Skip to main content

IT security

Everybody at Birkbeck - staff, students, visitors and all users of our systems - must work together to ensure the safety and security of IT systems and the data we are entrusted with. 

Find out how you can protect the data of our users

Protect your ITS user account

  • Never, ever share your username or password with anyone. 
  • Ensure your password is strong; as a minimum your password should be 10 characters in length and contain a mixture of letters (upper and lowercase) and numbers.
  • Only use your password to log in to services that you are sure are provided by Birkbeck. If you are in any doubt, check first by contacting us:

multi-factor authentication (Mfa)

  • Birkbeck uses Microsoft Multi-factor Authentication (MFA) to provide an additional layer of security on top of your username and password when you access College resources online. Once set up it is easy to use and provides increased protection from cyber-attacks.
  • MFA works by asking you to verify who you are when signing in. This can be done using a mobile app, text message or phone call.
  • From July 2021, MFA verification will be required when logging in to Microsoft 365. MFA will then be applied to the Virtual Private Network (VPN) in early August. Other systems, including Moodle and My Birkbeck will follow in due course.
  • All students are required to register for MFA. Information and instructions on how to register are available on IT Knowledge @ Birkbeck (requires login with your Birkbeck email address and IT password)

Beware of fraudulent emails (phishing)

  • Birkbeck staff and students may receive phishing emails, in which criminals attempt to obtain personal and financial information by posing as a legitimate email sender and asking for your username and password
  • A large number of these are caught by anti-virus and anti-spam software, but some get through. 
  • These scams may look like legitimate Birkbeck emails from departments such as ITS or the Registry, or from individuals at Birkbeck that you may know or you may not. You should also be wary of messages that seem to come from social networks (Facebook, Twitter, Instagram, LinkedIn), email service providers (Gmail, Hotmail), web services (Outlook, Microsoft) and from retailers (Apple, etc).
  • Fraudulent emails: 
    • will ask for your username and password and/or your financial details 
    • are usually anonymous (ie they don't include a person's name or contact details) 
    • often contain terms or language that you would not associate with Birkbeck 
    • often demand an urgent response 
    • haven't come from a legitimate Birkbeck account (click reply and see if the reply-to email is a Birkbeck one) 
    • contain embedded web links that are not on the Birkbeck website (float over the link without clicking on it to check the web address)
  • Trusted external links: official Birkbeck emails may contain external links for the following services: 
  • If in doubt, or if you have been the victim of a phishing scam, please contact us:

Bulk emailing 

  • Emails sent to groups of recipients should originate from our corporate systems, or be sent to distribution lists. 
  • If you have to send emails from outside of a corporate system, and an appropriate distribution list does not exist, please follow this advice within Outlook: 
    • enter multiple email addresses in the BCC (blind carbon copy) field, as this will hide everybody's email address and avoid reply-all email chains 
    • send bulk emails from a verifiable College email account 
    • provide a named College contact, so recipients will know the email message is genuine 
    • choose a subject that clearly defines the purpose of the email 
    • take care in composing and checking the accuracy of the message content and recipient list 
    • provide an opt-out option for marketing emails, even after recipients have opted in. Student opt-outs are recorded on My Birkbeck 
    • do not send unsolicited marketing mailings. For those who have opted in, always acquire a fresh list sourced from corporate data (interests mailing lists), which will exclude those who have opted out of marketing communications 
    • avoid sending attachments in bulk email. If you must share a document, upload it to a Birkbeck-hosted web page and link to it 
    • avoid links to third-party websites.
  • If you use Campaign Monitor to send bulk emails, in order to protect the data of recipients, you must download email addresses from the relevant Birkbeck interest (mailing list) immediately before you send each email, and delete the list from Campaign Monitor immediately after. Do not use MailChimp.

Security tips for using public PCs (including library, teaching and workstation rooms)

  • Never share your log-in details with anyone.
  • Always log off when you are finished or have to leave the PC unattended.
  • Be wary of ‘helpful’ people you don’t know giving you advice about using the computer - never give them your log-in and password.
  • Avoid entering sensitive information onto a public computer and be aware who is watching you and the screen.
  • Do not try to install any programs or applications on public PCs.
  • Do not run programs and applications if you don’t know what they are or where they have come from. Don’t run word processor or spreadsheet macros if you don’t know what they are for, and don’t edit documents you have downloaded from the internet unless you are sure of their content.

Back-up advice

  • Data stored on your local device may be at risk of loss. Regularly backing up your data (such as your assignments and other work) will ensure you have more than one copy if something goes wrong.
  • We recommend storing your data on your Birkbeck Microsoft OneDrive (part of Microsoft 365) cloud storage which is automatically backed up regularly.
  • Do not rely on USB memory sticks as your only source of back-up. They can be easily lost or stolen.