The advice on this page helps UGent employees to perform IT-safe professional activities for UGent, both when teleworking and within the UGent buildings and network.
Note: IT security at UGent is constantly evolving, so these advices are still being updated.
Working safely with UGent IT resources and data is important for every UGent employee, not only to be able to do their own work correctly and safely, but also because local IT security problems can have serious negative consequences for colleagues and the rest of the UGent IT infrastructure.
We distinguish between:
You yourself always bear an important co-responsibility for handling UGent's professional information securely. Therefore, think about the risk content of the data you work with, especially if you work with personal data or other confidential information. Even if you work with the devices and software managed by DICT, it is necessary to use common sense to assess possible risks. Depending on the risk content of the data, additional technical measures such as encryption of the data may still be appropriate.
When in doubt, seek advice, for example from a local IT administrator in your area or (in the case of research projects) from DOZA's data stewards, or from DICT's IT specialists, via the DICT helpdesk.
Inform the DICT helpdesk as soon as possible if you suspect that your account or device has been hacked or any other IT security incident, and follow the instructions you are given. Also report theft or loss of professional IT equipment such as laptops or smartphones.
You must also notify the DICT helpdesk as soon as possible if a data breach is suspected, in which personal data or other confidential information or other important data may have fallen into the wrong hands.
Take care of your UGent account and your login and multifactor authentication (MFA) details.
DICT actively tracks suspicious login activity and takes measures to prevent or stop hacking of UGent accounts and devices. You may be asked to change your UGent password. In the event of sufficiently serious indications, DICT may also temporarily block your UGent account or device. You will be informed to the extent possible.
DICT recommends registering an alternative, private e-mail address in your UGent personal data. This way, DICT can contact you if there would be security problems with your account or device. Make sure you can also read that personal mailbox (e.g. on your smartphone) if your professional laptop is unusable and that the account of your private e-mail address is also sufficiently secured (e.g. with MFA).
Preferably work on a professional device managed by DICT with Intune, which is automatically well secured and allows you to log in smoothly and safely with your UGent account. However, good security does not mean you no longer have to watch what you are doing; you remain responsible for correct and safe use.
On a managed device where you yourself are the primary user, you are automatically given extensive rights, e.g. to install software yourself.
For security reasons, it is forbidden to let family members or others work with your professional device under your UGent account. On a managed device of which a UGent colleague is the primary user, or on a shared device (i.e. a device without a primary user), you can also log in and work with your UGent account, but only with ordinary user rights. Use for personal purposes of professional devices (including recreational and business use outside the UGent context) is allowed, on the understanding that you must then take the necessary care for correct and safe use yourself. DICT monitors the security status of Intune-managed devices and may take appropriate action where security requires it.
By BYOD devices of employees, we certainly mean not only smartphones or tablets, but also private desktops or laptops that are mainly for private use (i.e. for personal or recreational purposes), but are also occasionally used for professional work or teleworking. Since these devices are not managed by DICT, you yourself are responsible for the proper security of such devices.
Be well aware of the risks that BYOD devices can pose: a hacker can monitor all activities on an insufficiently secured device infected with malware and capture sensitive information without you even noticing. Your UGent account is also compromised in such a situation and can be misused on other UGent devices and UGent IT services. The hacker could potentially even further abuse your device to attack the entire UGent IT infrastructure.
Within the UGent buildings, you work on UGentNet, the IT network managed by DICT, via a wired network connection, or via a WiFi connection with Eduroam.
When teleworking, you use a network that is not managed by DICT (a home network, a 3G, 4G or 5G mobile Internet connection, ...) Be careful when working on location via a public WiFi hotspot or via another unknown network. Hackers can intercept and abuse data traffic over an insufficiently secure network quite easily. When in doubt, set up a UGent VPN connection.
With a UGent VPN ("Virtual Private Network") connection, your device is (virtually) in the UGentNet via a secure (encrypted) channel.
DICT recommends its own data storage service (storage) for all UGent professional data. The security and availability of data on the central infrastructure is guaranteed by DICT's specialists. Besides protection against unwanted access, the data are also protected against unwanted changes or loss by means of various back-up scenarios.
Keep your data management in order and, for your well-defined use-case, make correct use of the various options DICT supports: OneDrive-for-Business, central storage (with personal disk space and shares), HPC storage, ... Avoid working with local copies of data that are only stored locally on a device (desktop or laptop).
If, exceptionally, you do telework with a device that is not managed by DICT or yourself, make sure that no local copies of professional data end up on such a device and certainly no personal or other confidential information.
For data storage in research projects, get advice from DOZA's data stewards if necessary.
DICT ensures the security and regulatory compliance (e.g. licence conditions, protection of personal data under AVG/GDPR, etc.) of all software it offers.
DICT recommends working with software offered and supported by DICT, both cloud applications such as Microsoft 365, Sharepoint online, Teams, UFora, Successfactors, ... and applications hosted within UGent's data centres (e.g. OASIS, Gismo, Athena, ...).
Preferably use locally installed software on a professional device managed by DICT with Intune (see the available software on the Company Portal).
Please note that you are always responsible yourself for correct and safe use of software applications. For example, do not open questionable links or files sent to you in your mail client. This applies not only on your own devices but e.g. also on Athena. In this way, you reduce the risk of malware infections on your own and central IT infrastructure.
Do not store confidential information on cloud services with data storage outside the EEA (i.e. the EU, Liechtenstein, Norway and Iceland).
Personal data should also not be stored on cloud services with data storage outside the EEA, unless it has at least been pseudonymised in a secure and reliable manner. If pseudonymisation is not possible, the data must be securely encrypted beforehand. If the data is pseudonymised beforehand, the key file must not be stored on a cloud service with data storage outside the EEA, unless that key file has been securely encrypted beforehand.
For pseudonymisation in research projects, get advice from DOZA's data stewards if necessary and check out the following research tip.
For Microsoft 365 (OneDrive-for-Business included), UGent guarantees that the data is stored within the EU. Partly for this reason, DICT recommends Microsoft 365 for processing personal data and confidential information at UGent.