Secure IT

Spyware programs try to record and report your Internet search habits, or flash advertisements every time you go online. On its own spyware tends to be more of an annoyance. However, if there are enough spyware programs on your computer they could affect its performance or Internet connection. 

Spyware is getting more dangerous as it can be used to inform hackers of your online habits, making you an easier target. Once hackers have this information about you they can block your computer's access to the original sites you visit and redirect it to their own replicated versions. This means that when you sign in or try to purchase something from the replicated site your passwords or banking details can be captured.

Other types of Spyware will use 'pop ups' to pretend to be something useful such as a security alert about infections. If you click on the link provided you risk falling into the trap, downloading a malicious piece of software or program.

There isn't one solution that will find or remove all spyware threats. The best solution is to have two different spyware tools that perform regular scans.

Free Anti Spyware tools

Please remember to update the software before scanning for threats each time.

• Microsoft Windows Defender - Protect against spyware, pop ups and slow performance
• Spybot Search & Destroy - Use to detect and remove spyware
• Lavasofts Ad-Aware - Real-time protection against viruses, spyware, Trojans, rootkits, hijackers, keyloggers and more

Antivirus programs scan and remove most virus or trojan threats for you automatically. If you decide to use a free version you should get the programs from a trustworthy source so can trust that it will not contain any hidden malicious software. You should only download directly from the suppliers own site

Antivirus is only effective if it's kept updated as new threats and viruses are created all the time.

Some of the best antivirus options tend to be the all-in-one Internet security packages which can protect you behind a firewall, hide you from online attackers, and provide antivirus in one easy to use interface.

Always download from a trustworthy source. If you are still unsure then don't download it. All email attachments and downloaded files should be saved and then scanned with an antivirus product before being opened.

For more details see: 'Working safely from email attachments'

McAfee – Tips for virus detection and prevention home.mcafee.com/virusInfo/AntiVirusTips.aspx

Free Online Virus Scanners
Bitdefender	BitDefender Online Scanner is an on-demand antivirus and antispyware tool that shows how safe your PC is. Accessible from your browser, it will scan and automatically clean the system memory, all files and drives boot sectors. (Windows XP and Windows Vista)
ESET	ESET Online Scanner is a user friendly, free and powerful tool which you can use to remove malware from any PC via your web browser.(Windows Xp, Windows Vista and Windows 7)
F-Secure	Online Scanner can help get rid of viruses and spyware causing problems on your PC.
McAfee	McAfee FreeScan helps you detect thousands of viruses on your computer. Based on the award-winning McAfee VirusScan engine, FreeScan searches for viruses, including the latest known "in the wild" viruses, and displays a detailed list of any infected files.(Windows Xp, Windows Vista and Windows 7)
Microsoft  Security Essentials	Microsoft Security Essentials  is a free service designed to help ensure the health of your PC. (Windows Vista and Windows 7)
Panda	An advanced online scanner based on Collective Intelligence (scanning in-the-cloud) that detects malware that traditional security solutions cannot detect

Setting up software automatic updates

You should keep your version of your Microsoft Windows or Apple Mac operating system updated to protect against attacks from hackers. 

Regularly installing security patches and new versions of your software makes your computer less vulnerable to hackers and malicious software. 

You can either install the updates manually, or enable  Automatic Updates to run the programs automatically, which means you dont need to remember to run them. 

For more information, the latest updates, and for new versions of software visit:

Microsoft Windows users update site

Apple Mac users update site

Get the latest versions and fixes
Subscribe to receive their latest IT Security information
Visit to receive the latest advice on protection and prevention from IT security threats

If your work isn't safely backed up elsewhere, if could be lost for good. You can lose you work as a result of computer failure caused by a virus or malfunction. Or stored  work on a USB or CD has become corrupted or lost.

Why back up?

You should always keep backups of your important files, such as work, photos and music to ensure that nothing will be lost in the event of a computer failure. It could take days or weeks to have a computer repaired. Storing your documents and files safely elsewhere could help ease the pressure, especially if you are nearing a deadline.

Where should I store the back up?

You should keep at least one copy of your work on the H:drive, which is your own personal storage area. The H:drive is stored on the University's network servers so your files can be accessed from any computer, after you have logged in. The H:drive is also accessible from your home computer or laptop via https://filelinx.wmin.ac.uk

Students can also make use of the free online storage area provided with the University Student Google Mail accounts, where you can access your work from any computer with an Internet connection .

Remember to:   

• Save your work regularly, around 10 - 20 minutes. In the event of a loss of connection or computer crash, you may at least be able to retrieve most of it.
• Make multiple backups of your work. If you use a CD or USB, make copies on your H:drive too in case you forget, lose or damage them or the data becomes corrupted.
• Take your USB or CD with you although it sounds obvious, people lose these all the time.

Staff members can visit Managing your files and folders for details on how organise and back up their work.

Passwords will help to keep your work and personal details safe by preventing access to your accounts and computer. You should not for obvious reasons therefore share the details of your passwords. 

Strong passwords, with random characters are more secure making it difficult for someone to crack. 

Here are some methods for making strong passwords:

• You can choose one or two lines from a poem or song and use the first letter of each word. For example 'Always look on the bright side of life' becomes 'alotbsol'
• Passwords are case sensitive: using the above example, the passwords alotbsol, AlotbsoL and aLotBsol are different and the security of passwords can be increased if mixed case passwords are used.
• A strategy for creating strong passwords is to replace letters with numbers or characters. For example Alotbsol becomes A10tbs01 where the letter "l" has been replaced with the digit "1" and the letter "o" has been replaced with the digit "0".
• Choose a minimum of two short unrelated words and join them together with special symbols or numbers. For example, awn, crat, it are three unrelated words which become awn+crat=it? when the words are joined together.

  Remember to take some time to create a password that you'll easily remember.

  If you rush to create a new password, you may soon forget it, especially after a few weeks away from the University. To reset a forgotten password go to www.westminster.ac.uk/password
  
  Find out more about your University network password and logging in"
  
  

  IMPORTANT: Remember to log out if you are going to spend time away from the computer you should log out to ensure the security of your details and your work.

  Also note that the PCs in the computer rooms are set to log you out after twenty minutes if not used, so any files temporarily saved to the desktop will be deleted.

• When you are online, you can easily be traced and targeted by hackers within minutes. A good firewall can hide you and help block hackers from gaining access to your computer.
• A firewall can also stop hidden programs from 'opening doors' in applications to enable hackers to gain access your computer
• You can buy firewall products that offer good protection. However there are also free alternatives available which will offer a basic level of protection.

• Firewall information for MS Windows users
• An online guide to some of the best free firewall downloads

Free tools to aid safe browsing

While surfing the Internet, there are potential IT Security threats from replicated and fake websites.
There are free tools available that you can add to your browser that will warn you about potential threats on a webpage or search results before you visit those sites.
Other tools can warn you have strayed on to a fake Internet site designed to steal your money or details. These tools will inform you of any untrustworthy sites and will help you to browse more safely.

Free Tools
McAfee Site Advisor for Internet Explorer	SiteAdvisor software adds safety ratings to your browser and search engine results. There is a free and a paid for version.
McAfee Site Advisor for Firefox	SiteAdvisor software adds safety ratings to your browser and search engine results. There is a free and a paid for version.
McAfee Site Advisor for Mac (Mozilla Firefox)	SiteAdvisor software adds safety ratings to your browser and search engine results. There is a free and a paid for version.
NetCraft Anti-Phishing tool bar for Windows XP	Protect your savings from Phishing attacks. See the hosting location and risk rating of every site you visit.
Web Of Trust WOT	Use as a safe surfing tool for every member of your household

What is it?

Phishing is a scam where internet fraudsters, posing as reputable organisations, trick recipients into sharing personal or financial information with them.

What should I look out for?

• “We suspect an unauthorised transaction on your account. To ensure that your account is not compromised, please click the link below and confirm your identity.”
• “If you don’t respond within 48 hours your account will be closed.”
• “You have won the lottery.”

Emails may appear to come from your bank or financial institution, a company you regularly do business with or a social networking site. They may include official-looking logos and convincing details about your personal history that the scammers found on your social networking pages. They might appear to be from someone in your email address book. They may include links to spoofed websites where you are asked to enter personal information. They might ask you to make a phone call, directing you to call a phone number where a person or an automated system waits to take your account number, personal identifcation number, password or other valuable personal data.

How do I avoid being ‘hooked’?

If you get an email or pop-up message that asks for personal or financial information, do not reply or click on any links.

Never email personal or financial information, as email is not a secure method of transmitting information. Only provide this information to an organisation through their website and look for indicators that it is secure (like a URL beginning with “https” - the ‘s’ stands for ‘secure’).

Use antivirus and anti-spyware software, as well as a firewall, and update them all regularly.

Review credit card and bank account statements as soon as you receive them to check for unauthorised charges. If your statement is late, call your credit card company or bank to confirm your billing address and account balances.

Be cautious about opening any attachment or downloading any files from emails you receive, regardless of who sent them. These files can contain viruses or other software that can weaken your computer’s security.

Try this fun quiz to test how aware you are: Think you can spot a scam?  (created by knowthenet.org.uk)

What do I do if I have been ‘hooked’?

Forward phishing emails to spam@uce.gov and to the company, bank or organisation that has been impersonated in the email. You can also report phishing email to reportphishing@antiphishing.org (an Anti-Phishing Working Group).

If you believe you’ve been scammed, file a complaint with the Federal Trade Commission (FTC) at www.ftc.gov/complaintand then visit the FTC’s identity theft website. Victims of phishing can become victims of identity theft.