

Any information classed as Highly Sensitive or Personal/Confidential should only be shared by the University’s approved Cloud Service – OneDrive and SharePoint.

Cloud Services such as Dropbox and Google Docs are not permitted for these categories of data/information as they are not secure, they are not hosted within the European Economic Area and are therefore not protected by EU Data Protection law.

How do I securely dispose of confidential information?

The University contracts out the disposal of confidential waste.  Information and data that is classified as ‘Highly Sensitive’ or ‘Personal/Confidential’ should be placed in the Confidential Waste disposal boxes which are placed around the University – not the plastic recycling boxes.

If you are unsure of the location of your nearest Confidential Waste Box please ask Facilities.

The boxes are emptied on a fortnightly basis and the contents shredded off site.

If your local Confidential Waste Box is full or you have a large quantity of confidential waste please contact Facilities who will arrange an additional collection.

Please do not shred your confidential waste – shredded paper causes issues for both the Confidential Waste Shredding service equipment and for normal waste collection service equipment.

Back to top