IT Security - What you need to know
Every time you turn on your PC, open an email attachment, click on an unfamiliar link while browsing the Internet you could be putting yourself and your information at risk. So what do you need to do to protect yourself – firstly you understand the range of threats posed by cyber criminals, these include:
- Viruses & Malware – this is malicious software and refers to any software which is designed to cause damage to your computer.
- Ransomware – this is a type of malicious software which when installed on your computer can encrypt files and then demand a ‘ransom’ or payment from you to get access to your information again.
- Phishing & SPAM – this is a form of online fraud where typically you receive an email or pop-up message that claims to be from IT Services or another business or organisation that you may have previously dealt with for example eBay or Bank of Ireland. The message may ask you to ‘update,’ ‘validate,’ or ‘confirm’ your account information by logging into a fake website.
No matter how effective the security tools protecting the Trinity network and IT services are, there is no way to predict the damage caused by a single mistake by any one of us. So we have compiled a list of things you should be thinking about whenever you are opening email or using the Internet. You will probably have heard many or all of these tips before, but if we get the basics right it will keep you and Trinity safe online.
- Realise that you are an attractive target to hackers. Don’t ever say “It won’t happen to me.”
- Practice good password management. Use a strong mix of characters, and don’t use the same password for your Trinity IT Account as you do for your online shopping or for services you access on other websites. Don’t share your password with others, don’t write it down, and definitely don’t write it on a post-it note attached to your monitor. Always change your password if you suspect that it has become known to others.
- Never leave your computer, phone or tablet unattended. If you need to leave your computer, phone, or tablet for any length of time—no matter how short—ensure you lock it so no one can use it while you’re gone.
- Always be careful when clicking on attachments or links in email. If it’s unexpected or suspicious for any reason, don’t click on it. Check the URL of the website the link takes you to, hackers will often take advantage of spelling mistakes to direct you to a harmful fake website.
- Sensitive web browsing, such as banking or shopping, should only be done on a device that belongs to you, on a network that you trust. Whether it’s a friend’s phone, a public computer, or a cafe’s free WiFi—your data could be copied or stolen.
- Back up your data regularly, and make sure your anti-virus software is always up to date. Be conscientious of what you plug in to your computer. Viruses and malware can be spread through infected USB drives, external hard drives, and even smartphones.
- Watch what you are sharing on social networks. Criminals can befriend you and easily gain access to a shocking amount of information—where you go to school, where you work, when you are on holiday—that could help them gain access to more valuable data.
- Offline, be wary of social engineering, where someone attempts to gain information from you through manipulation. If someone calls or emails you asking for sensitive information, it’s okay to say no. You can always call the company directly to verify credentials before giving out any information.
- Be sure to monitor your accounts for any suspicious activity. If you see something unfamiliar, it could be a sign that you’ve been compromised – change your password immediately.
In Trinity we have invested in comprehensive range of technical solutions to help to protect your Trinity computer and information from viruses, malware and spam but we all need to play our part and ensure we use the tools effectively:
Viruses, Malware and Ransomware
If you are using a Windows PC or Apple Mac on the Trinity network in offices and labs then as part of your setup to join the network you will have McAfee anti-virus protection installed and also a service that keeps your Windows computer up-to-date. For your office and home computer please make sure:
- You have anti-virus software installed. Trinity has a site licence for the installation of anti-virus software on all computers on the network, either Trinity-owned or privately-owned.
- Your anti-virus software is configured to update regularly. The updating only takes a few minutes and occurs in the background so you can continue to use your machine during the process.
- You use your anti-virus software to scan your computer regularly. Anti-virus software typically consists of two components - a detection element (the virus definitions), which can detect known viruses and prevent them from triggering, and a cleaning element (the engine) which can disinfect viruses which may already be on your computer. Scans can be set to run automatically or manually.
- Stay current on software security updates for your software. All software companies are constantly releasing patches and updates to fix security issues, as well as other flaws discovered in their products. These flaws are what virus writers and hackers exploit to gain access to your data. Make sure you stay ahead of the hackers and keep you software up-to-date.
Remember to protect your phone and tablet
Smartphones and tablets are essentially mobile computers. They allow you to access the internet and email, download applications and games and store photos, videos and your personal information on them. Therefore it is important to realise that you need to protect and secure your phone just as you would your home computer or laptop.
The many features and functions that make your phone ‘smart’ also make it susceptible to malicious software like viruses and Trojans. If your phone is not secure then it could be damaged by malware and viruses. Also the compact and mobile nature of your phone makes it much easier to lose or have it stolen. If it is lost or stolen then someone could access the information stored on it, this could be your own personal information or it could be confidential Trinity data which you have an obligation to protect.
In order to protect your phone or tablet and the data stored on it you should have a look at the security features that are available in your device. All devices should have security settings, though the exact options available will differ depending on manufacturer, model and software version. At a minimum we advise that everyone ensures that they have:
- Set a password or Personal Identification Number (PIN) on the phone or tablet that is then necessary to know in order to access the device. This is the most effective simple security measure that you can utilise to minimise loss and disruption in the event that your phone or tablet is lost or stolen.
- Ensure your phone or tablet is automatically locking if it has not been used for a set period of time. In conjunction with the step above an automatic lock is a very strong control to have in place to prevent unauthorised access to your data.
Phishing and SPAM
Anti-virus scanning systems ensure that all email entering and leaving Trinity is scanned for known viruses and infected emails are quarantined or deleted where appropriate. Email that is in 'quarantine' is not delivered to staff but you can check that no legitimate email has been mistakenly identified as spam.
We all need to treat any email that asks for your username and password details with extreme caution. The consequences of falling victim to a phishing attempt are not limited to your own account, but could affect the Trinity community as a whole. One compromised account could potentially endanger vast amounts of sensitive data. Or, one compromised account distributing large amounts of spam could result in Trinity losing email as a service entirely.
To address this ongoing problem IT Services have invested in a professional Cyber Security Awareness Training Programme for staff which aims to enable staff to more effectively identify fraudulent email and subsequently to respond appropriately to future phishing, malware and ransomware attacks.
Everyone needs to take the time to ensure you remain aware of potential cyber security risks and the steps you need to take to ensure that both your own and the University information is secure.