University of Derby

IT Knowledge Base

⚙️ Check System Availabiliy

Keeping Partner Devices Secure and Up to Date

Purpose

This article sets out the University’s expectations for partner organisations to ensure that computers, tablets and phones used to access University systems or information are kept secure and up to date.

These requirements apply to partner-owned devices used by partner staff including partners, external examiners and agents, whether working on University premises or remotely.

If your organisation already holds the UK Government backed Cyber Essentials or Cyber Essentials Plus certification, these requirements should already be met as part of your existing controls.

Why this is important

Universities are increasingly targeted through supply-chain and partner relationships. Many cyber incidents exploit known weaknesses in software that already have security updates available.

Out-of-date or poorly secured devices increase the risk of:
• unauthorised access to University systems and data
• malware or ransomware infections
• account compromise, fraud or data loss
• disruption to teaching, research and services

Maintaining up-to-date devices and basic security controls protects both University data and your organisation’s own information.

Alignment with Cyber Essentials

The expectations in this article are aligned with the UK Cyber Essentials scheme, which sets a baseline for protecting against common cyber attacks.

If your organisation already holds Cyber Essentials, you should already:
• use supported operating systems and software
• apply security updates in a timely manner, ideally 14 days
• protect devices with malware protection and firewalls
• encrypt devices and control access

Partners who do not currently hold Cyber Essentials are expected to meet these same baseline controls for any device used to access University systems.

Core security requirements for partner devices

All partner-owned devices used to access University systems should meet the following requirements:

• the operating system is supported by the manufacturer and fully up to date
• applications and browsers are kept up to date
• the device locks automatically when not in use
• malware protection is enabled and kept up to date
• full-disk encryption is enabled
• a firewall is enabled where supported

Keeping operating systems up to date

Windows 11

Windows 11 includes automatic security updates by default.

How to check and install updates:
• Open Settings
• Select Windows Update
• Select Check for updates
• Install any pending updates and restart if prompted

Microsoft guidance

macOS

Apple regularly releases security updates for macOS.

How to check and install updates:
• Open System Settings
• Select General
• Select Software Update
• Install all available updates

Apple guidance

iPadOS and iOS (iPad and iPhone)

Apple provides updates directly for iPhones and iPads.

How to check and install updates:
• Open Settings
• Select General
• Select Software Update
• Install the latest available update

Apple guidance

Android

Android updates are provided by Google and device manufacturers.

How to check and install updates:
• Open Settings
• Select Security and privacy or About phone
• Select Software updates
• Install any available updates

Google guidance

Keeping applications up to date

Applications such as browsers, email clients and collaboration tools are common targets for attack.

Partners should ensure:
• automatic updates are enabled wherever possible
• browsers such as Edge, Chrome, Safari or Firefox are kept up to date
• productivity apps (e.g. Microsoft Outlook, Teams, Office apps) are updated
• unused or unsupported applications are removed

Browser guidance

Microsoft app guidance

Apple App Store updates

Google Android Play updates:

Enabling basic security controls

Device locking

Devices must lock automatically when not in use.

Good practice:
• use a strong password, PIN, fingerprint or face recognition
• set automatic screen lock after a short period of inactivity

Malware protection

Malware protection should be enabled and kept up to date.

Good practice:
• Windows: ensure Microsoft Defender or equivalent is enabled
• macOS: keep built-in protections enabled and the OS up to date
• Android and iOS: install apps only from official app stores

Microsoft Defender guidance

Encryption

Encryption protects data if a device is lost or stolen.

Good practice:
• Windows: enable Device Encryption or BitLocker
• macOS: enable FileVault
• iOS and iPadOS: encryption is enabled automatically when a passcode is set
• Android: ensure device encryption is enabled

Microsoft BitLocker

Apple FileVault

Assurance and support

Partners may be asked to confirm compliance with these requirements or to provide assurance as part of contractual or information governance processes.

If your organisation already holds Cyber Essentials certification, this may be used as evidence of compliance.

If you are unsure whether your devices meet these requirements, please refer to the guidance above or contact your organisation’s IT support team.