Information Security

 

Protect my computer

Protect my computer

Introduction

If you go online without taking steps to protect your laptop or desktop PC, you risk giving fraudsters free access to all your emails, photos, work and online accounts (bank, social media, shopping... the lot). Malicious software ('malware' for short) is so sophisticated these days, some programs can get inside your machine and send the bad guys a record of everything you write or do. They can even take over your webcam. It would be impressive if the consequences weren't so serious. Fortunately, there are a few simple precautions you can take to stop others stealing or destroying the contents of your computer.

Audience:

Everyone

At a glance

  • Install security updates to your operating system, web browser and other software as soon as they become available.
  • Install anti-virus software, keep it updated and schedule regular scans.
  • Never install pirated software or open attachments from sources you don’t know or trust.
  • Schedule regular backups of all your files.

In detail

Even if you have anti-virus software with all the latest bells and whistles to tackle adware, spyware, trojans, worms and every conceivable type of malware, you still can't afford to get complacent or careless. The most common (and easily avoidable) ways in which people let their machines get infected are:

  • Opening email attachments from suspicious, unknown or unsolicited sources (and sometimes even from people they know and trust).
  • Installing dodgy software (either pirated copies or downloaded from sketchy websites).
  • Using infected USB sticks.
  • Browsing the Internet with an old operating system and browser.
  • Clicking phishing links on social media and in emails.

Cut out or cut down on these risky activities and you will dramatically reduce your exposure to malware. There are several more things you can actively do to reduce risk even further:

  • Install the latest security updates to (ideally the latest version of) your operating system.
  • Install anti-virus software (AV) on your machine, keep it updated and schedule regular scans (note that Sophos is free for as long as you are at the University).
  • Install the latest updates to your web browser and other software (the easiest way to do this is to turn on automatic updates whenever you install programs on your machine).
  • Change your operating system or software if they are no longer supported (i.e. security updates are no longer released for them). Make sure the firewall installed on your machine is activated. Various open-source and commercial firewall products are also available.
  • Only download and install software from reputable sources and never install pirated software – you can't trust what it might do.
  • Turn off synchronisation when using document sharing sites to share with others.
  • Log in to your computer as a normal user rather than as an administrator by default.
  • Disable macros by default in Microsoft Office documents.

If your computer gave up the ghost right this minute, what would you lose? A day’s worth of admin? A whole chapter of your thesis? Irreplaceable family snaps going back years? That’s exactly what happened to one young woman who lost a decade of photos, including precious pictures from her wedding day just weeks before her husband died. 

Computers are replaceable. The data on them often isn’t. Please don’t end up as one of those people who only thinks about backup when it’s too late. Here’s what you should be doing: 

  • Work data
    • Don’t put copies on regular USB sticks or cloud services like Dropbox: they don’t meet the University’s Data Protection obligations.
    • Talk to your IT department.
  • Your personal data

Your local IT department or the IT Services helpdesk can help you set these up if you get stuck. You can never be too safe, so we advise you to make multiple backups.

It is good to get into the habit of locking your screen whenever you leave your desk. Anyone with access to your machine can snoop on all your files, send emails from your account or create all manner of mischief. In the worst-case scenario, you could give an opportunistic thief unfettered access to your usernames, passwords, account details and other private personal details.

Encrypting your laptop will stop anyone getting at your personal data in the event it gets lost or stolen. Depending on your model of computer, you can find instructions here for doing this with either Windows Bitlocker or Mac FilevaultThe University also offers a whole-disk encryption service for University-owned machines. We strongly recommend you make use of this if your machine holds University data.

​If you're going to be travelling abroad and are concerned about taking an encrypted laptop with you, there is some excellent advice available on the JISC Blog.

If you're worried you may have malware on your computer, you should:

  1. Stop using it immediately and disconnect it from the network to prevent further damage.
  2. Clean it: scan your machine using anti-virus software and remove any malware you find. Standard AV software may be limited when it comes to removing malware, so you may want to use a dedicated malware removal tool, such as Malwarebytes.(Strictly speaking, the only fail-safe way of cleaning your computer is to wipe it completely and reinstall your operating system.)
  3. Contact your local IT support staff. They will be happy to advise you regarding any email attachments or downloads that you are concerned about and can help you wipe your computer if necessary.
  4. Change your passwords. Note that this step will be invalidated if you haven't first removed any 'keylogging' malware (that records what you type) from your machine.
  5. Inform your bank if your account details have been accessed.