The advice on this page helps UGent students to correctly and securely deal with the IT resources and data they use for their studies, both inside the UGent buildings and network, and outside.
Note: IT security at UGent is constantly evolving, so these advices are still being updated.
Working safely with UGent IT resources and data is important for every student. Not only to be able to carry out their own study-related activities correctly and safely, but also because local IT security problems can have serious negative consequences for other UGent staff members and the university's entire IT infrastructure.
We distinguish between:
- Study-related IT activities with a device you manage yourself, such as a personal laptop or desktop PC: the "Bring Your Own Device" (BYOD) concept. You must adequately secure such a device yourself.
- Study-related IT activities with another device: this is not advisable for security reasons unless you have sufficient guarantees that the device is properly and reliably secured.
You yourself always bear an important co-responsibility for handling UGent information securely. Therefore, think about the risk content of the data you work with, especially if you work with personal data or other confidential information, for example in a project for your master's thesis. Even if you are working with applications managed by DICT, it is necessary to use common sense to assess possible risks. Depending on the risk content of the data, additional technical measures such as encryption of the data may still be appropriate.
If in doubt, seek advice, for example from your study supervisor, from a local IT administrator in your area, or from DICT's IT specialists (via the DICT helpdesk).
Inform the DICT helpdesk as soon as possible if you suspect that your account or device has been hacked or any other IT security incident, and follow the instructions you are given.
Also inform the DICT helpdesk as soon as possible if a data breach is suspected, in which personal data or other confidential information or other important data may have fallen into the wrong hands.
Take care of your UGent account
Take care of your UGent account and your login and multifactor authentication (MFA) details.
- Use a strong password, in accordance with UGent's password policy.
- Keep your UGent password strictly confidential, and never use your UGent password for other, external services.
- Change your password as soon as it is suspected that your password has been leaked or compromised.
- Do not let anyone work under your personal account.
- Never give login details of your UGent account to others, including those you trust.
- Avoid storing passwords in readable form on your device or elsewhere.
- Avoid using the 'remember passwords' function of browsers, use a reliable password manager instead.
- Do not send passwords by e-mail
- Don't just leave your devices unattended. Lock the device or log out, even if you are only away from the device for a short time.
- Remember to log out after using a public or shared device.
DICT actively tracks suspicious login activity and takes measures to prevent or stop hacking of UGent accounts and devices. You may be asked to change your UGent password. In the event of sufficiently serious indications, DICT may also temporarily block your UGent account. You will be informed to the extent possible.
So be sure that your private e-mail address, registered in Oasis, is up to date and that its account is also sufficiently secured (e.g. with MFA).
Work on a well-secured device
By student BYOD devices, we primarily mean the laptops students use for their studies. Other examples include the personal smartphone or tablet, or a desktop at home. Generally, all these devices are also used for private activities, i.e. for personal or recreational purposes.
The responsibility for the security of such a BYOD device is entirely in the hands of the student. As a student, be well aware of the risks that BYOD devices can pose: a hacker can monitor all activities on an insufficiently secured device infected with malware, and can capture sensitive information without you even noticing. Your UGent account is also compromised in such a situation and can be misused on other UGent devices and UGent IT services. The hacker could possibly even further abuse your device to attack the entire UGent IT infrastructure.
Minimum security measures you should take on your BYOD device:
- Make sure your device's operating system is and remains fully up-to-date.
- Make sure all installed applications are and remain up-to-date.
- Do not install applications downloaded from the internet or sent via email without security guarantees. This way you avoid infections with viruses or malware.
- Use professional anti-malware (antivirus) software with the latest updates.
- Secure logging in to your BYOD system with a password, PIN or other secure alternative.
- Set a security PIN on tablets and smartphones at the minimum.
- Make sure locally stored data is encrypted (e.g. with Bitlocker on Windows and FileVault on macOS)
- If fellow students, family members or others use the same BYOD device, this should not be done under the same account as the one you use for study at UGent. Create an additional local account for them without extra rights.
Work via a reliable network
On the UGent campuses, you work on UGentNet, the IT network managed by DICT, via a WiFi connection with Eduroam.
Off campus, you use a network that is not managed by DICT (a home network, mobile internet connection, etc.). Be careful when working via a public WiFi hotspot or any other unknown network. Hackers can intercept and abuse data traffic over an insufficiently secured network quite easily. When in doubt, set up a UGent VPN connection.
With a UGent VPN ("Virtual Private Network") connection, your device is (virtually) in the UGentNet via a secure (encrypted) channel.
Stay alert and be sufficiently aware of common IT security risks
- Do not get caught by phishing: do not accept suspicious invitations to reveal confidential data. Phishing e-mails are the main primary cause of IT security incidents.
- Only enter your UGent login and password in known, trusted applications and only via the known, trusted central Microsoft-based UGent login service.
- Your UGent account is secured with multifactor authentication (MFA). Use the MFA with discipline, giving your second approval only if you are actually going to log in to a trusted application.
- Do not open e-mail attachments that you do not fully trust, and certainly not executable files. You could infect your device with malware (virus, spyware, ransomware, etc.).
Use the data storage service offered by DICT
DICT recommends using the data storage service offered by DICT for your study-related activities. The security and availability of data on the central infrastructure is guaranteed by DICT's specialists. Besides protection against unwanted access, data is also protected against unwanted change or loss through various back-up scenarios.
Keep your data management in order and, for your well-defined use-case, make correct use of the various options DICT supports: OneDrive-for-Business, central storage (with personal disk space and shares), HPC storage, … Avoid working with local copies of data that are only stored locally on a device (desktop or laptop).
If, exceptionally, you do work with a device that is not under your own or DICT's control, ensure that no local copies of important data end up on such a device, and certainly no personal or confidential information.
Use software offered and supported by DICT
DICT ensures the security and regulatory compliance (e.g. licensing conditions, protection of personal data under AVG/GDPR, etc.) of all software it offers. DICT recommends working with the applications offered and supported by DICT, both the cloud applications such as UFora, Microsoft 365, Sharepoint online and Teams, and the applications hosted within the UGent data centres (e.g. OASIS, Athena,...).
Install other software yourself
- Only install software you need on your laptop or desktop.
- Remove software and apps you never use.
- Be aware of the risks that unknown or cracked software may carry. So prefer not to install software you have downloaded from the internet without security guarantees.
- Always respect licence terms and certainly do not use fabricated or stolen licence codes.
Personal data and confidential info on cloud services
Do not store confidential information on cloud services with data storage outside the EEA (i.e. the EU, Liechtenstein, Norway and Iceland).
Personal data should also not be stored on cloud services with data storage outside the EEA, unless it has at least been pseudonymised in a secure and reliable manner. If pseudonymisation is not possible, the data must be securely encrypted beforehand. If the data is pseudonymised beforehand, the key file may not be stored on a cloud service with data storage outside the EEA, unless that key file has been securely encrypted beforehand.
For Microsoft 365 (OneDrive-for-Business included), UGent has the guarantee that the data is stored within the EU. DICT therefore recommends Microsoft 365 for the processing of study-related personal data and confidential information at UGent.