Stay safe online when you’re at home

Bethany Reid
Monday 6 April 2020

As we now work and study from home, it’s never been so important that we stay vigilant online. Scammers often take advantage of times like these when it’s easy to create a sense of urgency, leaving staff and students more vulnerable to phishing attacks.

Most of these attacks begin with a phishing email. The email is designed to lure you in and offer up your usernames, passwords or banking details.

Scams which have surfaced in the last few months to be aware of include:

  • emails offering information about coronavirus which takes the user to a fake website
  • emails promoting a cure which asks you to enter your details
  • donation requests towards fake COVID-19 charities
  • fake coronavirus maps which ask you to download malicious files
  • fraudulent websites selling counterfeit personal protective equipment or claiming to sell legitimate products and not delivering them
  • refund scams which largely target airline customers and those with cancelled holidays asking them to enter banking details
  • fake hardship funds for those struggling claiming to be from the Government, sometimes referred to as ‘a stay-at-home grant’
  • fake tax rebate scams referencing the coronavirus

Cyber criminals have also been ‘zoom bombing’ – intercepting online classes and taking control of the session on video conferencing platform Zoom, a product which the University does not support.

Here’s what staff and students can do to avoid being the victim of cyber crime.

Be vigilant online

Check the sender address and hover over a link to see where it’s trying to take you, but do not click. If it’s creating a sense of urgency and you weren’t expecting it, it’s likely to be a phishing email. IT Services have written a blog post which outlines tell-tale signs in more detail.

Report suspicious emails

If in doubt, report suspicious emails to [email protected] and the IT Security team will investigate and take appropriate measures. This is often blocking sender addresses or fraudulent websites from our network.

Install anti-virus

The University provides free anti-virus to all staff and students for personal devices. It’s available to download from Apps Anywhere (F-Secure for Windows and Sophos for Mac).

Keep your devices up to date

You should make sure your devices are up to date so you have the latest security policies in place. On University-owned devices, connect to the VPN before checking for updates. Check for updates at least every two weeks while working or studying from home.

Be aware of the University’s Information Classification policy

The Information Classification policy states that you should not download confidential or strictly confidential information to your personal devices. Staff and students should only use the central file store and Office 365 to save these files. Avoid local areas like Desktop, My Documents and other cloud providers like Dropbox which are ot backed up and files cannot be recovered if lost. Any information classed as ‘internal’, such as course content, should be kept within the University and not shared on public platforms.

Follow best practice when using the VPN

Before you connect to the Virtual Private Network (VPN) make sure your device is up to date and anti-virus is installed. Students do not need the VPN to access their home drive: there is a guide on connecting to a home drive without VPN available on the IT website.

Check your firewall is enabled

A firewall is a security measure which prevents online threats from penetrating your computer. Cyber criminals weave worms, viruses, trojans etc. through websites which you may stumble upon as you surf online.

This is already set up on University devices. On personal devices, check that the firewall is enabled, via the Control Panel on a Windows device, or System Preferences on a Mac.

Use supported systems

This means you can reach out to the IT Service Desk if you have issues and minimises the risk of data breaches. Before subscribing to third-party software, check with IT Services to see whether it’s supported.

Sign up for multi-factor authentication

guide on multi-factor authentication is available for staff and students who have not already enrolled.

 

 

Watch the full video from the event online.

Share this story

Subscribe to the IT Services blog

Enter your email address to subscribe to this blog to receive notifications of new posts.