Iron Rule 3 | Adopt a Layered Approach

Protect your Data and Devices

This page contains info on how to protect your data and devices from a variety of threats.

Did you know...

If your computer is infected with malware, it could become a ‘zombie’ (botnet) that sends out spam, distributes malware to other victims, and/or launches anonymous attacks over the net?

Additionally, if your devices, including laptops, tablets and/or smart phones, are used to connect to LSE emails or the LSE remote desktop, then LSE data would be at risk if your device is compromised.    

The loss of School data could cause LSE reputational damage, lead to fines, and result in the cancellation of or failure to win research contracts. 

How to protect your data and devices

As of November 2021, the LSE has updated its password policy.  Our new requirements mean both staff and students need to update their existing password to meet the new standard.

New passwords must now be at least 15 characters and include any 3 of the following:

  • Uppercase letters of the European languages
    i.e. A through to Z, with diacritic marks, Greek and Cyrillic characters
  • Lowercase letters of European languages
    i.e. a through to z, sharp-s, with diacritic marks, Greek and Cyrillic characters.
  • Base 10 digits
    i.e. numbers 0 through to 9
  • Non-alphanumeric characters
    i.e. special characters: (~!@#%^&*_-+=`|\(){}[]:;"'<>,.?/)
    N.B Please avoid any currency symbols such as the Euro and British Pound, because LSE MyView does not accept passwords with currency symbols

You cannot include:

  • Your LSE username
    i.e. if your username is jsmith1, your new password cannot include this string of characters however, you can still use individual letters or numbers from it to form your password.
  • Your name or part of your name (e.g. if hypenated)
    i.e. if your name is James Smith-Jones, your new password cannot include "James", "Smith" or "Jones" as a string of characters however, you can still use individual letters or numbers from them to form your password.

Keeping passwords strong and secure

See here for guidance on how to change your password and below for tips on keeping passwords strong and secure: 

Creating stronger passwords

Complex passwords can be difficult to create, so try using a random password generator

  • LastPass offers a free online password generator. Change the settings to match the LSE Password Policy and build a new password like QRQ2WFvXu*H&S!6, qB^4UmMFdQ&PXnn, or S^zZf%Vd@Zuu%d!
  • Use initial letters of an easily remembered phrase: ‘The Red Fox Jumps over the Lazy Dog!’ becomes ‘TRFJotLD!’; add some numbers and special characters and you've made your password more complex.

NCSC advises the Three Random Words strategy to create a truly unique & memorable password.

  • Look around and pick three things, or think of three verbs, adjectives, etc. Then add numbers & special characters (excluding currency symbols) to meet LSE's Password Policy
  • For more information, see NCSC's thoughtful blog post on the subject:

Password management tools

Although an understandable habit, using the same passwords across multiple online services creates better chances for cybercriminals to steal your information.  

It’s fairly easy these days to have dozens of online accounts – if your credentials for one of these are exposed, it is possible all of your data will be at risk.

password management tool generates all of the complex passwords for you, with the only one you need to remember being the master password.   

Acting as the encryption key to lock the others, your master password should be at least 12 characters, strong and complex.

See here for a list of generally recognised password management tools.

How to keep information safe

Set up the Microsoft Authenticator App as you primary MFA method

  • Multi-factor authentication works by sending an additional notification to you to confirm a recent login: 
  • MFA was turned on for all students in early 2020 and all staff by the end of 2021. 
  • Coupled with greater user awareness, the number of compromised LSE accounts decreased 86% between 2019 to 2021!
  • Use the Microsoft Authenticator App as your primary method of MFA. SMS or voice calls should be set as your secondary method, because they are more prone to be intercepted by a bad actor. Please follow these instructions from LSE to set up the app on your phone
  • New phone? Lost/stolen device? Check your Microsoft Security Info settings to add or remove an MFA method. Contact if you need support

Stop would-be-hackers with a software firewall 

Keep personal data theft at bay by installing an anti-virus software program 

Keeping your personal data safe involves regular device maintenance  

  • Updating your device's operating system to the latest version strengthens it against malware, ransomware, and other security risks. 
  • For Windows, go to your control panel and check for 'Windows Update' 
  • For iOS, check 'About this Mac' to see if you have the most up-to-date version iOS. If not, you can always download it from the App Store 
  • The same applies to software updates.  
  • LSE recommends updating your internet browsers (Google Chrome, Safari, etc.), Java, and all Adobe applications 

Encryption for devices and files 

For PCs

  • For device encryption, we recommend BitLocker which is a built in encryption tool
  • To turn on BitLocker, go to Settings > Privacy & Security > Device Encryption > BitLocker drive encryption
  • For more information, please click here
  • For individual files encryption, we recommend Axcrypt or 7zip
  • 7zip is free to download for all users and is compatible with PC and Mac users. 

For Macs

  • For device encryption, we recommend using FileVault 
  • To turn on FileVault, choose Apple Menu > System Preferences > Security and Privacy > File Vault
  • For more information, please click here.
  • For individual file encryption, we recommend using 7zip or MEO encryption
  • 7zip is free to download for all users and is compatible with PC and Mac users 

Please remember to store your encryption keys in a password manager and store it safely as the file will be unusable once you forget your encryption keys.

For detailed information, please visit LSE's Encryption Guidelines

LSE Phishing LSE Phishing
LSE Phishing Anne Hewitt, Charlie White