Computer security and 'ransomware'
You may have heard of increasing reports of a new computer crime called 'ransomware'. This is another form of virus that gets installed on a computer and prevents access to information and software until a payment is made to criminals who then will – or won’t – provide you with a software key to unlock your computer and regain access to your data.
Having frequent back-ups and installing good quality firewalls and anti-virus software, such as we use at the university, will significantly decrease the risk but will not remove it entirely. Restoring from a back-up will not always be possible as the back-up could also be affected. Paying the ransom should never be done: not only does it encourage criminals, it may also leave you open to further criminal activity.
So what can you do? The answer is in two parts. The technology outlined above is the first step but the weak link in any computer security chain is always the individual. So, do not open attachments or click on links unless you know who they are from, don’t try and install programs from unofficial sites and never give your password or personal details out to anyone over the phone or via email.
But we also need to get more sophisticated with the above message. We need to get used to identifying plausible but still criminal emails and contacts. This can be clues like your name not being used (so just “Hi,”), to spelling or title errors, graphics not quite right, the sending address just a character wrong (e.g. security@santanber.co.uk) or when you examine the address properties by right-clicking you see the true sender’s address is not what you are seeing, and checking to see if an address starts “https:” (not “http:”) or has a padlock displayed if giving personal details. But even these will not disclose the sophisticated criminal so we all just need to think about every email or phone call: is this appropriate, is this normal, am I the right person to be asked to do this? If in doubt, get out!
If you’re not sure about something, stop what you’re doing and call IT Service Desk for advice or help.
As a manager, you need to discuss these very real threats to university and personal data with your teams and students and ensure that they are aware of the risks and sensible actions. Members of IT Services will gladly attend team meetings to give an overview of some of the risks and things to look out for – just log a call with IT Service Desk. And, as recommended by internal audit, we are also putting the final touches to an online information security training course which will be compulsory for all staff.
Colin Coghill
Director of IT Services
