IT Security

Advice about keeping your computer, data and identity safe.

Visit our Self Help pages on more advice about Your IT Account Password.

SANS Institute Security Awareness Tip of the Day.

Top tips to keep you safe online

  1. NEVER tell anyone your passwords
    It's vital not to disclose your password to anyone else. No University staff will ever ask you for your IT Account password
  2. Change your passwords often
    Choose secure passwords that you change regularly
  3. THINK before sharing your personal details
    There are risks of identity fraud and invasion of privacy whenever you give any personal details online.
  4. Beware of scam emails Phishing attacks are on the increase and becoming more sophisticated so it's easy to get caught out and give away personal details if you're not alert.
  5. Don't download or copy illegally
    Make sure you don't break the law by downloading, copying or sharing without permission. Stay legal online, this includes information from the Internet, files, music and video.
  6. Protect your own computer
    Keep your computer and data safe by installing the latest Microsoft security updates, anti-virus/firewall software and Java updates; you can get F-Secure for free. More advice about Viruses.

Get Safe Online - including advice about using Facebook and other social networking sites safely.

If you are concerned that your device might have an infection, free scanning tools are available such as Malwarebytes.

What is Phishing?

Phishing is an internet/email scam to get someone to disclose their private username and password or their financial details. Criminals are looking for cash and want to steal your identity. The most common type is an email asking you to send your username and password to an unknown recipient.

IT Services at the University never ask for your IT Account password, so never send your password to anyone.

How to protect yourself

Phishing attacks are on the increase and becoming more sophisticated so they look reasonable and genuine, including company logos and personalisation.

Top ten tips to protect yourself from a phishing attack:

  1. Never send your IT Account password or email account password to anyone. Remember: University staff will  NEVER ask for your password! If you are at all concerned ring the IT Service Desk
  2. Be alert when replying to an email, especially if you don’t know the sender.
  3. Be suspicious of any email with urgent requests for personal/financial information.
  4. Don't click on any links in an email if you suspect it might not be genuine or you don't know the sender.
  5. Hover over the link to check the web page address of the site you’re directed to. Sometimes they are very similar to a genuine site with only a punctuation mark showing the difference. Were you directed to PayPal? Or does the address line display something different,
    e.g http://paypa1/login.htm, where the letter L has been replaced with the figure 1.
  6. Never fill in personal details such as usernames, passwords, credit card numbers etc, on a web page you're directed to unless you're certain that it's genuine.
  7. Beware of forms in emails asking for personal/financial information.
  8. Be wary of emails with upsetting or exciting inducements – if it sounds too good to be true it probably is.
  9. Always ensure that you're using a secure web site when submitting credit card or other sensitive information; look out for "https://" and/or the security lock.
  10. It is important to keep your own computer up to date, especially your browser version and Java updates.

What the phisher is looking for

As soon as you divulge your password and username a number of phishers will start looking through your emails. They are searching for personal data, bank details or financial account login details. In an attack at the University, thirty five criminals from across the globe accessed an account within minutes of the victim revealing password details.

What to do if you think you’ve been caught or need urgent advice

If you realise that you’ve given your IT Account username and password away, contact the IT Service Desk as soon as possible on 01902 32 2000 or internally on ext. 2000.  Your account will be immediately disabled to reduce the damage to your account.

If you've given out personal financial information, have a look at the advice on the Anti-Phishing Working Group site.

How IT Services help to prevent phishing attacks

The University experiences phishing attacks on a daily basis. If a malicious webpage is identified IT Services will prevent access to the page for users within the university. Please be aware the security settings will not prevent you from accessing a malicious webpage if you are outside the university.

More advice?

If you believe a picture tells a thousand words and maybe find IT Security advice dry and uninspiring take two minutes at which will give you good IT Security advice but with pictures!

Stay Legal Online

It can be easy to download, copy and share software, music, film, video and information from the Internet, but it is illegal if the material is copyright. It is also a breach of the University ICT Acceptable Use Policy if you break copyright when using the University’s IT network.

Misuse of the network may lead to disciplinary proceedings and may even result in formal legal action through the criminal courts.

If you connect your computer, phone or other electronic device to the University's IT network you should:

  • Abide by the ICT Acceptable Use Policy and other IT policies
  • Understand the risks of using file sharing software
  • Understand copyright issues by visiting WLV Copyright Guidance
  • Be aware that abuse of the University’s IT network results in disciplinary action

Peer 2 Peer (P2P) file sharing software

P2P applications such as BitTorrent, BearShare,Vuze, Morpheus, iMesh and Lucky Wire, allow you to share files e.g. music, movies and software with other people over the Internet but they also make it easy for you to break the law. You could be sharing copyright-protected files without knowing itMore about the risks from OnGuard Online

Commercial organisations actively monitor internet file sharing activity and are able to trace file sharing and downloads to an individual PC/network connection. If a copyright infringement is traced to a PC connected to the University network disciplinary action will be taken

To help protect yourself, we recommend that you follow this advice:

  • Remove P2P file sharing software before connecting personally owned devices to the University wireless network or in University Accommodation.

  • If you need to use it, make sure you know how to use it safely and disable/turn off file share access to the files on your computer. By default, most of these applications allow access to some or all of your folders. This means that you are sharing files in these folders with anyone else who has the application.
  • P2P Terminator is a free download. This allows you to turn file sharing on and off with a mouse click, so you can disable file-sharing while on campus. If you install this software, be aware that:

  • You need to reset it to disable file-sharing every time you reboot your computer.
  • Installation of this software is at your own risk and we cannot assist with its installation or operation. The University is not responsible for performance issues or loss of data which may occur as a result of the installation of the software.
  • It is your responsibility to check compatibility with your computer's operating system.

Copyright and file sharing policy

The University's ICT Acceptable Use Policy states that you should not illegally share copyrighted material over the University’s IT network. This includes email, web pages, ftp, Hotline, IRC and peer-to-peer file sharing. It applies to both University owned computers as well as your personal laptop and other electronic devices.

What’s covered by copyright?

All types of media are subject to copyright including books, film, music, software and pictures. If you use, download or publish any of these media types it is your responsibility to ensure that you have the legal right to use the media in that way.

University of Wolverhampton Disciplinary Procedure

The University has a responsibility both under criminal law and to comply with the JANET Acceptable Use Policy to take action to prevent illegal behaviour and enforce penalties against individuals who breach copyright.

Infringements of copyright, unauthorised distribution and illegal downloading fall within the Archive: Student Code of Conduct and Disciplinary Procedure - September 2014 and action will be taken as follows:

First Infringement Notification

  • Student’s access to the wireless and accommodation networks using personal devices is suspended for 28 days.

Second Infringement Notification

  • Student’s access to the wireless and accommodation networks using personal devices is suspended for an indefinite period.
  • Student disciplinary procedure is invoked and liability to fine or suspension.

Third Infringement Notification

  • Student’s IT account fully suspended.
  • Student disciplinary procedure is invoked and liability to fine or suspension or exclusion from the University.

Criminal and Civil Legislative Penalties

In addition to the University’s disciplinary procedure, there are several criminal and civil legislative penalties that the individual can incur including:

  1. Damages and compensation for loss of profits through the civil courts
  2. Criminal law provides a sentence of six months imprisonment and or a fine of up to £50,000 for a copyright infringement heard at a Magistrates Court. The maximum penalty at Crown Court is 10 years imprisonment, plus the fine.

More information about the legislative penalties can be found in the Digital Economy Act 2010 and the Intellectual Property Office - Legislation.

Further information

What are Botnets and where do they come from?

Botnets are a collection of computers which are connected to a central server; the central server controls the botnets to perform a series of illegal activities. The term botnet is derived from robot; a network of robot computers = ‘botnet’.

Botnets can be used for several purposes such as:

  • sending Spam (from your account)
  • Denial of Service (using your computer to bombard a website)
  • hiding illegal money transactions (using your computer to pass illegal money transactions)
  • Phishing (sending thousands of emails from your account)

However, their most damaging use is theft of personal financial information. This includes the theft of credit card numbers, bank account passwords and PayPal passwords.

Where can a Botnet come from?

Botnet malware can arrive packaged within Peer2Peer downloads of music or films, free software downloads or malware infections passed by USB stick. You don't necessarily know that your computer is infected and standard anti-virus packages won't always detect them.

The University may receive reports that your device is infected with Malware from external monitoring agencies. If this is the case, when attempting to log on to the network you will be directed to Removing malware infections page notifying you of the infection and giving you details/links on how best to remove it.

Once your device is clean, you will need to contact the IT Service Desk to re-enable network access for your device.

How can you protect yourself?

There are free tools that you can use to check and clean up your computer.

One of these is EU-Cleaner, which will detect and remove malicious files. 

Six Laptop Travel Tips for Staff with University Laptops

Staff often travel with their University laptops and may connect to wireless networks in cafes, pubs, libraries, airports and hotels. All these places offer convenient and fast access. BUT, every one of these has the potential to expose staff to security breaches while using their laptop.

The following tips will help keep your laptop and data safe when you’re travelling:

Tip 1 – Before you leave the University – Prepare your laptop

IT Services have recently enhanced the maintenance process for standard University Windows laptops. There are now improved anti virus and software patch management systems which keep your laptop in a secure state and ensure you have the latest updates from any Internet connection.

However, to make absolutely sure that you have the latest updates installed:

  • Connect your laptop to the University network
  • Ensure you connect less than seven days prior to your date of departure.

If you are travelling to a destination which you believe may pose a substantial risk of hacking to your laptop then contact the IT Service Desk on ext. 2000 (01902-32 2000) to check that your laptop is up to date with security software.

Tip 2 – When travelling - Choose your Wi-Fi access point carefully

In public areas such as airports, there are usually several “Free” Wi-Fi access points that will be discovered automatically by your laptop. Select your network carefully by choosing a name that’s recognisable or a well-known commercial provider. The security features of different networks appear along with the network name. If you have a choice, always select a security-enabled network, so your data is protected by encryption when transmitting between your laptop and the Wi-Fi access point.

Tip 3 – On the move and when you arrive – Keep your laptop safe

Keep your laptop with you at all times, preferably in a bag that doesn’t advertise the fact that it’s a laptop! When you arrive, store your laptop securely, out of sight of casual passers-by. Try the online quiz to find out if your laptop’s in safe hands.

Tip 4 – Beware of peer-to-peer(P2P) software and file sharing

The use of P2P file sharing software on your laptop presents a severe security risk so its use on University laptops is expressly forbidden and is a breach of the ICT Acceptable Use Policy. P2P software can change the security settings on your folders to make them, and the data inside them, accessible by anyone from anywhere. If you have any queries about this, please contact the IT Service Desk.

Tip 5 – Think before emailing sensitive data - zip before you email

Remember that email is not a safe method of sending sensitive data.

Tip 6 – Very Sensitive Data – Leave it at the University!

Very sensitive data is any data which identifies individuals. This can be student course results, staff personal data or financial data with personal identifiers such as National Insurance or credit card numbers. Be mindful that any files in your personal file store (My Documents folder) are stored on your laptop, which although protected by your username and password, could easily be hacked into if it were lost or stolen. If it is absolutely essential that you access very sensitive data while off campus, an option is to store the data on a secure USB stick.

Please contact the IT Service Desk for advice about these.