The business of the University depends heavily on computerised information systems, in particular:
- Data which is often sensitive and must be protected from loss, corruption and unauthorised access
- Re-entry of lost data can be painstaking and very time consuming
- Loss of data can impact upon deadlines and can have wide ranging implications - including breach of legal requirements
- Electronic records are increasingly becoming the only source of original data
For latest information on internet security Get Safe Online [External Website]
It is important that you read Data and Information Security Policies and Acceptable Use Guidance
For information on Ransomware please see Protecting Against Ransomware Attacks
Protecting Your PC at Work
Key steps in protecting your PC
- Apply new Windows Updates as released by Microsoft
- Install and maintain an up-to-date version of Symantec Anti-Virus (SAV) software on your PC
- Save your work to the network Q: drive
- Lock your computer when you leave your desk
The above steps should be automated and once set up correctly your PC should not represent a threat to others. If you have problems updating Windows or Symantec AntiVirus (SAV) then please contact the IT Service Desk for further advice.
Viruses may be spread by email attachments or by files introduced into the campus. In particular files held on removable media (e.g. USB ) or files downloaded from the internet. As well as protecting your PCs (at work and at home) from viruses you should exercise caution when opening email attachments. For more on emails refer to the Phishing section
Note: You should only ever load files onto your PC if you have a properly configured and up-to-date version of SAV running.
Protecting Work PCs With Anti-Virus Software: The University provides a copy of Symantec Anti-Virus for every PC and Apple Mackintosh Desktop. See Installing and Configuring Symantec Anti-Virus (pdf file - 3 pages).
Lock your computer: For Windows devices use Ctrl + Alt + Del and select lock this computer. For Apple Mackintosh desktops use Ctrl + Shift + Eject.
Note: You will require Adobe Acrobat Reader on your computer to download pdf files. This software can be downloaded from the Adobe website
Protecting Your PC at Home
The three key steps in protecting your PC at home are:
- Applying new Windows Updates released by Microsoft
- Keeping up-to-date Anti-Virus Software on your PC
- Using an appropriate Home Firewall Product
If you do not take these measures then your home PC is potentially a serious risk to others.
GetSafe Online is a government initiative intended to provide home users with easy-to-understand advice on protecting home computers and phones from malicious attack. For more information visit the GetSafe Online website.
Windows Update: Windows Update is a facility to keep your Windows operating system up to date and help to protect your PC from viruses. If you have Windows use Automatic Updates to obtain the latest updates as they are released by Microsoft and have them installed at a pre-set time.
Protecting Home PCs with Anti-Virus Software: Staff at Queen’s University are entitled to a copy of Symantec Anti-Virus (SAV) for home use. SAV CDs are available from the IT Service Desk in the McClay Library. Installation is a simple process and full instructions are contained on the CD. (Please note that different versions of the SAV CD are available for home and office use – please ensure that you have the correct version).
If you are not entitled to a home copy of SAV then there are a number of free software packages available. Information Services has evaluated a number of free of charge software packages and recommend Microsoft Security Essentials. Students working on home PCs are advised to install one of these products.
Important Note: If you use a PC off campus and suspect that the PC has become infected then you should not under any circumstances transfer files between that PC and any University PCs until the virus has been removed.
Firewall for Home Use: Staff and students working from home are advised to protect their PCs using an appropriate home firewall product. These products allow users to determine which traffic to allow to reach their PCs and are usually quite easy to install and configure. Information Services recommend Microsoft Security Essentials.
Note: You will require Adobe Acrobat Reader on your computer to download pdf files. This software can be downloaded from the Adobe website
Protecting Your Mobile Device
If you use your own device, such as a smartphone or tablet computer to connect to the University network or to access University systems such as email you must adhere to the Computer Resources – Acceptable Use Policy. You should also follow the 4 steps below to protect both University Data and your own Personal Data.
- PROTECT your device with a password or pin number of at least 4 characters
- CHECK – before you download an app, is it from a reliable source e.g. iStore, Google Play, Amazon App Store. With Android devices ensure the Verify Apps security feature is running
- INSTALL - an anti-virus application on your device
- REPORT – if your personal device holds University data such as email, and is lost or stolen, you must report the loss to your manager and follow the advice below to wipe the device
If you have lost you mobile device (personal or University owned) or it has been stolen, you can wipe the device by following the instructions below:
- Log into Webmail
- Click on Options > See All Options... in the banner at the top right of the page.
- Choose Phone from the menu on the left of the page.
- You should see a list of any mobile devices you have recently synchronised with your account.
- Click on the device in the list to select it then click Wipe Device
6. The next time the device tries to synchronise with the University Mail Server it will be wiped. You will receive an email with confirmation that the wipe has taken place.
Junk Mail/Spam - Phishing
Please Note: If you get an email request for your account details, please forward to firstname.lastname@example.org - DO NOT RESPOND TO ANY EMAIL ASKING FOR ONLINE ACCOUNT DETAILS
How Phishing Works
“Phishing” is an attempt to steal your information. Criminals pretend to be a legitimate business to get you to disclose sensitive information, such as email account passwords, credit and debit card numbers, banking information, and commercial information about the company you work for. Please read this advice as it could help prevent you becoming a victim of a phishing attack.
- A criminal sends a large number of emails to people using lists of email address identified as active. These emails appear to be messages from a company or organisation known to you or even from an internal source such as the IT Helpdesk. A common example contains a fictitious story designed to lure you into clicking on a link – Here is a real life example of such an email:
2. The phishing email will ask you to fill out a form or click on a link or button that takes you to a fraudulent website.
3. The fraudulent website mimics the company referenced in the email, and aims to extract your sensitive personal data.
In essence, you think you're giving your information to a trusted organisation when, in fact, you're giving it to a criminal.
Note that phishing emails can also lure you to open suspicious attachments or visit websites that can infect your computer with malware.
How to Spot a Fake Email
There are many telltale signs of a fraudulent email:
- False Sense of Urgency – Many scam emails tell you that your account will be in jeopardy if something critical is not updated right away.
- Spelling and grammar mistakes – often these emails contain multiple spelling mistakes which is a good indicator of suspicion.
- Fake Links – These may look real, but they can lead you astray. Check where a link is going before you click by hovering over the link in an email, and comparing it to the link in the browser. If it looks suspicious, don't click.
- Attachments – The vast majority of organizations will never send you unsolicited attachments or software. Attachments can contain malware, so you should never open an attachment unless you are 100% sure it comes from a legitimate source.
Here are some more examples:
Will Queen's ask you for account details in an email communication?
NO – Queen’s University Belfast will never ask you to submit your account details to a link or form in an email communication and indeed no reputable company will ask for such details in an email communication – if you get any such email requests for your Queen’s account details even if they look like they came from Queen’s, please forward to email@example.com for advice – DO NOT RESPOND TO ANY EMAIL ASKING FOR ONLINE ACCOUNT DETAILS.
What should I do if I think if I have replied to a phishing email?
Change your password immediately and report to the organisation who maintain your account - for Queen’s this is firstname.lastname@example.org. Remember to change that same password if you use it for other online accounts and never use that password ever again for any online account.
What are the consequences if I have replied to a phishing email?
You should be aware that the confidentiality of any information protected by an account password is gone once you respond to a phishing email. This could have serious business consequences both for you personally and Queen’s University Belfast, especially if you have Queen’s Corporate Information1 or Personal Data2 about citizens in the potentially compromised account. If you have any concerns about the compromise of such information you must report this to your Line Manager or Head of School and email@example.com, to help limit any potential damage to the University’s business processes.
Report suspected phishing
If you receive an email which you are unsure about, FORWARD it as an attachment (see below) to firstname.lastname@example.org where it will be evaluated to determine if it is a fake. If it is a fake, then we will get the source of the email shutdown as quickly as possible. By reporting these emails you will help to protect yourself and everyone else too.
Note: Please FORWARD the suspect email as an attachment don’t cut and paste the contents because valuable tracking information about the source will be lost.
How to forward as an attachment in Outlook
1 For example Financial Data, Intellectual Property, Research Data etc.
2 Personal Data as defined by The Data Protection Act 1998
Here are some useful links to more on phishing:
Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/. This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it. If you have already set up your security questions and answers, please select 'Forgotten Password' at https://pss.qub.ac.uk/ and you will be prompted for the answers to allow you to reset your password. If you have not already done so, we recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers.
If you have forgotten your password and have not yet set up your security questions and answers, then:
- Staff - please contact the IT Service Desk
- Students - please contact the Student Guidance Centre on tel: 028 9097 2727 or email@example.com
Passwords are the simplest form of security, but they are also the most overlooked by users. A strong password is also essential.
Minimum Standards for all Queens University Belfast Computer Accounts:
The following requirements are mandatory for creating a strong password. These are the minimum requirements - users are encouraged to create longer and more complex passwords where possible:
- It must be at least eight characters in length.
- It must contain at least one lowercase alphabetic, one uppercase alphabetic and one numeric character.
- It must be different from previous twenty four passwords used.
- If written down as an aide memoire it must be held in a locked drawer or cupboard.
Password Best Practices:
Tips for securely managing your QUB password:
- Don't use a common dictionary word, a name, a string of numbers.
- Try using a passphrase - The actual password is generated from an easy to remember phrase that is important to the user. This phrase can be for example the words from a book that you particularly like or the words from a song that you will remember with ease: e.g. "Oh I do like to be beside the seaside” - password: 0iDL2BbtSS (this is an example and must not be used as a password for a QUB account)
- Use symbol characters. However, note that some applications may not accept all symbol characters. If this problem is encountered, changing your password to a combination of letters and numbers should solve the problem. Examples of symbols which do not normally cause problems are: - . , ! % *
Avoid a weak password:
When creating passwords, avoid the following:
- Easy to guess passwords such as a blank or "password"
- Your name, spouse’s name, or partner’s name
- Your pet’s name or your child’s name
- Names of close friends or co-workers
- Names of your favourite fantasy characters
- Your boss’s name
- Anybody’s name
- The name of the operating system you’re using
- String of numbers or letters, like 1234 or abcd
- The hostname of your computer
- Your phone number or your license plate number
- Any part of your QUB ID or other ID number
- Anybody’s birth date
- Other information easily obtained about you (e.g., address, town)
- A username in any form (as is, capitalized, doubled, etc.)
- A word in the English dictionary or in a foreign dictionary
- Place names or any proper nouns
- Passwords of all the same letter
- Simple patterns of letters on the keyboard, like qwerty
- Any of the above spelled backwards
- Any of the above followed or preceded by a single digit
Password Security Questions:
Security questions allow users to regain access to their account if the password has expired or been forgotten. Users that have set security questions can re-establish the most recent password for their account, without the assistance of the IT Service Desk.
The answer creation process to security questions should follow similar procedures to that of generating a password:
- Information not easily obtainable
- Notable answer, yet hard for others to guess
- Do not print answers to the questions
- Store answers in a secure location if necessary to have printed copy
- Change questions periodically to ensure protection
A password must be changed immediately if an account owner believes that it has been compromised (for example, if there is a possibility that another person may have viewed or acquired the password).
Account owners who forget their password should access the password self-service facility at https://pss.qub.ac.uk/ or contact the IT Service Desk on (028) 9097 3760 from 9:00 am to 5:00 pm Monday to Friday. All other times email firstname.lastname@example.org .
What to do if you've forgotten your password
Information Services has created an online Password Self-Service facility at https://pss.qub.ac.uk/. This allows you to set up answers to a number of security questions which you can then use to reset your own password should you forget it.
If you have already set up your security questions and answers, please select 'Forgotten Password' at https://pss.qub.ac.uk/ and you will be prompted for the answers to allow you to reset your password.
If you have not already done so, we recommend that you visit https://pss.qub.ac.uk/ to set up your security questions and answers.
If you have forgotten your password and have not yet set up your security questions and answers, then you can get help from Information Services:
- Staff - please contact the IT Service Desk.
- Students - please visit the Student Guidance Centre or tel: 028 9097 2727 or email@example.com
Data encryption software is used to protect sensitive or confidential data where data will be used in a mobile environment. For details see Guide to Encrypting Data
These apply to all members of staff, visitors, contractors and students of the University and must be read before computer resources are used.
Security Top Tip!
- Roll the mouse over a link to see its destination, in a browser this will be displayed in the bottom left corner and in Outlook it is displayed above the link.
- Be suspicious of unknown sources or even links from trusted sources - if in doubt, seek advice or delete it.
- Always think twice before clicking a link.
- Report security incidents or scam emails asking for your credentials to IT immediately.
- Never leave your phone, tablet, or laptop unattended.