These attacks often take the form of "ransomware", where criminals disable critical systems or extract sensitive data in the hope of extorting a ransom. Several UK universities have fallen victim to highly disruptive attacks recently, including Newcastle, Northumbria, UCLAN, Queens Belfast and Highlands & Islands; in some of these cases, campuses had to be physically closed - Newcastle, for example, lost the use of major systems for managing student records, accommodation and finance for over six weeks, a period that included the start of the new academic year.
These attacks are often the work of organised criminal gangs and use highly sophisticated techniques. However, attacks nearly all start with one thing - obtaining a single user's password. These passwords are typically obtained through phishing emails or when the same password is used on multiple services or websites outside of the University, which may themselves be hacked. The fact that many of us are increasingly using our own devices to access email and other University systems is also a risk factor. This means that, as well as all the technical security measures the University has deployed centrally, we all have a significant part to play in keeping our own information safe and protecting the University from major operational disruption.
Never enter your IT credentials on a website unless you are certain it can be trusted and - if you are using your own device to access University systems - make sure that it is password-protected, the operating system is up to date and that you have working anti-virus software installed. Never re-use your University password on other sites.
To help, IT Services have put together a series of tips and short videos on working securely.
Please take some time to have a look at these tips and remind yourself how we can all work online as safely as possible.