Tips for studying safely
One of our most important responsibilities is keeping Tilburg University’s data safe and secure. The university does this by taking various measures. However, these measures alone are not sufficient. Tilburg University believes that information security is everyone’s responsibility. You need to be aware of your role in preventing and reducing cyber threats.
Caution! Important Tilburg University e-mails may end up in your spam box since the last update of Google Mail
Therefore check your spam box and change the settings of your spam filter as follows.
- In Gmail, tap ‘Why has Google marked this as spam’ or
- indicate that the sender is safe. You can add the sender to the safe sender list. As a result, Tilburg University e-mails will arrive in your Inbox.
Be on the alert for phishing mails
Always be on the alert when you receive e-mails. Companies never ask for personal or account details via e-mail. The same goes for the University’s ICT and HR offices. A phishing e-mail is a fake e-mail that is forged so cleverly that it is hard to distinguish from an authentic e-mail. Hackers “fish” for your details in this way, or they spread viruses that give them access to your details.
- Never open attachments, or click on links in e-mails from people you don’t know.
- Check whether the site is genuine by typing the URL directly into the address field of your browser.
- Always check the sender’s e-mail address by hovering the cursor over the sender’s name. If it is a phishing e-mail, the sender’s address is often unfamiliar or vaguely like that of an authentic organization or company.
- A phishing e-mail often contains spelling mistakes or grammatical errors.
- The e-mail always asks you to share private data, usually as a matter of urgency.
If you have fallen for a phishing e-mail or have any doubts, please contact the CERT team straightaway. Has the hacker managed to lay their hands on private data? Report the hack to the Data Protection Officer (DPO) at data firstname.lastname@example.org. The DPO will then decide whether the hack is a data breach that must be reported to the Netherlands Data Protection Authority.
Beware of strange requests from a 'friend' (social engineering)
Sometimes hackers try to pretend to be someone you know (e.g. a roommate), asking the addressee to share certain information. This is a form of social engineering. A typical example is a request to make rush payments or buy gift vouchers for someone who can't do it himself.
If in doubt, always contact the person in question (preferably by telephone) to check whether the request is from that person. And if you are asked for (confidential) information, always consider whether you are allowed/will be able to give that information. In case of doubt: don't!
Tips for studying safely
Study in a secure environment
Many security measures have already been taken on a Tilburg University PC. On your own PC you have that responsibility. Prevent your data or that of Tilburg University by taking security measures of your own, such as:
- Make sure you protect your own equipment with a virus scanner and that the virus scanner automatically updates itself.
- Make sure that all programs are completely up to date.
The latest version of the software is not only there to improve the ease of use, but also to fill a security breach. Make sure that your device and applications are equipped with the latest updates. If possible, activate automatic updating.
Take a good look at what is being asked and do not click carelessly on "next", "next", "next" until it says "finish". Check at all steps where you agree.
Share your information securely
- Be careful with (personal) data from the university. You should not just store them at home or on your private laptop or PC.
- Consider your work and proceed cautiously.
Your daily work routine is different and you work with distractions that you are not used to in the office. Accidentally a reply all to an outgoing mail is a mistake that is quickly made. To be on the safe side, you can postpone the sending time in your mail, so that you can still withdraw the wrong mail.
- Share your files securely.
As a student at Tilburg University you can use the facilities of Google Apps free of charge. You can store and share your files via GoogleDrive and GoogleDocs. More information can be found on Google Apps.
- Be careful when using (video) chat services.
Handle information that you are discussing differently than usual in group apps and video chats. Preferably share confidential information by telephone instead of via a (video) chat service.
For example, do you use a chat app like Signal or Whatsapp? And have you shared confidential or sensitive information? In any case, delete the chat history after every conversation, so that it is gone on your own equipment (on the server is it not erased).
And remember to check that the app you are using sends your messages encrypted. Secure your internet connection with a strong password.
Store your information securely
There are risks associated with the use of USB sticks and mobile hard drives. You can easily lose them and they can even be stolen. However, if it is necessary to put files on a USB stick, use a USB stick with built-in hardware encryption.
When you store data on a secure cloud drive you can be sure that it is backed up and that your data is safe. Via Tilburg University you can use GoogleDrive and GoogleDocs.
Create strong passwords and change them regularly
Do not share passwords via e-mail or shared documents and do not leave any notes with passwords lying around. Keep your passwords in an encrypted document and do not share it with others.
Tips for making strong passwords
- Think of a one-liner, song lyrics, or another line that you can remember easily and use the first letters of each word to set your password. Also use capital letters and punctuation marks.
- Use a unique password for every single one of your accounts. Cyber criminals often try to log on to as many different online services as possible using a single stolen password. And even the website you use
dto set your password can be hacked. Single-account passwords prevent hackers from accessing all or more of your accounts if they can only get their hands on one of your passwords.
- Whenever possible, use two-step authentication: in addition to your password, a second step is required for identification, for example, a text message (SMS) or a code generated by a smartphone app such as Google Authenticator.
Only connect to a reliable Wi-Fi network
Eduroam gives you simple and safe access to Tilburg University’s wired and wireless networks, also at other institutions that offer eduroam.
If you use a public and non-secure WiFi network (for example, on the train, at the airport, or in a restaurant), others can potentially see what you are doing on the internet and what data you are sending. Therefore, do not send sensitive data (e-mail, online banking information) over networks that you are not familiar with or do not trust. If necessary, use, a VPN connection (also on your smartphone). A VPN encrypts all your internet traffic. As a result, it is much more difficult for criminals and others to track and manipulate your online activities.
Do not use Internet Explorer
Microsoft has identified a critical vulnerability in Internet Explorer. Microsoft is working hard to remedy the situation but, until a solution has been found, LIS advises everyone not to use Internet Explorer. It is OK to use other browsers, such as Microsoft Edge or Google Chrome. Read more information about the advice.
More practical tips
Lock your campus computer
Always lock the campus computer you’re working on when you leave your workstation, even if only for a very short while. That way no unauthorized users can go through it. You can lock your computer by pressing Ctrl + Alt + Delete or Windows key + L.
Use a privacy screen
One of the advantages of traveling by train or bus is that you can work on your laptop or tablet. But what if you need to process privacy-sensitive information you would really rather not have your fellow travelers see? Use a privacy screen. This monitor filter reduces side-angle visibility, making it much harder for others to see what’s on the screen.
Use a webcam cover
Hackers often use malware to try and access the webcam on your laptop, tablet, or smartphone. And malware of this type often switches off the webcam LED lamp, so you can’t tell that the webcam has been hijacked. Use a webcam cover to keep others from prying.
Frequently Asked Questions
What can I do for security measures?
- Work with your own account, which has a password, and do not share it with other users of your laptop or PC, such as your roommates. Other users may only use the guest account.
- Preferably work with a fixed cable.
Your connection is much more stable with a fixed Ethernet cable between your modem and PC than with WIFI. And for malicious people, internet traffic via WIFI is much easier to intercept.
- Check whether your network connection is sufficiently secured. If necessary, switch to a VPN (virtual private network) connection.
You use a VPN connection to access services and servers over the internet that are not freely accessible via the public internet. For example, for off-campus consultation of special databases of the library. Tilburg University offers a VPN server. Click here for the VPN user manual.
- Encrypt your data.
Encrypting your entire storage disk/device is recommended. For example, you can use Bitlocker.
In addition to encrypting your storage disk / device, it is recommended to encrypt files with sensitive data separately. You do this with 7-Zip. Read the 7-Zip manual.
Which apps can I download?
Do not download just any app, but be aware what you download and how your data are handled. Tips:
- Check the source. Do you know the developer and provider of the app?
- Check its popularity. If an app has been downloaded 150,000 times, chances are that the app is safe and reliable. Be careful if the app was downloaded only 15 times or so.
- Read the app’s terms and conditions and check to what information and functionality you give the app access.
- Update regularly. Updates not only improve functionality, but also security.
How do I report a data breach?
Have you lost your laptop containing personal data? Or have the wrong people had access to your information or did you send information to the wrong people? This may constitute a data breach. Please report this to CERT immediately.
Stick to the rules for computer use
Tilburg University has four rules when using account
Tilburg University has equipped their students with a personal @tilburguniversity.edu account. By using the facilities made available by Tilburg University, users must adhere to the following four rules explicitly:
- Giving details of your user name and password(s) to third parties. The original owner remains responsible at all times for any activity on the network in his/her name.
- Sending messages anonymously
- Performing activities on the network, that would seriously interfere with the use of that same network by others.
- Providing information on the network that is forbidden by the law.
Only when all users adhere to these rules and use the network in a responsible manner, is possible to safeguard the network for the entire university community.
How alert are you?