Skip to main content Skip to navigation

insite: our staff hub

Working securely: what we need to know and do

Our new working ‘normal’ contains some considerable challenges:

  • Our University-wide responsibilities for security and information management are demanding and we must be legally compliant
  • The scale and sophistication of criminal and malicious cyber-activity is increasing, exploiting current circumstances and uncertainties
  • Working away from campus increases our vulnerability and the complexity of measures we’re taking to safeguard our people and information.

We need to meet these challenges as an organisation and as individuals.

Devices: what do I need to do to work securely?

This depends on how you are currently working – there are several options:

On an IT Services managed device

If you are on an IT Services managed device, then we have already configured it to meet our minimum security standards. All you need to do to keep your device up-to-date and secure is remember to login using the VPN service once each week. Your device will automatically download and install the latest updates and security fixes.

How do I know if I’m using an IT Services managed device?

It is easy to check if you are using an IT Services managed device by following the instructions listed here.

On a departmentally managed device

You may be using a device that is managed by IT staff in your department – WMG and WBS are examples, but there may be others. IT Services will liaise with those teams directly and you will receive relevant instructions for your device.

On a self-managed device

If you are using a University issued or owned device (given to you or funded by your department or through your research funding) but it is not managed by IT Services or your departmental IT staff, then you have a self-managed device. This means you can install your own software, carry out administrative tasks etc.

What do I need to do?

In this case, we need you to enrol your device into our Device Security Service (previously referred to as InTune). This allows the University to ensure your device meets the same minimum security standards as managed devices – it will be registered with the service and checked for some basic security settings. You may get messages to adjust some settings or turn on some important features – encryption, firewall settings, anti-virus protection. Most instructions are quite straightforward, but things can be different from device to device, so detailed instructions on how to do this will be available.

We will be communicating exactly how to enrol self-managed devices separately in the coming days.

On a privately-owned device

Occasionally (but much more during the Covid-19 lockdown) colleagues have needed to use privately owned devices – family computers, personal computers and mobiles at home. While this can be very convenient, and tremendously helpful to keep us connected with work and colleagues, it does present a few more challenging security and privacy issues. Ideally, it is much better to keep personal and work activities and data completely separate – but that has not always been possible. However, the University is now in a position to be able to help with this challenge.

We will send out specific communications for users of private devices in the coming days – but the following provides an overview of how it will work.

Do you need a University issued device?

If you do regular work, or spend significant periods working on University activities, or you need to use the SITS or SAP clients frequently, then you may need a dedicated University owned and issued device. This would allow you (and your family) to keep work and personal activities and data completely separate. Please contact your Head of Department or departmental administrative team to find out if you can be issued with a University device.

What if I don’t need, or can’t use, a University issued device?

If you only do occasional University work on your devices, or perhaps don’t have the space for another computer – then it is still possible to use your privately-owned devices – just with some limitations.

Work via a Virtual Desktop Infrastructure

If you have to use a privately-owned device for University work, we will ask you to use something called a Virtual Desktop Infrastructure (a VDI). Essentially, this service creates a way for you to access a computer running inside the University from your personal device at home. Your personal device simply acts as a window or display, for that remote computer.

How will this work?

The remote computer takes commands from your keyboard and mouse, and sends back images to your monitor/display – just as if you were operating it from the same room.

You don’t need to download any software or change any settings on your own device – the service should work straight from one of your browser windows. In addition, all the data, information, messages, emails etc. you use on the remote computer – all your University activity – is kept separate from your personal device and cannot ‘leak’ out.

What are the limitations of a VDI?

At the moment it is not possible to reproduce the full SITS and SAP clients – but it is possible to perform most everyday tasks: email and calendar activities, access files and documents, use SuccessFactors and Tabula, use Office tools such as Excel, Word, Powerpoint; use Teams and SharePoint.

Detailed information on a VDI will follow shortly.

What if I have more than one device?

It may be that you have more than one device – and a combination of ITS/Departmental managed, self-managed and private devices.

For each device you will need to apply the relevant approach.

  • For ITS and departmental devices – simply follow occasional update messages from your support staff.
  • For each self-managed device – enrol it separately in to the Device Security Service.
  • For each privately owned device – use the VDI solution on each device.