Information security defines access to information technology and keeps people, systems and data safe from cyber attacks.
- Create strong passwords
- Avoid phishing emails
- Secure your mobile
- Protect your computer from threats
- Protect your privacy online
Creating strong passwords
Protect your data by setting strong passwords
Armed with your passwords, criminals can get into your online accounts or profiles and steal your money, identity and more besides. They could even try to blackmail you. That's why you should never share your passwords, even with people you trust.
- Never give your passwords to anyone.
- Create a different password for every account.
- If you've had your password stolen, change it and report it immediately.
Keep it secure
The three main ways passwords find their way into the wrong hands are:
- phishing (fraudulent emails)
- malware (particularly keylogging programs)
- companies who don't do enough to keep your information safe.
Creating different strong passwords for every account will limit the damage if your personal details gets leaked.
Make it strong
- Be at least 8 characters in length.
- Not in latest 6 passwords history.
- Not contain the user's account name(UNNC username) or parts of the user's full name(or Pinyin)that exceed two consecutive characters.
- Contain characters from three of the following four categories:
- English uppercase characters
- English lowercase characters
- Base 10 digits
- Non-alphabetic characters
Manage your University password
Avoid phishing emails
How to spot suspicious emails and stay safe online.
Criminals operating online use hoax 'phishing' emails to trick millions of people into parting with their passwords, credit card details and other critical personal information. The consequences can be devastating.
Depending on the information you give them, they could take money out of your bank account, sell your information on to other scammers, or hijack your social media and email accounts to launch more phishing attacks on your friends. These fake emails and websites can be very difficult to tell apart from the real thing.
Never reply to any email asking for your passwords, PINs or other account details.
- Make sure you know how to spot suspicious links and websites.
- Don't open attachments unless you completely trust where they have come from.
- If in doubt, always check with your IT support team, the IT Service Desk or your service provider (e.g. your bank) before responding to anything that looks suspicious.
What phishing emails look like
There are several signs that most (though not all) phishing emails exhibit. While these signs do not necessarily mean the message is fake, you should be suspicious of emails that:
- Ask for a password, PIN or other personal information.
- Warn you about a problem or imminent threat (eg 'If you don't respond within 48 hours, your account will be closed').
- Contain technical jargon and an incentive to part with your data (eg 'We are asking you for your password because we are currently refreshing our database to create more space for you').
- Ask you to open an attachment or make a donation.
- Relate to topical news items and upcoming events in the public domain (eg tax return deadlines).
- Contain poor spelling and grammar.
- Claim to offer something that is too good to be true.
- Contain generic greetings such as 'Dear Bank Customer' or 'Dear Email User'.
How to spot fake links in emails
The key to spotting phishing emails and websites is in the links and website addresses (otherwise known as URLs). Scammers can replicate legitimate sites down to the last pixel. However, while the links and website addresses they use can be deceptively similar, they can’t be identical.
More information please visit IS webpage of UK
Secure your mobile
Discover the main risks to mobile devices and how to protect your data.
- Use a strong password or PIN and make sure your device locks automatically when not in use.
- Only install apps from locations you trust and apply security updates.
- Set up a 'remote wipe' feature if available, in case your device gets lost or stolen.
Securing your smart phone or tablet
- Always set a password/PIN-protected lock-screen to come on automatically when you are not using your device.
- Make sure you have a master copy of any documents you carry or edit on your mobile device saved somewhere else.
- Install security updates to your device and the apps you have on it. This helps protect the operating system from the latest malware.
- Don't be tempted to 'jailbreak' your device
- Only install apps from trusted locations.
Protect your computer
How to avoid viruses, malware and keep your data safe.
There are a few simple precautions you can take to stop others stealing or destroying the contents of your computer.
- Install security updates to your operating system, web browser and other software as soon as they become available.
- Install anti-virus software, keep it updated and schedule regular scans. The University provides Sophos Anti-Virus software.
- Never install pirated software or open attachments from sources you don’t know or trust.
- Schedule regular backups of all your files.
Even if you have anti-virus software which tackles adware, spyware, trojans, worms and malware, you still can't afford to get complacent or careless.
The most common (and easily avoidable) ways in which people let their machines get infected are:
- Opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people they know and trust).
- Installing suspicious software (either pirated copies or downloaded from untrustworthy websites).
- Using infected USB sticks.
- Browsing the Internet with an old operating system and browser.
- Clicking phishing links on social media and in emails.
Cut out or cut down on these risky activities and you will dramatically reduce your exposure to malware.
More ways to stay safe:
- Install the latest security updates to your operating system.
- Install anti-virus software on your machine, keep it updated and schedule regular scans.
- Install the latest updates to your web browser and other software (the easiest way to do this is to turn on automatic updates whenever you install programs on your machine).
- Make sure the firewall installed on your machine is activated.
- Only download and install software from reputable sources and never install pirated software.
- It is good to get into the habit of locking your screen whenever you leave your desk.
- Encrypting your laptop will stop anyone getting at your personal data in the event it gets lost or stolen.
- Back up your data
The campus firewall is a device that sits between the campus network and the internet. It ensures that legitimate network traffic is allowed to pass through and that potentially malicious traffic is blocked.
The campus network is constantly being scanned and probed for weaknesses that would allow an attacker to gain unauthorised access to University IT resources. The firewall prevents this.
Protect your privacy online
Get Safe Online
Find out what information you share online and how to protect your data.
About online privacy
Many of the handy tools and applications we rely on to go about our business online are, as we browse, automatically sharing our information with others - and not in ways that are always in our best interests.
Don't part with your data without knowing what you are giving away to whom, how and why.
- Configure your browser and social media settings to give you the level of privacy you need.
- Use a Virtual Private Network(VPN) to connect to public Wi-Fi.
- Always log out and change your passwords after using public computers.
How to protect your personal information
- Telling your web browser how much of your online activity and data to share and who with.
- Don't leave the security and privacy settings on your online accounts too low.
- Avoid using public Wi-Fi without protection
- Avoid sharing too much information about yourself on social media.
Secure your browser
Modern browsers can remember your passwords, autofill forms for you and take care of the preferences and settings you use on your favourite sites. But the information your browser quietly stores as you go about your business - cookies, browsing history and the rest of it - are also a potential goldmine for advertisers, spammers and hackers who want to steal your identity and commit fraud.
The easiest way to keep your information and activities to yourself is to adjust the 'private browsing' options in your browser (how to use these features in Chrome, Internet Explorer, Firefox and Safari) to remove cookies, history and temporary internet files and other information each time you quit your browser.
How to use secure Wi-Fi hotspots
Here are some tips for improving your security and privacy when using untrusted networks:
- One of the best ways to secure connections over a network is to use a virtual private network (VPN) which will ensure that all of the traffic you send and receive goes down a secure, encrypted tunnel
- Every time you log in to a website, make sure that your connection is encrypted. If it is, the URL in your browser’s address bar will begin https (instead of http). You also need to make sure that the connection stays encrypted for all of your online session.
- Once you are done, 'forget' networks by removing them from your network settings in your laptop or mobile device.
Social media encourages us to broadcast rather than target our information. You may feel you are among friends, but your connections are bound to include much more loose and casual acquaintances than you would genuinely class as your mates in the real world.
To be suitably selective about what you share and who with:
- Encrypt your entire session. Many sites give you the option of doing this by enabling Secure Browsing in the Security settings.
- Learn how security and privacy works on the sites you use and set it at the level you are comfortable with.
- Be careful not to give out your date of birth, national insurance number, mother's maiden name, home address, previous address, employer, birthplace or school details.
- Be careful of random 'friends' or followers you don’t actually know, especially messages asking to join your network. If a criminal can become your friend, they can abuse the trust that other members of your network place in you to target your friends.
- Think twice about posting anything in haste or anger. News travels fast on the Internet, and once posted, it can be shared and copied in seconds, so it may be too late to undo the damage by the time you try to delete it.