The University has a range of systems and processes in place to help keep you safe online, but there are a few simple steps you can take to help protect your personal data and University account from viruses, spam and phishing attempts.
Think about how much data you would lose if your computer failed right now.
- It is important to backup any files that are important to you as although the computer maybe recoverable the data on there may not be.
- For University data you can currently use your personal workspace or Microsoft One Drive if your account has been migrated. You should also not store confidential or sensitive University data on an unencrypted USB drive in the event it was lost or stolen.
- You need to consider where data is being stored for example storing work data on Dropbox or Google Drive would not meet the University's data protection objectives. Data could be stored outside the EU who may have their own data privacy laws. If possible encrypt your data before it is transferred to cloud storage for additional security.
How to spot phishing emails
Several signs to spot if they are fake:
- Request personal information such as PIN, password
- Contains poor spelling and grammar.
- Claim to offer something that is too good to be true, for example, “Congratulations You are a Winner…”
- Contain generic greetings such as 'Dear Bank Customer' or 'Dear Email User'.
- Suspicious link embedded in the email
Never leave your devices unattended. If you need to leave your computer, phone, or tablet for any length of time, no matter how short—lock it up so no one can use it while you’re gone. If you keep sensitive information on a flash drive or external hard drive, make sure to lock it up as well (and make sure it is encrypted).
Use different passwords for different services
It is vital to remember to not use the same password for different services. By following this advice, if a hacker did gain access to one of your services they would not be able to access your other services. You also would not need to change the password for your other accounts.
- Never use a University password for any other service
- Do not use your University passwords for other services outside The University as you can't guarantee they will take the same care to protect them as we do.
- Never re-use an old password
- Choose strong passwords
Backup data on a regular basis in case a restore is required.
Only download software from reputable sources such as the vendor of the product and be wary of any site offering you commercial software for free.
Do not click on suspicious links from email and webpages.
Do not pay the ransom as there no guarantee you will be provided with the key to decrypt your data.
- Ensure when you login to any webpage it is only over https (green padlock) on sites you recognise.
http://www.faceboook.com rather than https://www.facebook.com
- The Autocomplete of your browser is not generally recommended to save your login details as someone could easily logon to a site you did not lock workstation or on a shared computer at home.
- Do not click on random popups for example one informing you that your PC is running slow due to errors found on it and advising you to download and install software to fix this
- Browsing in Incognito/private mode will not store your session in your browser however it will not be kept secret from network provider nor does not mean it's more secure.
- There is a risk of downloading virus, trojan, ransomware or keylogger with the content that does not come from a legitimate source.
- Torrent download and sharing content. We get informed of these infringements such as movie downloads from film studios such as Paramount and ban users from the network until the infringement is investigated.
- Illegally streaming films through a media box or Kodi is still considered as copyright infringement
Please visit the Acceptable Use Policy for further information:
"undertake any illegal activity including the downloading and storing of copyright information, except under a relevant licence, or with permission from the copyright owner" .
- You can encrypt documents in Microsoft Office with a password or 7-Zip (installed on managed desktop) with a passphrase and share the password in a more secure manner than email such as text message, phone call or in person.
- For work files you can use Office365 OneDrive for Business if it's available to you. For sharing confidential or sensitive work files your personal account should not be used as there is no guarantee which region your data will be stored in e.g. outside EU.
Think about what you are sharing on social networks
- Information posted on social media (e.g. Facebook, Snapchat, Twitter, LinkedIn) on a public profile could be used for social engineering attacks or for guessing your login details e.g. date of birth for birthday posts, where you work, child names for passwords or targeted phishing emails.
- Also, be wary of criminals using a fake profile trying to befriend you as it could be someone who is trying to obtain personal information which is not disclosed on your public profile for example the school you attended or anniversaries.
Keep your antivirus software up to date. For a managed service this is done automatically for personal devices it can be downloaded from http://www.lboro.ac.uk/services/it/staff/software/personal/staffantivirus/
Ensure your computer operating system has up to date Windows patches. For a managed machine this is done automatically however other machines or personal devices ensure you check and install any patches regularly.
Do not use unsupported Operating Systems e.g. Windows XP as the vendor is unlikely to release any secure patches to plug any vulnerabilities.
A variety of devices can be connected to a computer network for example a fridge, printers, heating and watches that could be hacked. They could also be used to attack other networks internally and externally if not configured correctly.
- Change default password to a complex one;
- Restrict access to only those who need it ;
- Install the latest software updates to protect you when they become available .