3 minute read
Cyber security advice
Cyber Security precautions With reliance on IT, there is an increased risk of cyber-attacks against organisations and individuals. The following advice is sound for good practice at any time, but more important currently.
For your devices: – Keep your device patched. Promptly update the Operating System when notified that an update is available. Update applications you have on your device, ideally automate this process. – It is good practice to run Anti-Virus or Anti-Malware software on your device.
Free products are better than none. These can include extensions to protect you when browsing. – Enable a PIN, Password or Biometric login on your device.
For your UEL account: – For student accounts the password must: – Be at least 8 characters – Include at least 3 of these 4 character types -Upper and lower alpha, numeric and special characters (symbols and punctuation) – Not include a single dictionary word or ‘common’ passwords – Not include all or part of your username or obvious link to you, such as a pet or relatives’ name – Be unique to your UEL account and not used by you for any personal accounts – Be changed promptly after the user or UEL knows or suspects an account has been compromised – Not be disclosed to anyone, including IT staff – Not be written down so that they may be available to others – An account will be locked out after 6 unsuccessful attempts for a day, it can be reset using the Self-Service Password Reset (SSPR) service but enrolment in
SSPR is required prior to this, click here to be taken to the SSPR – Multi Factor Authentication (MFA) is in place for all student accounts when off site or when not physically connected to the UEL network. This was introduced specifically to protect your account from compromise.
It is good practice to set up more than one method to use for MFA, Authenticator and email are good alternatives to text messages or calls. For advice on setting up MFA, go to https://uelac.sharepoint.com/sites/ITServices/ SitePages/Digital_Training/Passwords/MFA.aspx?web=1.
For your personal accounts: Most services will now enforce minimum password complexity rules now, like those applied by UEL. Always try to use strong passwords. – Do not use the same password for accounts, as any breach of your account details on one external service could result in access using your credentials on another service. Do not use the same password you use for your UEL account for personal accounts. – Keep your password to yourself, don’t share it. If you need to share a device, create individual accounts on it. – If a service ‘offers’ MFA, set it up.
Use ‘Report Phish’ if in an email to your UEL account.
When working with emails: Please ensure that you remain alert to cyber threats especially in emails. Attackers will often use compromised accounts to make use of contact lists for sending emails, knowing that your guard will be down if you recognise the sender. Links and attachments in emails are often used to expose recipients to dangerous malware and while UEL has controls in place to detect these this will not be the case with your personal emails. – Hover mouse over sender details and any links so that they are expanded to reveal more detail. If the sender address or underlying link do not match those displayed, be wary. Note: Any email to your UEL account will have Mimecast inserted in the link, which is our email Filter. – With your UEL email account, if you have any doubt about an email or any link contained, please either use the ‘Report Phishing’ feature on the top right of the Outlook toolbar, or email infosec@uel.ac.uk.
For more information, see Welcome to UEL’s Information Security pages! (sharepoint.com)
Training available The Metropolitan Police Service have set up a series of free online webinars to raise awareness and to provide useful, practical information to keep you safe from cyber criminality:
The webinars address the following topics: – Cyber Behaviours – what anyone can do to protect themselves from online threats Book onto these webinars at: www.met.police.uk/CyberWebinars
