News

Cyber Security matters – #3 unique passwords and using your Sussex email account safely

Posted on behalf of: The Better Sussex Team

Last updated: Monday, 22 April 2024

As part of our Cyber Security awareness campaign, we’re covering a new and important topic each month to help boost your knowledge and keep you and the University safe and secure. 

This month, we focus on using unique passwords and why it’s so important to use your University account for work purposes only.

Using your Sussex email account for non-work activity

We know, it can sometimes feel more convenient to use your Sussex email address to sign up for non-work accounts like Amazon or Spotify, but please don’t do it!

Each time you use your Sussex email address for a non-work activity, you increase the chances that your email details could be compromised.

For context, in January 2024, 155 Sussex email addresses were involved in third party compromises and in February this figure increased to 743. 

Why is a unique password important? 

Using a strong ‘unique’ password for your Sussex email account that you don’t use anywhere else is critically important to help protect you, your work and the University.

Whilst using your Sussex email address to sign up for a third-party account is problematic in itself, using your Sussex password too gives a hacker everything they need to access your Sussex account immediately.

And the more you use the same password, the greater the risk that cyber criminals could access and take advantage of several of your work or personal accounts in one go.

You can find guidance on setting up a strong password on our webpages.

Case files - a real world example

Research conducted in March 2021 by the National Cyber Security Centre (NCSC) found that 15% of the UK population used pets' names,14% use a family member's name, and 13% pick a memorable date when choosing an online password.

NCSC Communications Director Nicola Hudson notes: “using your pet's name as a password could make you an easy target for callous cyber-criminals." The same applies to family names and birthdays which can also be found easily online by cyber criminals searching through social media.

Using a password that can be easily cracked is a big problem, but what can make things even worse is using the same password across multiple accounts.

A 2021 survey conducted by PC Magazine in the United States found that 70% of respondents admitted to using the same password for more than one of their online accounts and 21% of those surveyed admitted to using the same password for all their online accounts.

This means of course that when a cybercriminal gets your password for one of your accounts, they now have your password for everything.

Source: PCMAG.COM, BBC News

How can I minimise these risks?  

When we talk about cyber threats like this, it can feel a bit overwhelming, but as ever, following a few simple rules can help to keep everyone safe and secure.

Use your Sussex email account for work related activities only
Use different passwords for all your accounts
Where possible, enable multi factor authentication on your accounts
If you suspect your email account has been compromised report to IT Services - please don’t be embarrassed or worried, it can happen to any of us.

How to learn more  

Each month, to support these articles, we’ll be releasing a matching bitesize training via Proofpoint, our online learning platform. This month’s training will arrive in your inbox on Tuesday 23 April.

Back to news list

Contact

Contact the School office: lps@sussex.ac.uk.