Protecting our people and staying secure against privacy and cyber threats

• This blog shares information about privacy and cyber security threats and advice and guidance on cyber security and data protection issues.  
• The Information Security and Data Protection staff training course has been updated and must be completed by everyone, every year.   
• The course also reminds staff of the importance of reporting cyber security incidents or potential data breaches as soon as they are discovered.     

Encountering cyber security threats and handling personal data have become routine activities for us all. We know from the press and social media that there are huge costs, disruption and harm caused by cyber attacks and data breaches, and here at Oxford we have many attempted attacks every day.   

Many of us handle sensitive information in our day-to-day roles – student records, research findings and personal information – and working with this information without proper training and support can lead to data breaches with potentially serious consequences for our people and the University.   

Everyone is responsible for the protection of personal data and managing it effectively. We want you to know what you need to do to be alert to the threat of cyber crime, and to have sufficient knowledge to identify incoming threats. To support you, the Information Security and Data Protection staff training course is available across the collegiate University and this must be completed by everyone, every year. New staff should take the course as part of their induction, and current staff should take the training when their annual renewal comes up.  

Handling personal data    

If you are handling personal data, it’s important to integrate good data protection practice into your activities right from the start and adopt the appropriate measures to keep it safe, such as:  

• minimising the amount of data you collect  
• being transparent about how we use data 
• deleting personal data when it’s no longer needed, and
• creating (and improving) security features.   

By improving your understanding of the risks and how to deal with them, you are helping to keep everyone safer online, keep our reputation intact, protect research data and avoid the risks of significant harm to our people and the University.   

The University continues to expand and develop its provision of Generative AI tools, and this year's course includes a new section on use of Artificial Intelligence (AI) in the workplace, with guidance on using these securely and responsibly.   

Staying safe online can mean the obvious things like protecting your devices and avoiding scams, but it’s important to be aware of a few others like spotting shoulder surfers and sticking to secure Wi-Fi connections. Developed by the Information Security and the Information Compliance teams, the course reminds you what to do when encountering cyber security threats, how to keep your devices secure and up to date, and of the importance of reporting cyber security incidents or potential data breaches as soon as they are discovered.   

Departments should monitor course completion on a monthly basis and follow the available reporting guidance and staff will now receive automatic annual reminders once their certification has expired. A reminder of the Information Security and Data Protection student training course will also be shared at the start of Michaelmas term.    

We all have a key part to play in keeping ourselves, our colleagues and our data cyber secure, and managing this effectively is central to the University’s mission in delivering its teaching and research.  

For advice and support on data protection, you can write to us or book a surgery, get online staff guidance, and join our Data Protection Network – a community that’s open to anyone and meets regularly to discuss key topics. The Information Security team can be contacted on grc@infosec.ox.ac.uk.