News and Updates

News and Updates

Stay current with university alerts, global cybersecurity trends, policy changes and upcoming awareness campaigns.
News and Updates

Stay current with university alerts, global cybersecurity trends, policy changes and upcoming awareness campaigns.
News and Updates

Stay current with university alerts, global cybersecurity trends, policy changes and upcoming awareness campaigns.

Launching Week of 26 January: System Administration & Information Access Control Policies

IMP 06 – System Administration

This policy sets clear expectations for managing University systems securely and effectively. It requires systems to meet policy standards and have documented operating procedures. Administrators must maintain confidentiality, integrity, and availability by applying timely patches and conducting vulnerability tests. Systems must be registered, assessed for criticality, and supported by disaster recovery and continuity plans. Incident response must be prompt, with security issues reported to the CISO. Regular testing of backups, monitoring of logs, and secure configurations are essential to ensure resilience and compliance.

IMP 08 – Information Access Control

This policy governs how University information and systems are accessed to protect sensitive data and maintain security. Access is permitted only through approved devices with strong passwords, encryption, and up-to-date software, while elevated privileges require enhanced authentication. Devices that do not meet security standards are blocked. Access rights are role-based, reviewed regularly, and logged. Physical security measures include ID card access and surveillance, and ID cards must be worn visibly, reported if lost, and replaced promptly. University credentials must never be reused externally, and classified data must always be secured.

The publication of the Policies forms part of the ongoing development of the Information Management Policy Framework (IMPF)Link opens in a new window at the University lead by the Information Risk and Compliance team.

New Look for University Sign-In Pages: What’s Changing and Why

The change is part of a wider implementation of organisation branding within our Microsoft Entra ID system. This means that when you sign in to services like Microsoft 365, My Apps, or use features like Self-Service Password Reset (SSPR) and Multi-Factor Authentication (MFA), you’ll now see a refreshed interface that reflects our university’s identity.

What's New?

University of Warwick logo displayed prominently at the top of the sign-in box.
A modern, colourful background featuring abstract art and people interacting—designed to be welcoming and visually engaging.
Clear prompts for entering your credentials and resetting your password.
A reminder that by signing in, you agree to the Information Management Policy Framework.

Here's a preview of what the new sign in page will look like Why this matters?

If you have any questions or feedback about the new sign-in experience, feel free to get in touch with the Information Security team.

Why You Shouldn’t Enable Anthropic in Microsoft Copilot - A Security Perspective

As part of our commitment to secure and responsible use of AI tools across the university, we want to highlight a recent advisory from Jisc’s National Centre for AILink opens in a new window. Jisc provides us with expert support on digital infrastructure and cybersecurity, and their latest guidance is clear: Do not enable Anthropic’s Claude models in Microsoft Copilot 365.

What's Changing

Microsoft has introduced Anthropic’s Claude models into Copilot 365, specifically within the Researcher agent and Copilot Studio. While this may seem like a welcome expansion of AI capabilities, enabling Anthropic comes with significant data protection and compliance risks.

What You Lose When You Enable Anthropic

According to Jisc, turning on Anthropic means your data:

Leaves Microsoft’s secure environment
Is no longer covered by Microsoft’s audit and compliance controls
Does not benefit from Microsoft’s data residency guarantees
Is excluded from Microsoft’s Customer Copyright Commitment
Is not protected by Microsoft’s service level agreements (SLAs)

Instead, your data is governed by Anthropic’s own commercial terms and data processing agreements, which have not yet been fully analysed by Jisc for risk.

Why This Matters

Microsoft has built trust in Copilot by ensuring data is processed securely within its enterprise environment. Enabling Anthropic undermines that trust and introduces ambiguity into our messaging around AI safety. As Jisc puts it:

“Copilot 365 can still be safe and secure, as long as you do not enable the Anthropic option.”

This is especially critical for us in higher education, where data governance, compliance with the ICO’s 72-hour breach notification rule, and protection of personal data are non-negotiable.

Our Position

We strongly advise not enabling Anthropic in Microsoft Copilot until further security assurances are provided. We will continue to monitor updates from Jisc and Microsoft and share any changes that affect our institutional risk posture.

Tue 30 Sept 2025, 18:44|

Information Security Risk and Compliance Blog

For advice regarding cybersecurity, please contact

informationsecurity@warwick.ac.uk

Get in touch

If you'd like to submit an article for the blog or suggest discussion topics, please contact us:

informationsecurity@warwick.ac.uk