Online safety and security

Keeping users safe online

Our policies for colleagues, students and apprentices include specific conditions for the use of corporate and personal websites, social media and any other personal web presence. These policies include the IT security policy, rules for the use of IT facilities and disciplinary procedures.

The rules for the use of IT facilities clearly set out what is permitted and prohibited by authorised users, whether staff, students, apprentices or researchers. This covers the creation, display, storage or transmission of materials, and includes an exception process for appropriately supervised and lawful research purposes.

The strategic communication policy ensures that administrative control over the University’s corporate websites and social media presence is limited to specific, named individuals within both External Relations and Learning & Information Services. A policy is in place to govern the setting up of new channels and these are then included in central oversight through Hootsuite. Channels which do not follow this process are shut down. In addition, collaborative work takes place with Students’ Union colleagues to provide advice and guidance on how best to manage their online presence and digital media.

The IT environment at UCLan is protected through a layered approach to security, which includes:

Management of illegal websites and IP addresses on University networks;
Checking of websites for malicious content and removal before displaying the “safe” web page content;
Removal of malware, viruses, bots and other malicious content from internal and external network traffic.

All University-managed network devices – computers, laptops, tablets and so on – are also configured with extra protection. This analyses web pages and file downloads and checks against a continuously updated list of known phishing and malicious software sites. If it finds a match it displays a warning page, giving users an opportunity to provide feedback and advising to continue with caution. The University’s 24/7/365 Security Operations Centre is managed and provided by an external security partner. It continues to provide advanced monitoring, detection and response capability to a wide range of cyber security threats to our institution and its community.

Identification of any breach of the IT policy can be reported on in many ways. In each case these are investigated by the IT Security Team, reporting back to the relevant parties. During the investigation, user accounts may be locked depending on the severity or type of breach. After investigating any breach, the IT Security Team, work with the relevant Schools/Services to identify how and why the breach occurred. This might be a misunderstanding or misinterpretation of the IT policy, in which case clarification would be made and where necessary extra training given. If the breach is a blatant disregard of the IT policy, then appropriate disciplinary action would be taken.

The status and development of University IT Security is managed by the IT Security Management Group, which reports to the University’s Information & Data Governance Group (IDGG). The IDGG is chaired by a member of the Vice Chancellor’s Group and includes representatives across the University.

If you are a student, apprentice or colleague and have any questions or concerns, please contact LIS Customer Support. There are many ways you can do this:

Use our online portal: the portal contains hundreds of Guides and FAQs that may help resolve issues or answer your questions immediately or you can use it to log issues and ask questions, and track the progress of any issues you currently have logged with LIS.
By telephone: +44 (0) 1772 895355 (8.00am - 6.00pm Monday to Thursday, 8.00am - 5.00pm on Friday). If teaching in a classroom and you need urgent tech support, please call IT from the room and press option (1).
In person: on the ground floor of the Preston Campus library (8.00am - 6.00pm Monday to Thursday, 8.00am - 5.00pm on Friday).
By emailing the LIS Customer Services Team.

Top 10 online safety tips

Below, you'll find 10 top tips for online safety. Some of these you may already be doing, and some you may not have considered before. By implementing these simple steps, you really will help make a difference to your online security.

While it may be easier for you to remember, having the same password across many accounts poses a huge online security risk. There are often stories about cyber-criminals stealing passwords from hacked websites. If you are reusing the same password across many sites you’re making it much easier for hackers to access your other accounts. And, your personal data is at risk.

There are often so many usernames and passwords to remember. Using a password vault is a great way to keep your passwords safe and secure.
There are millions of phishing emails sent every day. Some phishing emails may have attachments that look like harmless files. But, they actually contain a virus or malware that activates when you open them. Some of these scams can be convincing, and even the most careful users can be tricked. If you are a student, find out more about what to do if you receive a suspicious email in this Student Hub article.
It can be easy to accidentally send an email to the wrong person, so you need to be careful. Especially with confidential emails. It’s important to double-check who is in the email before sending, to avoid any embarrassment. And, more seriously, any GDPR breaches.
Its particularly important to make sure any software you use is up to date and can receive important security updates. This will keep the devices you use secure.
Backing up your data means you will be able to restore your device quickly and easily in the event of data loss. For example if your system crashes or your hard drive fails. UCLan’s OneDrive and SharePoint are where you should store your University information. There are similar services available for your personal files, photos and the other data you keep on your phone or laptop. This includes Apple iCloud, Google Drive, or OneDrive Personal.
It’s worth considering that the more personal information you post online, the easier it is for a hacker to steal your identity and data. If you haven’t already, it’s worth checking the privacy settings on your social media pages. Ensure that you’re only sharing with the people you want – making sure your profile is set to private is a good start.
Using family names, dates of birth or the generic ‘password’ or ‘123456’ passwords makes it easy for hackers to access your data. Use a combination of upper and lowercase letters with numbers and symbols, as this makes your password much harder to guess.
At UCLan we use multi-factor authentication (MFA). This provides a second layer of security to any type of login. You need extra information or a physical device to log in, as well as your password. This significantly minimises what hackers can do with stolen credentials.

With MFA, even if a criminal manages to get your password, it is useless unless they also have access to your mobile phone or security token.  If you haven’t already, you can also set up multi-factor authentication for most of your personal accounts and devices. There’s loads of advice online about how to do this.
Some public Wi-Fi networks will have minimal security. People connected to the same Wi-Fi network as you may use simple hacking tools to view unencrypted network activity. Many systems will encrypt information you use when online. But, you should still avoid connecting to open guest or public Wi-Fi hotspots where possible.

You could also consider connecting via your mobile hotspot, rather than through the public Wi-Fi. Or using a private VPN service.
Always make sure your laptop or computer has anti-virus software installed from a known and trusted source. It should also include anti-malware protection. Most modern anti-virus programs will automatically update. It’s essential you allow this to happen so that both you and your device stay protected from new threats and software nasties. There are free and paid-for options for home users, including Windows Defender, Sophos, AVG and Intego.

Social media

Social networking is becoming more and more popular. It allows us all to stay in touch with friends, share experiences and photographs and exchange personal contact. Social networking sites can use valuable tools used by many companies and individuals. They extend their contacts and deliver marketing messages by collecting data from users.

Social networking has become a way of life to many users, but it carries a degree of risk. This includes becoming a target for cyber-criminals. The risks can include:

Bullying
Cyber-stalking
Access to inappropriate content
Child abuse
Revenge porn
Encountering content that is violent, sexual, extremist, or racist in nature of offensive
Phishing emails allegedly from social networking sites
People trying to persuade or harass you into changing your basic beliefs or ideologies or adopt an extremist stance.
Friends/friends of friends/companies encouraging you to link to fraudulent or inappropriate websites
People hacking into your account
Viruses or spyware being contained within attachments or photographs
Posting pictures or videos of a holiday, therefore advertising that your house is empty

Safe social networking

It is very important to stay safe and protect yourself when using social media. Some tips include:

Being wary of publishing any identifiable information about yourself, such as phone numbers, pictures of your home, your birthday, your address, or your workplace
Pick a username that does not include personal information, such as your date of birth or place of birth
Use strong passwords that contains a mix of letters, numbers, and symbols, avoid using the same password for various sites
Ensure you check your privacy settings so only friends can view your profile and restrict strangers viewing your information and posts
Remember that what goes online stays online. Do not publish something that later may cause you or someone else embarrassment
Do not post offensive content
Be aware of phishing scams. Including fake friend requests, attachments or links from companies inviting you to other pages
Be aware of any comments/posts from friends or other individuals which could share your information
Don’t post your holiday dates – or family photos while you are away – as social networking sites are a favourite research tool for the modern burglar.
Remember that many companies routinely view current or prospective employees’ social networking pages, so be careful about what you say, what pictures you post and your profile.

Money muling

We are aware of students across the country getting asked to be ‘money mules’. This means transferring money that someone puts into your bank account to another unknown third party. For this you will get to keep some of the money or get an extra payment, so it seems like you’re getting money for nothing. But if something appears too good to be true, it often is.

This practice is a way for criminal gangs to transfer the proceeds of their crimes into the banking system which hides the origin and makes it appear legitimate. This is money laundering and is a serious criminal offence.

As well as putting yourself at risk of getting prosecuted, getting mixed up with criminal gangs puts your life at risk. If you do one small task that is illegal, you could be blackmailed and coerced into doing more serious things.How to avoid being a victim of money muling:

Never allow anyone else to have control of your bank account, either whilst in the UK or after you have left.
Never let anyone else transfer money through your bank account
Never open a bank account in your name on behalf of someone else
Never use your bank account to help strangers transfer money from China to the UK

If you think that someone is trying to recruit you as a money mule, please report it to the charity Crimestoppers anonymously. Call 0800 555111 (translation service available upon request).

If you are a current student or apprentice and need financial support, visit the money advice and support section of the Student Hub. Or speak to the Careers Team who can help you find genuine part-time work.

If you have been approached and would like further advice and support, please email our Wellbeing Team. Or you can telephone us on +44 (0) 1772 893020.

Both our email and voicemail are monitored Monday to Thursday, 9.00am to 9.00pm, Friday 9.00am to 7.00pm and from 10.00am to 6.00pm Saturday, Sunday and bank holidays.

Digital footprint

By using the internet, you leave behind a trail of information, known as your digital footprint. Your digital footprint can grow by posting on social media, leaving a review online, subscribing to a mailing list or shopping online. Sometimes it's not always obvious that you are contributing to your digital footprint. For example, allowing cookies on a website allows that website to track your activity. Once you allow an organisation to access your information, they are able to share your data with third parties. This also increases the risk of your information being compromised as part of a date breach.

There are two terms, ‘active’ and ‘passive’ in relation to digital footprints. Active digital footprints are where the user knows they are sharing information. For example posting on social media. By signing up to social media and registering with a username and email address, the user is contributing to their digital footprint. Passive digital footprints is when information is collected about a user without them being aware. For example websites tracking your likes and shares on social media. They can then target you with specific content and advertisements.

Digital footprints matter because:

They are permanent. Once the data is public (or even semi-public, as may be the case with Facebook posts) you have little control over how others will use it.
A digital footprint can determine your digital reputation. This is now considered as important as your offline reputation.
Employers can check their potential employees’ digital footprints before making hiring decisions. In particular social media. Colleges and universities can check prospective students’ digital footprints before accepting them too.
Words and photos which you post online can be misinterpreted or altered. This could cause unintentional offense.
Content intended for a private group can spread to a broader circle. This could damage relationships and friendships.
Cybercriminals can exploit your digital footprint. They could use it for purposes such as phishing for account access or creating false identities based on your data.

For these reasons, it is worth considering what your digital footprint says about you.

How to protect your digital footprint

Use search engines to check your digital footprint
Reduce the number of information sources that mention you
Limit the amount of data/information you share
Double-check your privacy settings
Avoid oversharing on social media
Avoid unsafe websites, ensure the URL is secure and starts with https://
Avoid disclosing private data on public Wi-Fi
Delete old accounts to avoid data breaches
Create strong passwords on all your accounts
Don’t log into external websites with Facebook, Instagram or Twitter accounts
Keep software up to date
Review your mobile use, set a passcode and read user agreements when installing apps
Think before you post
Act fast after a breach

Phishing

Phishing is when attackers attempt to trick users into doing the wrong thing. For example clicking a bad link that will download malware or send them to a non-legitimate website.

Phishing can be via a text message, social media, or by phone, but the term 'phishing' is mainly used to describe attacks that arrive by email.

There are millions of phishing emails sent every day. At UCLan we receive over 5,000 per day on average, most of which filter out automatically, but some will get through. Some phishing emails may have attachments that look like harmless files. They actually contain a virus or malware that activates when you open them. Other phishing emails may ask you to sign into a fake website which then steals your password.

Some of these scams can be really convincing, and even the most careful users can get caught out. There are also some tell-tale signs of a phishing email, that we should all be mindful of:

The sender’s name and email address don’t match – expand or hover over the address with your cursor to make sure it matches the name of the alleged sender.
Poor grammar and spelling, or an unfamiliar tone used by the sender. Ask yourself, would that person, that business, or your employer usually word things like that?
Email greetings like ‘Valued colleague’ or ‘Dear friend’ rather than your name may be a sign the sender doesn’t actually know you.
Urgent demands – be wary of terms like ‘click here immediately’, or ‘action within 24 hours’.
Emails unrelated to your usual job role, course or from a ‘company’ you don’t deal with through your work or university email address.

If you receive anything suspicious, the safest thing to do is delete it. If you need to check if a sender is genuine, contact that person or organisation by other means. For example by telephone, or directly via their website.

If you do accidentally click on a link, or think that someone else may have access to your login details, please take the following steps:

Change your password. If it’s your University account, visit our website. If it’s your personal account, follow the instructions on your provider’s website.
Check your recent sign in activity and settings to make sure you have the correct device listed for 2-factor authentication. If it’s your personal account, make sure you’ve enabled multi-factor authentication if possible. Multi-factor authentication is still the single most effective protection against cyber-attacks.
Check your email account for any unfamiliar rules that may have been set up by a malicious actor. You can check your university email rules on Outlook.

Sharing inappropriate images

Sexting is a term used to describe the sharing intimate images or videos with another person. The sharing of these images is not illegal as an adult but does come with risks. On most occasions sharing intimate images takes place within a healthy relationship and is consensual.

There are times images can get shared beyond the trusting relationship. If you have shared your image with one person and they share it with other people, you did not consent for them to do so. This means they have broken the law. An image or video shared with a third party without the sender’s consent is revenge porn. Revenge porn can be devastating to a person’s reputation and can be extremely difficult and time consuming to remove. Since 2015 in England and Wales, it has been an offence for someone to share a private sexual image or video (online or offline) of someone without their consent and with the intention of causing them distress. Under Section 33 of the Criminal Justice and Court Act 2015, this offence is punishable by up to two years in prison.

It is also important to be mindful that just because someone has shared an intimate image, that doesn’t mean they wanted to. People are sometimes controlled or coerced into sharing intimate images. This may begin by an individual sending flirty texts or selfies to someone they like. Then the person could threaten that if they do not send more that person will stop talking to them, or they may start being mean to that person. Even if an individual sends one image, it does not give anyone else the right to expect more from you, consent to sharing images can change at any time.

Sharing intimate images as part of a relationship is not a new thing. But with social media evolving, the speed of which images are shared and how many people that you can share that image with has changed. An example of this is live streaming. Seeing your followers and viewers number can be exciting. But validation from likes and followers can be fleeting. It is possible to end up sharing way more than you wanted to in that short moment of feeling good about yourself. The internet has the potential of a huge audience and of course, if a photo is shared and uploaded, it could be there forever.

The risks of sharing intimate images are:

Revenge porn
Harassment and bullying
Reputational damage
Spreading of images to pornography sites
Loss of career opportunities
Sexual harassment
Criminal action

Some ways of reducing the risks when sending intimate images:

Understand and acknowledge the risk of sending these images. Do not ignore the risks and think this cannot happen to you.
Understand that sharing another person’s images without their consent is revenge porn. You can be subject to criminal prosecution.
Do not store private, intimate images on a cloud-based storage system or an app like Snapchat. These websites are at risk of hacking.
Do not put your face in intimate images. If this image gets shared without your consent, you are less likely to be identifiable.
Understand that sending unsolicited intimate images is sexual harassment. You must have the consent of the recipient to send these images.
Ensure you have security features such as a password on your phone, laptop or computer where your images are likely to be stored.

For more information on your rights and support available, you can visit the Revenge Porn Helpline.

If you believe your intimate images have been shared or would like further advice and support, please email our Wellbeing Team. Or you can telephone us on +44 (0) 1772 893020.

Both our email and voicemail are monitored Monday to Thursday, 9.00am to 9.00pm, Friday 9.00am to 7.00pm and from 10.00am to 6.00pm Saturday, Sunday and bank holidays.

You can also report this using Report + Support. Our Report + Support system ensures that students, apprentices, staff and even visitors can report any concerns. You'll have the choice to access support from a wellbeing advisor or to report anonymously.

If you believe another student or apprentice has shared your intimate images, the Report + Support system will allow you to access personalised support from a Wellbeing Advisor. You can also begin an official complaints process if you wish to do this.