Top tips to keep you safe online
- NEVER tell anyone your passwords
It's vital not to disclose your password to anyone else. No University staff will ever ask you for your IT Account password
- Change your passwords often
Choose secure passwords that you change regularly
- THINK before sharing your personal details
There are risks of identity fraud and invasion of privacy whenever you give any personal details online.
- Beware of scam emails Phishing attacks are on the increase and becoming more sophisticated so it's easy to get caught out and give away personal details if you're not alert.
- Don't download or copy illegally
Make sure you don't break the law by downloading, copying or sharing without permission. Stay legal online, this includes information from the Internet, files, music and video.
Get Safe Online - including advice about using Facebook and other social networking sites safely.
If you are concerned that your device might have an infection, free scanning tools are available such as Malwarebytes.
What is Phishing?
Phishing is an internet/email scam to get someone to disclose their private username and password or their financial details. Criminals are looking for cash and want to steal your identity. The most common type is an email asking you to send your username and password to an unknown recipient.
IT Services at the University never ask for your IT Account password, so never send your password to anyone.
How to protect yourself
Phishing attacks are on the increase and becoming more sophisticated so they look reasonable and genuine, including company logos and personalisation.
Top ten tips to protect yourself from a phishing attack:
- Never send your IT Account password or email account password to anyone. Remember: University staff will NEVER ask for your password! If you are at all concerned ring the IT Service Desk.
- Be alert when replying to an email, especially if you don’t know the sender.
- Be suspicious of any email with urgent requests for personal/financial information.
- Don't click on any links in an email if you suspect it might not be genuine or you don't know the sender.
- Hover over the link to check the web page address of the site you’re directed to. Sometimes they are very similar to a genuine site with only a punctuation mark showing the difference. Were you directed to PayPal? Or does the address line display something different, e.g http://paypa1/login.htm, where the letter L has been replaced with the figure 1.
- Never fill in personal details such as usernames, passwords, credit card numbers etc, on a web page you're directed to unless you're certain that it's genuine.
- Beware of forms in emails asking for personal/financial information.
- Be wary of emails with upsetting or exciting inducements – if it sounds too good to be true it probably is.
- Always ensure that you're using a secure web site when submitting credit card or other sensitive information; look out for "https://" and/or the security lock.
- It is important to keep your own computer up to date, especially your browser version and Java updates.
What the phisher is looking for
As soon as you divulge your password and username a number of phishers will start looking through your emails. They are searching for personal data, bank details or financial account login details. In an attack at the University, thirty five criminals from across the globe accessed an account within minutes of the victim revealing password details.
What to do if you think you’ve been caught or need urgent advice
If you realise that you’ve given your IT Account username and password away, contact the IT Service Desk as soon as possible on 01902 32 2000 or internally on ext. 2000. Your account will be immediately disabled to reduce the damage to your account.
How IT Services help to prevent phishing attacks
The University experiences phishing attacks on a daily basis. If a malicious webpage is identified IT Services will prevent access to the page for users within the university. Please be aware the security settings will not prevent you from accessing a malicious webpage if you are outside the university.
Stay Legal Online
It can be easy to download, copy and share software, music, film, video and information from the Internet, but it is illegal if the material is copyright. It is also a breach of the University ICT Acceptable Use Policy if you break copyright when using the University’s IT network.
Misuse of the network may lead to disciplinary proceedings and may even result in formal legal action through the criminal courts.
If you connect your computer, phone or other electronic device to the University's IT network you should:
- Abide by the ICT Acceptable Use Policy and other IT policies
- Understand the risks of using file sharing software
- Understand copyright issues by visiting WLV Copyright Guidance
- Be aware that abuse of the University’s IT network results in disciplinary action
Copyright and file sharing policy
The University's ICT Acceptable Use Policy states that you should not illegally share copyrighted material over the University’s IT network. This includes email, web pages, ftp, Hotline, IRC and peer-to-peer file sharing. It applies to both University owned computers as well as your personal laptop and other electronic devices.
What’s covered by copyright?
All types of media are subject to copyright including books, film, music, software and pictures. If you use, download or publish any of these media types it is your responsibility to ensure that you have the legal right to use the media in that way.
University of Wolverhampton Disciplinary Procedure
The University has a responsibility both under criminal law and to comply with the JANET Acceptable Use Policy to take action to prevent illegal behaviour and enforce penalties against individuals who breach copyright.
Infringements of copyright, unauthorised distribution and illegal downloading fall within the Archive: Student Code of Conduct and Disciplinary Procedure - September 2014 and action will be taken as follows:
First Infringement Notification
- Student’s access to the wireless and accommodation networks using personal devices is suspended for 28 days.
Second Infringement Notification
- Student’s access to the wireless and accommodation networks using personal devices is suspended for an indefinite period.
- Student disciplinary procedure is invoked and liability to fine or suspension.
Third Infringement Notification
- Student’s IT account fully suspended.
- Student disciplinary procedure is invoked and liability to fine or suspension or exclusion from the University.
Criminal and Civil Legislative Penalties
In addition to the University’s disciplinary procedure, there are several criminal and civil legislative penalties that the individual can incur including:
- Damages and compensation for loss of profits through the civil courts
- Criminal law provides a sentence of six months imprisonment and or a fine of up to £50,000 for a copyright infringement heard at a Magistrates Court. The maximum penalty at Crown Court is 10 years imprisonment, plus the fine.
Five Laptop Travel Tips for Staff with University Laptops
Staff often travel with their University laptops and may connect to wireless networks in cafes, pubs, libraries, airports and hotels. All these places offer convenient and fast access. BUT, every one of these has the potential to expose staff to security breaches while using their laptop.
The following tips will help keep your laptop and data safe when you’re travelling:
Tip 1 – Before you leave the University – Prepare your laptop
IT Services have recently enhanced the maintenance process for standard University Windows laptops. There are now improved anti virus and software patch management systems which keep your laptop in a secure state and ensure you have the latest updates from any Internet connection.
However, to make absolutely sure that you have the latest updates installed:
- Connect your laptop to the University network
- Ensure you connect less than seven days prior to your date of departure.
If you are travelling to a destination which you believe may pose a substantial risk of hacking to your laptop then contact the IT Service Desk on ext. 2000 (01902-32 2000) to check that your laptop is up to date with security software.
Tip 2 – When travelling - Choose your Wi-Fi access point carefully
In public areas such as airports, there are usually several “Free” Wi-Fi access points that will be discovered automatically by your laptop. Select your network carefully by choosing a name that’s recognisable or a well-known commercial provider. The security features of different networks appear along with the network name. If you have a choice, always select a security-enabled network, so your data is protected by encryption when transmitting between your laptop and the Wi-Fi access point.
Tip 3 – On the move and when you arrive – Keep your laptop safe
Keep your laptop with you at all times, preferably in a bag that doesn’t advertise the fact that it’s a laptop! When you arrive, store your laptop securely, out of sight of casual passers-by.
Tip 4 – Think before emailing sensitive data - zip before you email
Remember that email is not a safe method of sending sensitive data.
Tip 5 – Very Sensitive Data – Leave it at the University!
Very sensitive data is any data which identifies individuals. This can be student course results, staff personal data or financial data with personal identifiers such as National Insurance or credit card numbers. Be mindful that any files in your personal file store (My Documents folder) are stored on your laptop, which although protected by your username and password, could easily be hacked into if it were lost or stolen. If it is absolutely essential that you access very sensitive data while off campus, an option is to store the data on a secure USB stick.
Please contact the IT Service Desk for advice about these.