How to stay cyber-secure while working remotely

Cyber criminals globally are exploiting the unfamiliar situation caused by the global pandemic and specifically the move to remote working.

A fish in a fishbowl

All staff and students should be aware that cyber criminals may try to leverage the fear and distraction associated with recent events and ensure that they are alert to malicious attempts to access their devices, accounts and information.

Staff and students should review the following advice to make sure that they are working securely and protecting valuable university equipment and Information today:

Advice

Staff and students should familiarise themselves with the comprehensive instructions provided by IT Services on how to work, study and carry out research activities in a secure manner.

These instructions cover how to ensure that computing devices are secure, running up-to-date software and protected by anti-virus software and that all staff and students are using the appropriate software and cloud technologies.

 

Staff should exercise caution when reviewing email in their inbox looking out for spam, phishing scams, and requests for information, payment or passwords.

Staff and students should pay particular attention to email messages that ask them to open an attachment to see the latest Covid-19 statistics or click on a link purporting to come from a contact tracing centre or other official body.

Below is an example of a phishing message purporting to be from the World Health Organisation which attempts to persuade users to download an infected file to their computer.

Cyber criminals are aware that people are looking for safety information and are more likely to click on potentially malicious links or download attachments in emails like this:

Working Remotely Cyber Security WHO

 

The second example below is of a fraudulent Office 365 phishing email which is attempting to trick a user into clicking on the link and giving their Trinity username and password to an attacker.

Working Remotely Cyber Security Office 365

Trinity staff and students should treat any email that asks for your username and password details with extreme caution. The consequences of falling victim to a phishing attempt are not limited to your own account, but could affect the Trinity community as a whole. One compromised account could potentially endanger vast amounts of sensitive data.

Further educational information on Phishing is available from IT Services

Staff and students should also be alert to the potential danger posed by other unusual contacts these may be made electronically through communications software like WhatsApp, or on social media or via phone calls and texts.

Staff and students should treat any unusual requests for access, information or payment with caution.

If in doubt do not proceed with any requests for access to systems or processing of financial transactions. Take advice from supervisors or managers on how to definitively confirm the identity of the requester.

Be vigilant when browsing the Internet, be aware that cyber criminals may use websites purporting to provide information about Covid-19 to attempt to spread malware and ransomware to your computer.

The move to remote working may mean that staff and students are using new and unfamiliar tools to communicate with colleagues and friends.

IT services supports the use of Microsoft Teams for collaboration on documents, making calls and sending instant messages and for video conferencing. Make sure to review the comprehensive support and training material available on the IT Services website and at LinkedIn Learning to ensure that you are using the tools correctly and in a secure manner.

The video conferencing tool Zoom has received attention in the press due to security issues such as “Zoom- bombing” where uninvited individuals join and disrupt calls and meetings. Staff and students using Zoom should review the University Data Protection Officers advice on secure use of Zoom.

Staff and students should report any suspicious activity to the IT Service Desk for investigation.

IT Services are continuing to publish regular updates to our website and Twitter channels and our dedicated teams respond to calls and emails as quickly as possible.

The Cyber Crime Watch Hub is an online centre of IT security awareness training and engaging resources for Trinity staff. This hub blends humour and micro-training to highlight the risk and impact of cyber security attacks.

The Cyber Crime Watch Hub is available to all Trinity staff on Microsoft SharePoint via office.tcd.ie.