Skip to content
Skip to navigation menu
18 March 2013
Whilst preparing for the launch of the Cardiff People Programme many questions have been raised around online security. This is particularly important when staff consider they will have access to HR and payroll information via the online system that they haven't been able to access historically. Here staff from Governance and Compliance – Information Security Programme and Information Services remind us of the importance of online security in all aspects of daily lives.
Your banking details? Access to your email account? Photos, music or documents you wouldn’t want to lose? How about access to your absence record and appraisals?
In a phased roll out starting later this month Cardiff People will make it possible for you, from any web enabled device, to access your personal HR record including the capability to view:
This sort of functionality is a real benefit for staff in the University, but would you want someone else to be able to access your data without your consent or knowledge?
Hopefully it’s not one of the ones in the picture above.
Try putting your password into this SECURE password strength checker
If your password rating is anything less than strong, it could be cracked in seconds using a basic computer and software freely available on the Internet.
Read on for simple steps to set a strong memorable password and protect your information.
The Information Security Framework Programme previously featured in Blas has been set up to deliver improvements to the security of information held by the University.
How you behave when choosing a password and in keeping it secret is critical when it comes to protecting the security of data held at the University, as well as for your other online services.
The image at the top of this article shows the 1000 most frequently used passwords found in the leaked password databases available online (largest font = most used).
As you can see, the passwords could easily be guessed without any password cracking software and evidence shows people often use the same passwords across multiple accounts. This means that once one account is compromised e.g. Facebook, the door may be open to your iTunes, LinkedIn, Amazon, Ebay, Paypal, Banking, Twitter, Email and other accounts.
See below for some simple do’s and don’ts for setting and remembering a strong password:
It is better to have a strong password you’ve written down and stored safely, than to have a weak password you can’t remember.
To change your password either press and hold down Ctrl, Alt and Delete on your keyboard and select the ‘Change Password’ menu option. Or visit http://portal.cardiff.ac.uk and select change password. You can also add security questions which will help make resetting your password safer and easier in the future.
Try adding letters from the site name at either end of your password e.g. If my password is ‘B0ri$thEc*t‘ then to make it unique but memorable, I add the first couple of letters of the site to the front of the password so: Amazon = AMB0ri$thEc*t, Work = WOB0ri$thEc*t, Ebay = EBB0ri$thEc*t
As well as a strong password you also need strong Security and Virus Protection. Whilst the University takes care of computers on campus, your personal computer and mobile devices are your responsibility to secure. To help you do this Cardiff University have made Anti-virus software available under a Cardiff University site license. This is available free of charge for staff and students only across Microsoft, Apple and Linux operating systems. Further information is available here or by contacting insrvConnect.
The page linked above also carries practical advice on securing and protecting home, laptop, student and campus computer systems. In addition you can check you are aware of the types of software based protection you should have as well as learn about the various and increasingly sophisticated scams which you may come across.
REMEMBER - No matter how strong your password, if you put it into a fraudulent website having fallen for a phishing email you’re hacked!
The INSRV IT Security Team Wiki is also a goldmine of useful information on the sorts of topics listed below:
How not to get a virus, Protecting Sensitive Information on Laptops, Unencrypted Devices Pose ’Unnecessary Risk’ for Sensitive Data, Security of Laptop and PDAs, Computer Security and Virus Protection Guides, Stay Safe Online – University guidance pages, Protecting your smartphone, iPhone, Blackberry, Android and Windows phone.
While you're thinking about the security of your information, why not follow this link to the Information Security Framework Survey .
We're interested in hearing your views on information security at the University, it will only take you a few minutes to complete and you could win one of two £50 Amazon vouchers.
For information on the Information Security Framework Programme please contact Gareth Jenkins on 02920876844
If you experience problems with your password, please contact insrvConnect, the Information Services service desk, on (029) 2087 4487 or by email, insrvConnect@Cardiff.ac.uk
Sexism and sexual harassment
Tracing public opinion
Swansea Bay Tidal Lagoon
Sir David Attenborough delivers outstanding lecture
New University email for students
Stop the Press: Cardiff News is changing
Launch of the School of Healthcare Sciences
New Elected Officers
This is an externally hosted beta service offered by Google.