Staying safe online

Passwords

Having strong passwords is an important part of information security. Choosing a good password is a balance between something that is complex enough that it won’t be easy to guess or crack, but not so complex you forget it or need to write it down. You can find tips on choosing a good password and managing it securely on the IT website. 

Whatever your password, make sure you use a different password for your University account and any other accounts you have. Using a different password for every account means if one password is compromised, your other accounts are still safe. 

Remember: 

• Your password needs to be at least 8 characters, with at least one uppercase letter, one lowercase, and a number or special character (eg & or %)
• Never give your passwords to anyone. Ever.
• Create a different password for every account.
• If you think you've had your password stolen, change it and report it to the IT Service Desk immediately.

Phishing and identity fraud

Phishing is an email that tries to trick you into giving our personal information, such as your password. Sometimes these emails may appear to come from the University or someone you know, or try to get you to act quickly because they say you have a virus or your account is over quota. Other common phishing attacks say you are due a tax refund, or are about your student loan. 

The best way to protect yourself is to stop and think: 

• Is the sender of the email someone you know?
• Does the URL (web address) it contains look legitimate? (Hover your mouse to check). 
• Is it trying to get you to act urgently?
• Were you expecting an attachment?

Phishing doesn’t just happen by email – but also through social media, texts and phone calls. 

For more advice have a look at the Get Safe Online website

Banking, online shopping and bank transfers

Online shopping is a great way to find bargains, but you need to take a few precautions to make sure you don’t fall victim to a scam or have your card details stolen. 

Make sure you never exchange money with someone you've met online. Don't conduct bank transfers and don't send money to anyone unless it's through an approved system such as PayPal for purchasing goods.

If you’ve never used the online shop before, do a bit of research to make sure it is legitimate. 

Before you enter your payment details, make sure the site is secure. The web address should start https:// (rather than http://)  - the ‘s’ stands for ‘secure’. There should also be a padlock symbol next to the web address.  But be aware – scammers can set up secure sites as well, so don’t just rely on this.

• Don’t enter your details on an unsecure wifi network (eg free wifi in a café)
• Check your bank statements regularly and let the bank know immediately if you don’t recognise a transaction. 
• If the deal looks too good to be true, it probably is!
• Consider using an online service such as PayPal – you register your credit card with them, then on other sites choose ‘Pay by PayPal’. That way you don’t need to re-enter your credit card details. 

Get Safe Online has advice on all aspects of shopping, banking and online payments – see https://www.getsafeonline.org/shopping-banking/ and the Money Advice Service also has some useful tips https://www.moneyadviceservice.org.uk/en/articles/shop-safely-online 

Websites and social media

Cookies

Cookies are files which web sites use to store information about you from one visit to the next. Mostly they are used innocuously, for example storing your preferences. Some are used to track your browsing habits so that online advertising can be aimed more specifically at you. But they can be used by criminals to build a profile of you for fraudulent purposes. 

You can find out more about cookies from Get Safe Online: https://www.getsafeonline.org/protecting-your-computer/safe-internet-use/

Social media

How much information do you share via social media? Most of us share too much, so be careful about what you are posting and who can see it. Employers and recruiters often check social media accounts when you apply for a job, so don’t post something that could affect your career later on. Even if you later deactivate your account, it may be impossible to completely remove everything if other people have shared it. 

• Check your privacy settings on all your social media accounts
• Don’t ‘friend’ people you don’t know 
• Don’t post your location –  wait until you are home to post your holiday snaps or tag your location
• If something goes online without your consent, make sure you report it. There are helplines – for example the Revenge Porn Helpline

Security on the move

Having a mobile device gives us the flexibility to work on the move, but how secure is yours?

Treat your mobile device like your wallet or credit cards. Don’t leave them unattended, even for a few moments. If you do lose your device, and you’ve used it to access University systems (including email) let the IT Service Desk know immediately and change your University password

1. Make sure you set a pin or password
2. Set up ‘remote wipe’
3. Don’t crack, jailbreak or root your smartphone
4. Accept updates and patches  - they are often security related
5. Set up encryption (eg a PIN to access your device) and don’t save confidential data to it. If you use a pattern to unlock your phone, you can set up many phones so the pattern isn’t displayed on screen – a great way to prevent ‘shoulder surfing’. 
6. Back up your data!
7. If you’re getting a new device, make sure data is securely wiped from your old one (not just deleted) before disposing of it. 

Find out more at Get Safe Online - https://www.getsafeonline.org/smartphones-tablets/

Your computer 

There are many ways your computer could get infected by a virus or other malware, so always keep your anti-virus software up to date. 

Remember to log off or lock a PC if you leave it, so other people can’t use your accounts, printing credit and personal network storage space, and be careful not to leave your personal IT equipment unattended.