If you are a student new to the University we have some simple advice to help protect yourself and our University community in our online world. Our Tips for New Students page gathers it together.
Protecting accounts and devices
- Lock your device's screen whenever you leave your device, and do not leave portable devices unattended outside secure areas.
- Use strong, unique passwords for all services.
- Do not use your University passwords with other services.
For more information:
Encrypting devices and documents
- If you are using a portable device of any kind (laptop, tablet, phone or any other device) then it must be protected with full disk encryption. This is usually a default but you should check.
- Don't share your passwords or encryption keys.
For more information:
Backup & Deletion
- Use University storage options whenever possible as backup is part of those services.
- Keep backups up to date and backup automatically if possible.
- Check regularly that your backups still work.
- Devices with University data should have that data securely deleted before disposal or re-use.
For more information:
Remote working
- Use a University supported device if possible as this is the easiest secure option.
- If you are using a personal device then follow the guidance on Bring Your Own Device (BYOD)
- When travelling the most secure option is often to access data remotely rather than have it on your devices.
For more information:
Phishing
- Just because an email comes from a University address that doesn't make it legitimate.
- If an email is asking you to do something unusual then check before doing anything, even if it appears to be from a colleague or senior staff member.
- Always be suspicious of emails that try and pressure you into doing something quickly, especially if they appear to be from places like the police, government departments, banks etc.
- Never send your password over email.
- If you think an email might be phishing then assume that it is, and report it.
For more information:
Information Security Essentials courses
All University staff, visitors and Postgraduate Research students should complete the Information Security Essentials and Data Protection Essentials courses. Everyone must retake the course every 2 years.
Students have an Information Security Essentials for Students course available as part of the "Essentials" set of courses on Learn Ultra.
Information on how and where to find these courses can be found on our training pages.
Our site also has additional information and guidance; a good place to start is our Policies and Guidance page.
Digital Skills and Training
We have also worked with the Digital Skills team to roll out face to face sessions on key cybersecurity topics. Information on upcoming talks can be found on our Awareness Sessions page.
Information Security Awareness Sessions
National Cyber Security Centre
The National Cyber Security Centre has information that will help you protect you and your family.
If you are the victim of a an information security attack: phishing, a computer virus infection, or even receive an email message that you think may leave other University members particularly vulnerable, report it to the IS Helpline:
You can send the suspicious email as an attachment to is.helpline@ed.ac.uk where it will be collated with other reports of the same attack (Sending the email as an attachment preserves the email headers and gives us a better chance of stopping any further attempts to propagate the email).
*Please do not send screenshots or forwarded copies of the email, as it will not give us this data.
If you have a more general Security Query, want to get in touch about some work you are doing for the university or have any feedback regarding the Information Security Webpages the email address for the team is:
If you are looking for some general advice so that you can be more proactive, a lot more great content can be found at: