New Password Expiry Notice

IT security policy requires password changes every 180 days. In order to achieve this, passwords are set to expire approximately every 180 days. Warnings and reminders are sent in the period running up to password expiry times. The password expiry noticed issued by IT Services has changed recently. The new notice looks like this. If … Continue reading “New Password Expiry Notice”

Published: Posted on

Blackmail Scam

We have been getting quite a few calls recently about messages trying to blackmail people.  They allege that the recipient has been viewing pornographic sites, malware has been installed on the recipient’s computer and they have compromising recordings of the recipient that will be sent to friends and colleagues. For example: To make the message … Continue reading “Blackmail Scam”

Published: Posted on

GDPR and Cloud-based Services

Formstack Security If you are using Formstack to collect and process personal data then you must ensure that the security options are enabled for each of your forms. This includes all three of: SSL – Secure Sockets Layer for the website. If enabled, the URL starts with “https://” and the browser displays a padlock symbol. … Continue reading “GDPR and Cloud-based Services”

Published: Posted on

Using DropBox Securely

DropBox and similar cloud-based collaboration services are highly functional and are used by many across the University to share content with external collaborators. However DropBox is a high profile target and we have reservations around its security.  Most of the time DropBox will be fine but it should not be used to hold confidential or … Continue reading “Using DropBox Securely”

Published: Posted on

URL Shorteners

URL shortening is when you use a service such as bit.ly or tinyurl.com to take a very long URL and condense it into a very short URL. This is very useful for when you need a short URLs, when you have to read a URL over the phone, or for a .pdf document.  Below is … Continue reading “URL Shorteners”

Published: Posted on

GDPR for IT Services

GDPR The EU General Data Protection Regulation (GDPR) comes fully into force on 25th May 2018.  The impact is mainly on the business but there is a significant IT impact as well and that affects us directly.  The aim of this article is to provide guidance on the impact on IT Services of GDPR. Roles … Continue reading “GDPR for IT Services”

Published: Posted on

Required Information Security Awareness Training

Announcement You have all seen the flood of recent phishing emails (as in fishing for passwords and other sensitive information) and other social engineering attacks aimed at people. These generally try to trick you into typing your password into some sort of false sign-on screen or download malicious software. Automated controls such as SPAM filters … Continue reading “Required Information Security Awareness Training”

Published: Posted on

Meltdown and Spectre – time to panic?

We have had a number of queries about the well-publicised processor vulnerabilities, Meltdown and Spectre.  There are no reports of actual exploits being used at this stage and certainly with meltdown an attacker would need access to the systems concerned in order to exploit the vulnerabilities.  Suppliers of operating systems, anti-virus and other relevant software … Continue reading “Meltdown and Spectre – time to panic?”

Published: Posted on

Student Password Change Notices

We have had a lot of queries recently about password change reminders and whether or not they are a phishing attack.  We have previously published an example password change notice highlighting its characteristics and how it differs from an attack. Some students have been asking why there has been a change in policy.  The policy … Continue reading “Student Password Change Notices”

Published: Posted on

Fake Fax Notifications

There are a number of emails circulating claiming to have fax messages attached.  These contain word attachments which are infected with a macro virus.   The messages are all from genuine senders who have been infected with the virus. If you receive any messages with attachments which are unexpected, please delete them and do not attempt … Continue reading “Fake Fax Notifications”

Published: Posted on