Toggle navigation

Cyber security is everyone's responsibility. We want you to be safe when using computers or accessing the internet for both your studies and for leisure, without being bullied, scammed or losing either your ideas or identity.

Cyber security is about being smart about how you access and use technology.

  • Choosing the right password

    Passwords should be hard for somebody else to guess but easy to remember.  A good rule is 'make sure that somebody who knows you well, couldn't guess your password in 20 attempts'. As such, a useful and effective method is to use three random words.

    Three well-chosen random words can be quite memorable but not easy to guess providing a good compromise between protection and usability. Why not add in a non-alphanumeric character (!#$@?~) as well to further strengthen the password though these should be used randomly and not for simple letter/number substitution.

    Good example: ForestCheeseShell@

    Poor example: Liv3rpoolFoot8allC1ub

    Please note: DO NOT use the following characters “ £ & and + in your university password as this will affect your ability to sign into the online print payment system.

    1. Choosing a secure and memorable password

    When generating such a password avoid using personal information, a single dictionary word and predictable keyboard sequences such as 'Qwerty123' or 'Zxcvbnm123'.  In addition, Ensure the password is unique. Do not use the same password with multiple accounts. This way, if one of your personal accounts are compromised, the attacker will not be able to breach any other of your accounts. including your university network account.

    The UK National Cyber Security Centre (NCSC) has some useful advice on how to choose a non-predictable password.

    2. Personal as well as University

    This advice should be applied to any of your personal online services as well as your University network user account. For student network user accounts there are some fundamental policies that are enforced which must be adhered to when selecting a password. Failure to do so will result in your new password not being accepted. These are as follows:

    • Minimum of 8 characters in length
    • No requirement to change passwords
    • Combination of uppercase, lowercase (and non-alphanumeric characters if desired though these should be used randomly and not for simple letter/number substitution)
  • Email and Password Re-use

    There are an increasing number of websites and services being compromised by hackers and because people use their University email address and password, for external sites, University passwords are being captured and could be used to access your account and University systems.

    This puts the security of University services and data at risk, therefore it is vitally important that you use a different email address and a different secure password for external IT services; such as social media and online shopping accounts.

    Advice on choosing a secure password can be found in the section above.

  • Password sharing

    Disclosing your University password(s) directly contravenes the University’s Computer Acceptable Use Policy and presents a real risk of malicious use, service disruption, data loss or damage to the university’s reputation – as well as disciplinary action against you.Section 4 of the aforementioned policy provides more information and advice regarding the disclosure of passwords as well as usernames.

    Put simply:

    Never share your university (or personal) IT password(s)

    No member of University staff will ever ask you for your password(s)

    No staff member from an external service provider will ever ask you for your password(s)

    Never let anyone else login to any of your accounts using your password (not even family and friends)

    If you believe someone knows your password, you must change it immediately; the IT Service Desk can assist you in doing this.

  • Working Area Security

    It is very easy to create security issues when working at a desk at University, in Halls, in a shared house or elsewhere. Here are some top tips for staying secure:

    • Do not leave mobile devices including phones and laptops (if not secured to desk) unattended on your desk or learning areas. They are small, portable and easy to steal.
    • Use a secure pin, password or biometric data (fingerprint, iris, facescan, etc.) to securely lock your mobile devices. If they are stolen or lost, your data remains protected.
    • Do not leave your workstation (personal or university) unlocked and unattended for any period of time. Not even to nip to the printer or the loo - it only takes a moment for someone to access your unattended computer and any accounts that are logged in.
    • Do not leave paper containing restricted or confidential information unattended. This could include client, student or patient information (depending on your course) and can cause a security or safeguarding issue.
    • Do not leave USB sticks unattended. If you must use them (don't forget that you have a University OneDrive to store, share and transport files), retain them on your person and keep them out of sight.
  • Portable Devices

    "All users of portable computer equipment take responsibility for the security of hardware and data. Users must take care with laptops and other portable equipment when they remove them from the university premises. Never leave this equipment unattended in vehicles, or any other place."

    Information Security Policy

    Who's watching you?

    Screens on tablets and / other devices can be observed by those around you. You should take care to avoid being overlooked when working in public areas and, if necessary, wait until you are in a more private location before undertaking sensitive or confidential work.

    Remember the potential for passwords to be observed when you are entering them.

    Public Wifi

    When using a portable device, never use public WiFi for banking, shopping or entering personal information online, even if the website you are visiting is secure. Public Wi-Fi hot spots are not secure and other users on that network might be able to read any encrypted data that you send or receive.

    When in doubt, using your own 3/4 G connection (via a phone or dongle) is always safer than using public Wi-Fi.

    University Wifi

    Personal devices for students are supported by the university "Guest" and "Eduroam" Wi-Fi networks.

    The Guest Wi-Fi network is an open network but requires registration, is limited to web access only (http/https) and has access to university web resources.

    Eduroam (available at most HE Institutions) requires a staff/student user account, but unlike guest and other open public Wi-Fi, the connection is secure as long as the certificate is installed on the device (see the  webpage for more information). Eduroam allows more services to run in comparison to it's Guest counter-part.

    The university attempts to make these systems as open as possible; assistance can be provided for gaining access to Eduroam, but personal devices are not specifically supported.

    USB Drives

    Where your mobile device has external ports (e.g. USB), only ever connect a known external storage device (USB stick or portable hard drive). If you find a pendrive on campus, do not plug it into your computer - hand it into your library enquiry desk or to reception on your campus. If you find a pendrive in the street - hand it into the police.

    Never plug anything unknown into your device: this is a common path for malicious software.

  • Phishing

    "Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. The information is then used to access important accounts and can result in identity theft and financial loss." (http://www.phishing.org/what-is-phishing | 2018)

    Be suspicious of any email or communication (including text messages, social media post, ads) with urgent requests for personal financial information.

    Phishers typically include upsetting or exciting (but false) statements to get people to hand over their usernames, passwords, credit card numbers, date of birth and other personal information.

    Avoid clicking on links. Instead, go to the website by typing the Web address directly into your browser or by searching for it in a search engine. Calling the company to verify its legitimacy is also an option, too.

    Pay attention to the website you are being directed to and hover over URLS. An email that appears to be from PayPal could direct you to a website that is instead "http://wwwpaypal.com" or "hxxp://www.gotyouscammed.com/paypal/login.htm".

    Don’t send personal financial information via email, and avoid filling out forms in email that ask for your information.

    You should only communicate information such as credit card numbers or account information via a secure website or telephone.

    Only use a secure website (https:// and a security “lock” icon) when submitting credit card or other sensitive information online.

    If it is too good to be true - then it usually is!

  • E-Safety

    Our E-Safety Policy

    The university is committed to the wellbeing and safety of students, staff and partners when using IT resources.  We have mechanisms in place to keep our information safe, including software for web filtering, spam filtering and virus checking.

    As a user, you need safe and secure access to all the IT services; as a university, we must make sure that everyone’s data and files are safe.

    Read the E-Safety Policy and the Microsoft ATP SafeLinks.

    What’s on the university computers

    All the university’s PCs have software to prevent spyware and unauthorised or illegal programmes.

    You cannot disable your anti-virus software. If you believe you have a legitimate reason to need to do this, contact the IT Service Desk.

    Information Services track web usage

    If you are using a university PC or Mac or are using your own device on the university network, the web pages you access will be tracked and some may be restricted.

    If a website or web page is blocked

    You may need access to a website or just one web page, as part of your course, and find that our systems are blocking it. Your course tutors can request access to blocked web pages for a specific group or for all students over 18 years. To do so they should contact the IT Service Desk.

    Reporting a website or web page

    Websites or specific web pages of concern should be reported to the IT Service Desk.

  • Seven steps to staying safe online

    The following quick tips were written by Nelson Ody (Security Services Manager at Jisc).

    • Suss out suspicious apps: Why, for example, would a calculator app be asking to access your phone’s camera? It doesn’t need to, so it probably has an ulterior spying motive. Apply common sense.
    • Avoid the phisherman’s hook: One of the recent scams that first-year students are subjected to is an email telling them they’ve won a bursary and all they need to do to get it is to hand over their bank account details. The rule is, if it seems too good to be true then it probably is.
    • Take care what you click: If you receive an unsolicited email from someone you don’t know, or a strange email from someone you do know that contains a puzzling attachment or a link, it’s best avoided – it could be a virus, or a spoof website.
    • Resist temptation: Students are often targeted to use as mules to launder money. It sounds great – hand over your bank details and you get £50 a week, no questions asked – but you’d be breaking the law by allowing someone to use your account for illicit purposes.
    • Beef-up passwords: Use a separate password for your email account, which if breached, can often provide access to many of your other online accounts. A solid password is one that comprises a short phrase of at least three words, plus numbers and/or other characters. Avoid using obvious passwords such as children’s or pets’ names, which criminals may be able to guess after looking at your social media accounts – so be careful what you post. It’s best never to repeat password and, so you don’t have to remember them all, use an online password safe, which will store them all securely. The government's Cyber Aware campaign has further advice.
    • Keep computers healthy: Install anti-virus software (a free package is better than nothing), back-up regularly, and update software when prompted to do as they often contain security patches.
    • Preserve privacy: be very careful of communicating personal or sensitive information when using public computers, or a pubic wi-fi network, which are vulnerable to hackers. Your name and address maybe all that’s required to steal your identity, for example. Be similarly warey what you post on social media and check your accounts’ privacysettings to limit who can see what. Ideally, use a VPN (virtual private network) which uses data encryption to hide internet activity.

    Think you’re playing safe online? Take the Jisc short quiz to find out.