Tips for new students

The Information Security team welcome you to the University of Edinburgh! We have some tips you help keep you and your information secure during your time at the University. Following these tips and looking at our more in-depth pages will keep us all safer.


Choose unique passwords for every account

Make every password different for all your online accounts. Never use the password you use for University accounts anywhere else. 

Using three or four unrelated words will make a fairly strong password. Or use a password manager, available to all students, to make and store truly random passwords. 

Use Multi-Factor Authentication, Two Factor Authentication or Two Step Verification on any accounts where it is offered.

Keys and padlocks with asterisks across them and a shield with a lock on it.


Use an antivirus program and a firewall

Your laptop may already have these installed, but if not make sure that you get both and make sure that you do not turn either off. Be especially cautious if any program or any person asks you to change the settings or ignore warnings from them. 

What is malware

Avoid phishing and scams

Take care with communications

Phishing is when cyber criminals send out messages trying to get you to reveal personal information or passwords. Online or phone scams are similar except the criminals are usually wanting you to send money.

  • Be wary of any messages that ask for personal information or passwords, or that link to sites that do.
  • Be wary of messages with attachments if you aren't expecting one, even if you know the person sending it.
  • Be wary of any messages that claim to be from government agencies, financial institutions or the police. Ask yourself "is this really how they would contact me?" You can always call them to check - don't use any number given in the message, look at the official website to find a genuine number.
  • Be wary of anything that tries to make you act quickly without thinking.
  • Be wary of offers that seem too good to be true.
  • Be wary if payment is demanded in strange ways (e.g. Bitcoin, gift cards, vouchers)

If you have any suspicions about an email at all or believe that your University account details have been phished then contact EdHelp (for students) or the IS Helpline (for other users).

If you believe that you have fallen victim to a scam then contact University Security and/or the Advice Place. 

Avoid Phishing

Devices, Software and Operating Systems

Make sure that you keep your devices and the software on them up to date. 

Cyber criminals will try and use security holes they find in your laptop or phone operating system, or in the software you use on them, to try and install malware or get access to your information. Don't let them. If you have the option to set things to automatically update you should turn it on.

Make sure you keep your devices locked if you are not using them.

Setting PINs for phones and tablets often encrypts them too. If you are using a University Supported Desktop the hard drive will be encrypted by default. You may be able to encrypt your own laptop, but we cannot directly support you in that. 

Don't install software from unofficial sources

It can often contain malware, may not work properly, and could be pirated. Use the official application stores for your devices. The University has licenses and academic versions of many packages.

encrypting tablets and devices

Physical Security

Don't make it easy for people to steal your devices

It only takes a few seconds to steal a laptop or phone, so keep an eye on them and only leave them somewhere you know is secure.

Set up any extra security you may have on your device

Most phones have a "Find my device" option that give more options for protection if a device is lost or stolen. Always set a PIN, a password or a biometric lock on your devices.

Protect your data as well

Keep backups of your data. You are best to keep your work on University provided services such as Microsoft Office 365 or DataStore where they are backed up automatically.

Remember that you are more valuable than your devices

Your safety should always come first.

Social Media and Digital Citizenship

Be cautious when using social media

Social media can be a source of scams, frauds, bad links and false information. Many of the same things that happen in the section on phishing and scams apply. Be wary.

Be a good Digital Citizen

Your interactions online are subject to the same University policies that govern your "in person" interactions with the University community. 

Keep your personal data personal

Many social media polls and quizzes are actually ways to get personal information about you. "What was number one in the charts when you were born" can often reveal your date of birth to within a few days. It's best not to engage.

Cookies and Privacy

Why do I see popups about cookies and should I allow them?

Companies running websites offering a service to people in the UK and the EU need to obtain consent in order to set "cookies" in your browser. These can be used for useful and essential purposes on a website but some can be used to offer you targeted adverts. Some sites will give you an "Accept" or "Reject" option for non-essential cookies. They may also ask you again on a regular basis. Rejecting non-essential cookies may preserve more of your privacy.

Why do some websites say "This content is not available in your country/region"?

In some cases the owners of the website do not have enough users based in the UK and the EU to make it worthwhile for them to add cookie consent options so instead they block access to users in those regions. 

laptop screen of question mark

Other Guidance

These sites and documents are from sources external to the University and are provided for information only.

laptop screen of sharing icon