How to stay cyber-secure while working remotely

Cyber criminals globally are exploiting the unfamiliar situation caused by the global pandemic and specifically the move to remote working.

All staff and students should be aware that cyber criminals may try to leverage the fear and distraction associated with recent events and ensure that they are alert to malicious attempts to access their devices, accounts and information.

Staff and students should review the following advice to make sure that they are working securely and protecting valuable university equipment and Information today:

1. Ensure you are following the most up-to-date IT advice for work, study and research (click to expand)

Staff and students should familiarise themselves with the comprehensive instructions provided by IT Services on how to work, study and carry out research activities in a secure manner.

These instructions cover how to ensure that computing devices are secure, running up-to-date software and protected by anti-virus software and that all staff and students are using the appropriate software and cloud technologies.

2. Be aware of Phishing and email fraud (click to expand)

Staff should exercise caution when reviewing email in their inbox looking out for spam, phishing scams, and requests for information, payment or passwords.

Staff and students should pay particular attention to email messages that ask them to open an attachment to see the latest Covid-19 statistics or click on a link purporting to come from a contact tracing centre or other official body.

Below is an example of a phishing message purporting to be from the World Health Organisation which attempts to persuade users to download an infected file to their computer.

Cyber criminals are aware that people are looking for safety information and are more likely to click on potentially malicious links or download attachments in emails like this:

The second example below is of a fraudulent Office365 phishing email which is attempting to trick a user into clicking on the link and giving their Trinity username and password to an attacker.

Trinity staff and students should treat any email that asks for your username and password details with extreme caution. The consequences of falling victim to a phishing attempt are not limited to your own account, but could affect the Trinity community as a whole. One compromised account could potentially endanger vast amounts of sensitive data.

Further educational information on Phishing is available from IT Services

3. Be alert to danger in other unsolicited communications and when browsing online (click to expand)

Staff and students should also be alert to the potential danger posed by other unusual contacts these may be made electronically through communications software like WhatsApp, or on social media or via phone calls and texts.

Staff and students should treat any unusual requests for access, information or payment with caution.

If in doubt do not proceed with any requests for access to systems or processing of financial transactions. Take advice from supervisors or managers on how to definitively confirm the identity of the requester.

Be vigilant when browsing the Internet, be aware that cyber criminals may use websites purporting to provide information about Covid-19 to attempt to spread malware and ransomware to your computer.

4. Take care with new and unfamiliar communications Tools (click to expand)

The move to remote working may mean that staff and students are using new and unfamiliar tools to communicate with colleagues and friends.

IT services supports the use of Microsoft Teams for collaboration on documents, making calls and sending instant messages and for video conferencing. Make sure to review the comprehensive support and training material available on the IT Services website and at LinkedIn Learning to ensure that you are using the tools correctly and in a secure manner.

The video conferencing tool Zoom has received attention in the press due to security issues such as “Zoom- bombing” where uninvited individuals join and disrupt calls and meetings. Staff and students using Zoom should review the University Data Protection Officers advice on secure use of Zoom.

5. Finally report any suspicious activity (click to expand)

Staff and students should report any suspicious activity to the IT Service Desk for investigation.

IT Services are continuing to publish regular updates to our website and Twitter channels and our dedicated teams respond to calls and emails as quickly as possible.