| Behaviour | Common Threat(s) | Comments |
|---|---|---|
| Unattended unlocked devices |
Device theft Identity theft Malware / extortion Malicious use |
If you walk away from an unlocked laptop, phone or tablet, even for a moment, you risk having your device stolen. It is a lot more attractive to thieves because an unlocked device can be "cleaned" and resold easily. You also risk leaving your identity vulnerable because of auto login to things like your personal and university accounts. It is also really easy for someone to add viruses or other malware to unlocked devices, including keyloggers (that record your usernames and passwords as you type them) and ransomware (which completely locks your device until you pay a ransom). An unlocked desktop pc is less likely to be stolen, but the other risks still apply. |
| Clicking on unknown links or attachments in emails |
Malware / extortion Identity theft |
Clicking on links or attachments in unsolicited emails can download viruses and other malware onto your device, including keyloggers and ransomware. This opens up you to identity theft or extortion and your device, your network and/or the university network to infections which may compromise systems or steal data. See Email Security for more information. This is also a common way for criminals to take ownership of your email account, which they then use to send out more malicious messages to everyone you've ever communicated with. |
| Not password protecting mobile devices |
Device theft Identity theft Malicious use |
This is very similar to leaving devices unlocked and/or unattended. A device that is not password protected can be used by anyone who finds it or steals it from you. Keep all of your devices secure and don't make it easy someone to steal your data or identity. You can use a PIN. Passwords are more secure. Swipe patterns leave a fingerprint pattern on your screen and are not very secure. Biometric data (face, iris and fingerprint) are good and are getting better. |
| Adding personal or financial information to unsecure websites |
Identity theft Financial theft |
Adding your personal information or financial details to an unsecured website often means that you are giving your information to criminals. All genuine payment sites will be secure sites (see the Phishing section of Email Security). Additionally, it is relatively easy for hackers to view everything you enter into unsecured sites. |
| Torrents / P2P downloads |
Malware / extortion Criminal prosecution |
There are genuine uses for Peer2Peer (P2P) sharing of files, but the majority of P2P downloads are for sharing illegal/stolen content such as movies and computer software. If you download illegal files from torrenting sites, then you are not only opening yourself up for a criminal prosecution, but you are also inviting unknown files (from unknown sources) onto you device. There is nothing stopping these files from containing viruses or other malware. |
| Password reuse |
Identity theft Financial theft |
Since the beginning of 2018 the following companies have either been hacked or leaked user data because of weak security: Facebook, Reddit, Quora, British Airways, Under Armor, Wordpress, Marriott Hotels and many, many more. If you reuse passwords on multiple sites, and you were affected by one these hacks, then criminals potentially have access to every site or service where you have used that password. |
| No antivirus software |
Malware / extortion Identity theft |
University computers have antivirus software installed. This protects them from almost all of the latest malware threats that are used by criminals. You should always have antivirus software installed on your own devices to help prevent malware from entering your device. On Windows you can switch on Windows Defender or take a look at this list of Best Free Antivirus Software from PCMagUK. For other devices, check your app store and choose something that has a lot of good reviews. See Mobile Security for more information. |
| Not updating software / OS |
Malware / extortion Identity theft |
The majority of software and operating system updates are to fix bugs or plug security holes. You should always update your devices whenever you are notified to do so. Android and Apple devices will always prompt you to say an update is available. Windows will also do this, but it is possible to turn off Updates - to turn them back on - use the Windows/Cortana search box to find Check for Updates. |
| Not setting social media privacy controls |
Reputational damage Identity theft |
Staying safe online and protecting your identity can be strengthened by setting your social media privacy settings. The less personal information that you share, the more secure your identity becomes. With your full name, home address and date of birth, it is possible for someone to start applying for finance in your name. Also try not to publicly give out your current location, if a criminal knows you are Australia for the next two weeks then they know you are not at home and can use that information to either burgle your property or steal your identity. |
| Using and losing pendrives | Loss of data / documents | When you lose a pendrive, you lose everything that was stored on it. Anyone finding the pendrive, now has access to that data. Leaving a pendrive plugged into a computer, but unattended, leaves it available for someone to steal. Bin your pendrives and use your university OneDrive to store, transport and share files. |
| Using unknown or public wifi |
Malware / extortion Identity theft Financial theft |
Public wifi hotspots are never as secure as using your own wifi, Eduroam or a 4G connection. Hackers using the same public wifi can potentially access everything on your device. Completely avoid unknown wifi networks. They may have been created just to steal your data. |
| Allowing other to watch what you are doing |
Password / login theft |
You wouldn't let a stranger watch you enter your PIN at a cashpoint, so be aware of who is around you or watching when you enter passwords or financial information into a computer, mobile device or website. Don't give away your passwords. |
| Allowing others to access your device |
Malware / extortion Identity theft Financial theft |
Not all cyber crime begins with a cyber entry point. If you answer the phone to someone claiming to be from a tech company that needs to fix your computer or device, then you are about to be scammed. Microsoft, Apple, the police and your internet service provider will NEVER phone you and ask for remote access to your device. IT Services at the University of Cumbria will NEVER ask for remote access to your own device. |
| Meeting online contacts in real life |
Personal safety |
For many of us; a large part of our social lives are conducted online, but what do we do when one of those contacts wants to meet in real life? THINK ABOUT YOUR PERSONAL SAFETY! If you are going to meet up - arrange to meet in a public place, take a friend along if possible, let others know where you are going, arrange for a friend to call you at regular intervals to check you are OK and get help immediately if things become uncomfortable. In bars and restaurants - go to the bar and "Ask for Angela" - the staff will know you need some help. They will discreetly help you out of the property and into a taxi or safe place. |
| Sign-in via Anonymous/Malicious IP Address |
Malicious Use |
Detecting a malicious IP address is a complex business and 100% accuracy cannot be guaranteed. Not all anonymous IP addresses are malicious but all malicious IP addresses are anonymous. Our policy is to be safe rather than sorry. If your sign-in IP address checks against Microsoft’s list of ‘low-trust’ addresses, your account will be disabled. We will contact you via your registered alternative contact details and work with you to resolve the issue. |
Your "Cyber" Behaviour
Almost all successful cyber security attacks are enabled by the actions of the end user. You are the final link in the security chain that prevents an attacker from compromising systems, stealing data, money or your identity. You can let a virus onto your device through not being protected or clicking on an unknown link. You can give away your identity by not being careful with your personal information. You can use and lose pendrives containing important or sensitive information.
To fully understand the risks related to Cyber Security and your behaviour, you should be reading and digesting the information provided in the other sections of this site (e.g. Password Security, Email Security, Staying Safe, Your Identity, etc.). Listed here are some of the more common behaviours that present risks to you, your identity, your computer, your data and university systems.
-
Behaviours and Threats
-
Also see: