Advice about keeping your computer, data and identity safe.
Visit our Self Help pages on more advice about Your IT Account Password.
SANS Institute Security Awareness Tip of the Day.
Get Safe Online - including advice about using Facebook and other social networking sites safely.
If you are concerned that your device might have an infection, free scanning tools are available such as Malwarebytes.
Phishing is an internet/email scam to get someone to disclose their private username and password or their financial details. Criminals are looking for cash and want to steal your identity. The most common type is an email asking you to send your username and password to an unknown recipient.
IT Services at the University never ask for your IT Account password, so never send your password to anyone.
Phishing attacks are on the increase and becoming more sophisticated so they look reasonable and genuine, including company logos and personalisation.
As soon as you divulge your password and username a number of phishers will start looking through your emails. They are searching for personal data, bank details or financial account login details. In an attack at the University, thirty five criminals from across the globe accessed an account within minutes of the victim revealing password details.
If you realise that you’ve given your IT Account username and password away, contact the IT Service Desk as soon as possible on 01902 32 2000 or internally on ext. 2000. Your account will be immediately disabled to reduce the damage to your account.
If you've given out personal financial information, have a look at the advice on the Anti-Phishing Working Group site.
The University experiences phishing attacks on a daily basis. If a malicious webpage is identified IT Services will prevent access to the page for users within the university. Please be aware the security settings will not prevent you from accessing a malicious webpage if you are outside the university.
If you believe a picture tells a thousand words and maybe find IT Security advice dry and uninspiring take two minutes at http://www.securitycartoon.com/ which will give you good IT Security advice but with pictures!
It can be easy to download, copy and share software, music, film, video and information from the Internet, but it is illegal if the material is copyright. It is also a breach of the University ICT Acceptable Use Policy if you break copyright when using the University’s IT network.
Misuse of the network may lead to disciplinary proceedings and may even result in formal legal action through the criminal courts.
If you connect your computer, phone or other electronic device to the University's IT network you should:
P2P applications such as BitTorrent, BearShare,Vuze, Morpheus, iMesh and Lucky Wire, allow you to share files e.g. music, movies and software with other people over the Internet but they also make it easy for you to break the law. You could be sharing copyright-protected files without knowing it. More about the risks from OnGuard Online.
Commercial organisations actively monitor internet file sharing activity and are able to trace file sharing and downloads to an individual PC/network connection. If a copyright infringement is traced to a PC connected to the University network disciplinary action will be taken.
To help protect yourself, we recommend that you follow this advice:
P2P Terminator is a free download. This allows you to turn file sharing on and off with a mouse click, so you can disable file-sharing while on campus. If you install this software, be aware that:
The University's ICT Acceptable Use Policy states that you should not illegally share copyrighted material over the University’s IT network. This includes email, web pages, ftp, Hotline, IRC and peer-to-peer file sharing. It applies to both University owned computers as well as your personal laptop and other electronic devices.
All types of media are subject to copyright including books, film, music, software and pictures. If you use, download or publish any of these media types it is your responsibility to ensure that you have the legal right to use the media in that way.
The University has a responsibility both under criminal law and to comply with the JANET Acceptable Use Policy to take action to prevent illegal behaviour and enforce penalties against individuals who breach copyright.
Infringements of copyright, unauthorised distribution and illegal downloading fall within the Archive: Student Code of Conduct and Disciplinary Procedure - September 2014 and action will be taken as follows:
In addition to the University’s disciplinary procedure, there are several criminal and civil legislative penalties that the individual can incur including:
Botnets are a collection of computers which are connected to a central server; the central server controls the botnets to perform a series of illegal activities. The term botnet is derived from robot; a network of robot computers = ‘botnet’.
Botnets can be used for several purposes such as:
However, their most damaging use is theft of personal financial information. This includes the theft of credit card numbers, bank account passwords and PayPal passwords.
Botnet malware can arrive packaged within Peer2Peer downloads of music or films, free software downloads or malware infections passed by USB stick. You don't necessarily know that your computer is infected and standard anti-virus packages won't always detect them.
The University may receive reports that your device is infected with Malware from external monitoring agencies. If this is the case, when attempting to log on to the network you will be directed to Removing malware infections page notifying you of the infection and giving you details/links on how best to remove it.
Once your device is clean, you will need to contact the IT Service Desk to re-enable network access for your device.
There are free tools that you can use to check and clean up your computer.
One of these is EU-Cleaner, which will detect and remove malicious files.
Staff often travel with their University laptops and may connect to wireless networks in cafes, pubs, libraries, airports and hotels. All these places offer convenient and fast access. BUT, every one of these has the potential to expose staff to security breaches while using their laptop.
The following tips will help keep your laptop and data safe when you’re travelling:
IT Services have recently enhanced the maintenance process for standard University Windows laptops. There are now improved anti virus and software patch management systems which keep your laptop in a secure state and ensure you have the latest updates from any Internet connection.
However, to make absolutely sure that you have the latest updates installed:
If you are travelling to a destination which you believe may pose a substantial risk of hacking to your laptop then contact the IT Service Desk on ext. 2000 (01902-32 2000) to check that your laptop is up to date with security software.
In public areas such as airports, there are usually several “Free” Wi-Fi access points that will be discovered automatically by your laptop. Select your network carefully by choosing a name that’s recognisable or a well-known commercial provider. The security features of different networks appear along with the network name. If you have a choice, always select a security-enabled network, so your data is protected by encryption when transmitting between your laptop and the Wi-Fi access point.
Keep your laptop with you at all times, preferably in a bag that doesn’t advertise the fact that it’s a laptop! When you arrive, store your laptop securely, out of sight of casual passers-by. Try the online quiz to find out if your laptop’s in safe hands.
The use of P2P file sharing software on your laptop presents a severe security risk so its use on University laptops is expressly forbidden and is a breach of the ICT Acceptable Use Policy. P2P software can change the security settings on your folders to make them, and the data inside them, accessible by anyone from anywhere. If you have any queries about this, please contact the IT Service Desk.
Remember that email is not a safe method of sending sensitive data.
Very sensitive data is any data which identifies individuals. This can be student course results, staff personal data or financial data with personal identifiers such as National Insurance or credit card numbers. Be mindful that any files in your personal file store (My Documents folder) are stored on your laptop, which although protected by your username and password, could easily be hacked into if it were lost or stolen. If it is absolutely essential that you access very sensitive data while off campus, an option is to store the data on a secure USB stick.
Please contact the IT Service Desk for advice about these.