Staying safe online
As students, you’ll regularly be sending emails, searching for information on the internet and completing assignments online.
Here are some tips on how to keep your data and your work safe while working online.
Whenever you are interacting with your university lecturers, staff or other students, make sure to check that you are using official email addresses that are provided at the start of your course.
Do not respond directly to any emails that look like they have been sent by a member of the university if the email address does not look correct. Any suspicious email can be reported to the University Data Security team via the "Report Phishing" button, found in Outlook.
When it comes to social media, make sure you follow official channels run by the university.
When using University devices, you will be safer online as they will already come with security software pre-installed, but if you bring your own device, we recommend investing in an Anti-Virus solution like Bitdefender, to keep you safe.
You should run regular scans on your device to check for malware, which will keep both you and the University safe from compromise. A lot of security tools come with browser protection too, to help keep you safe online.
An unsecured network is another name for free, unregulated wi-fi. You’ll usually be using an unsecured network if you log into the free wi-fi of a restaurant, shopping centre or any other public space. Although it can be convenient to use free wi-fi, remember that it is not regulated by anyone and therefore can be unsafe.
If you do need to use an unsecured network, please make sure you have protective software installed, use a VPN or connect to Eduroam where possible.
Every time you back up your work, it creates a new copy of everything on your device. This unfortunately includes any viruses or malware that you may have unknowingly downloaded. Make sure you always run a virus scan before you back up your work to ensure that you have saved a safe version of your device.
Your best option is to back up all your work onto OneDrive, which will allow you to access it across multiple devices and also protect it, should your personal device become lost or damaged.
Remember, saving data onto USB flash drives may seem like an easy option to move data around, but these can also become infected with malware, that is spread to each device you plug it into. They can also be lost/stolen so private data can be accessed by anyone.
It’s common for people to use the same passwords for multiple accounts, but this makes it easier to break into your accounts if a hacker has discovered one of your passwords. So use strong passwords that are unique to each account to reduce the chances of being hacked.
If you ever get a notification saying someone is trying to log in to your account and it’s not you, do not allow them access and change your password as soon as possible to ensure that your information is kept secure.
The security team will regularly review suspicious sign-in activity and may change your password as a precaution, but should this happen, you can use https://password.westminster.ac.uk to reset it.
To make it easier, please use a password generator such as Strong Password Generator | Bitwarden which provides a strong password or passphrase that will keep you safe online.
It is important to use Multi factor authentication where possible, as this will give you an added layer of protection against account compromise. We would recommend using Google Authenticator on your mobile device. Remember, never share your MFA token with anyone.
Although built in security for Web browsers is getting better and should warn you if you are trying to download something suspicious or dangerous, there is always a risk that a compromised URL may install a malicious file or cookie onto your device. We would recommend disabling 'Preload Pages' in Chrome.
This can be done by navigating to Privacy and Security -> Third-Party Cookies and selecting 'No Preloading' under preload pages.
Should your device start having suspicious pop ups appearing in your browser, you can follow the steps outlined in the attached document to clear cookies and/or cache:
Just like links and downloads, phishing emails or phone calls can also put your data at risk. Whether it asks you to respond, share details or call a number, be aware that if it is an unrecognised source (sometimes asking you to respond with a time limit), it is likely a scam trying to steal your data.
Should you be worried that you may have become a victim of a scam or tricked into downloading something onto your computer, do not be afraid to reach out to the Service desk or Data Security team for advice.
There are several ways to spot a suspicious email, for example:
- Look at the email address, not just the senders name. Make sure it is a valid company address (Microsoft will never send you an email asking you to log in, from a colleague’s/teacher's email address.)
- Look again at the email/web address. Some false addresses look very like the real ones.
- Look for grammatical mistakes, not just spelling mistakes. When crafting phishing messages, scammers will often use a spellchecker or translation machine, which provide all the right words but not necessarily in the right context or order.
- Hover your mouse over any links, to check they go to a valid address/destination.
- Look out for a sense of urgency. If the email is rushing you into doing something, (even if from your boss or teacher), before you respond, contact the sender using a different method, to check it is from them.
- Follow your instincts, if it feels dodgy, it probably is!
Remember, you can always report suspicious emails to us at [email protected] or via the 'Report Phish' button in Outlook.
Data is not just something that can be stolen through hacking or viruses. Nowadays, everyone lives on social media, and we like to share what we are up to with our friends and family. However, if you have public accounts or you have contacts you don’t know that well on your accounts, oversharing can be dangerous.
Scammers and malicious actors will try to harvest your personal data from these sources and could use it to try and convince you into giving away sensitive information, like sensitive information such as passwords, date of birth, or bank account details. Or they might encourage the victim to visit a website where malware is installed that can cause disruptions to the victim's computer. In worse case scenarios, the malicious website strips sensitive information from the device or takes over the device entirely.
For more information on staying safe online, visit Get Safe Online or Cyber Aware, which are both parts of an initiative between government departments and private businesses to promote online security.
These sites explain a lot more about what you can do to protect your identity, your computer, and your data, and have added features such as checking a website's URL for validity before you open it.
For more information on staying safe online, visit Get Safe Online or Cyber Aware, which are both parts of an initiative between government departments and private businesses to promote online security.
These sites explain more about what you can do to protect your identity, your computer, and your data, and have added features such as checking a website's URL for validity before you open it.