University home > Information security > Information security policies > Do's and don'ts

Do's and don'ts

Do:	Don't
Seek advice from the IT Service Desk if you are unclear about any aspect of information security.	Disclose your password to anyone. Read our information on keeping your passwords safe.
Report any loss or suspected loss of data. Find out how to report lost or stolen hardware or data.	Use a personal email account for conducting University business.
Change your password if you have any suspicion that it may have been compromised.	Undermine or seek to undermine the security of computer systems.
Ensure that personally owned equipment which has been used to store or process University data is disposed of securely. See further information on hardware and data disposal.	Make copies of restricted University information without permission.
Encrypt your mobile devices and make sure that restricted information is always encrypted before it's sent to others. See further information on encryption.	Provide access to University information or systems to those who are not entitled to access it.
Password protect your personally owned devices. See further information on mobile security.	Use your University password as the password for any other service.
Keep all of the software on your personally owned devices up to date. See further information on protecting your computer.	Connect personally owned storage or mobile devices to University owned equipment if you are a member of staff or a research postgraduate.
Comply with the law and University policies. See further information on compliance.	Send unauthorised bulk email (spam). See the University's mass emailing policy.
Be mindful of the risks of using open (unsecured) wifi hotspots or computers in internet cafes, public libraries etc. See information on travelling with University data.	Leave your computers unlocked when left unattended.
Do assume that Information Security is relevant to you. See the Information security website for comprehensive information on all aspects of information security at the University.	Leave hard copies of information classified as Confidential or above unattended or unsecured. See the University's Record Management advice.