Golden Rules for Cyber Security at Liverpool Hope University

Create Strong Passwords: Always use strong passwords that are at least 12 characters long, with a combination of uppercase and lowercase letters, numbers, and special characters. Avoid using easily guessable passwords (e.g., "Password123").
Passphrases for Enhanced Security: Instead of using a traditional password, consider using a passphrase - a sequence of random words or a sentence that is easy for you to remember but hard for others to guess. For example, a passphrase like "BlueElephant$JumpingOverLions!" is strong because it's long and includes a mix of characters, but it’s also easier to remember than a random string of characters.
Never Reuse Passwords: Do not reuse passwords across multiple accounts. If one account is compromised, others may be vulnerable.
Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring additional verification (e.g., a text message code or authenticator app). If MFA is unavailable, increase the length of your password to at least 14 characters.

Spot Red Flags: Be cautious of unsolicited emails that contain poor grammar, urgent requests, or attachments from unfamiliar sources.
Hover Over Links: Never click on suspicious links or download unknown attachments. Always hover over links to verify the destination URL before clicking. Ensure the URL is legitimate and matches the intended website.
Avoid Sharing Credentials: Never share login details, personal data, or financial information via email. If you receive such a request, confirm its legitimacy with IT Services before responding.
Be Wary of Pop-Ups: Don't engage with pop-up prompts asking for personal information. Legitimate services won't ask for sensitive data through pop-ups.
Check the Sender's Email Address: Be aware of slight misspellings or suspicious-looking email addresses that mimic legitimate ones.

Enable Automatic Updates: Always set your devices and applications to update automatically so you receive the latest security patches.
Update Operating Systems and Apps: Ensure that your operating system, software, and applications are up-to-date - outdated systems have security vulnerabilities that hackers can exploit.
Use Antivirus Software: Ensure anti-virus and security software is installed and running on all devices to help detect and block threats.
Patch Vulnerabilities: Promptly install critical security patches for software, web browsers, and operating systems to reduce exposure to known vulnerabilities.

Use University Platforms: Store university files on university systems (e.g., Network Drives, Google Drive, OneDrive, Moodle). Do not use personal cloud storage accounts for university-related data.
Avoid Personal Email for Work: Do not send sensitive university information over personal email accounts, as they may not have the necessary security measures in place.
Review Third-Party Services: Avoid using unauthorised third-party apps, browser add-ons/extensions, or services for university-related tasks to ensure compliance with security standards.
Secure File Sharing: Use secure, university-approved file-sharing methods for transferring confidential or sensitive data.

Follow Data Protection Policies: Always adhere to university data protection policies when handling student records, research data, or financial information.
Secure Communication: Use encrypted methods for sending or storing sensitive data, such as secure email or file encryption software.
Avoid Unsecure Channels: Never share sensitive personal or university data through insecure channels, like social media, text messages, or personal messaging apps (e.g., WhatsApp).
Secure Physical Files: Ensure physical documents containing sensitive data are securely stored and locked when not in use.
Limit Data Sharing: Only share sensitive information when absolutely necessary and ensure the recipient has the appropriate security clearance.

Lock Devices: Always lock your computer, laptop, or mobile device when leaving it unattended, even for a short time (e.g., Windows: Win + L, Mac: Cmd + Ctrl + Q).
Log Out of Accounts: Always log out of university systems and cloud accounts when you're done, especially if you are using shared or public computers.

Avoid Public Wi-Fi: Public Wi-Fi networks are often unsecured, making it easier for hackers to intercept your data. Avoid accessing sensitive accounts, logging in to systems or making transactions on these networks.
Disable File Sharing: Turn off file-sharing settings and Bluetooth when using public or unsecured networks to prevent unauthorised access.

Report Suspicious Activity: Immediately report any suspected phishing attempts, cyber threats, or security breaches to the IT Services Help Desk (itshelp@hope.ac.uk / 0151 291 2100).
Signs of a Security Issue:

Prompt Action: Reporting issues quickly can help prevent larger security incidents and mitigate risks to the university's systems and data.

Avoid Unknown USB Drives: Never plug in unknown USB drives or external devices, as they could contain malware designed to infect your system.
Scan Before Use: Always scan external devices, including USB drives, hard drives, and other peripherals, for malware before accessing the files.
Use University-Approved Devices: Only use devices and peripherals that have been authorised by the university to reduce the risk of introducing harmful software.

Stay Informed: Cyber threats are constantly evolving. Stay up-to-date by attending university cybersecurity training sessions and regularly reading security alerts or updates from IT Services.
Understand Social Engineering: Be aware of social engineering tactics, where attackers manipulate you into divulging personal information. Always verify the identity of anyone requesting sensitive data.
Question IT-Related Requests: Be suspicious of unsolicited requests for login details, software installation, or administrative actions. Verify requests with IT Services before proceeding.