Don’t WannaCry? How to stay safe

Don’t WannaCry? How to stay safe

Issued: Sun, 14 May 2017 17:25:00 BST

UofG supported systems weren't affected by this weekend's WannaCry ransomware attack thanks to our policies, procedures and of course people. But keeping IT systems secure is an ongoing battle and none of us can afford to be complacent.

There are many ways hackers and identity thieves might target you. Find out how the University protects you, and how you can protect yourself.

Your hardware

How the University protects you

  • All centrally-managed PCs, servers and systems are regularly patched and updated. As well as ensuring optimum performance and functionality for you, this also maintains their firewalls, anti-virus and malware protection.

How you can protect yourself

Your files

How the University protects you

  • The contents of your network drives are regularly backed up, and the cloud storage provided by Office 365 meets all the University’s requirements for data security and legal compliance
  • The University provides detailed guidelines and advice on the safe handling of confidential data. See Information Security: Confidential data handling guidelines

How you can protect yourself

  • Make at least two backup copies of all documents you haven’t stored on your network drive or in Office 365
  • Keep one backup in a different location from the others
  • For more advice see Information Security: Your data

Control access

How the University protects you

  • Key business systems are managed so that only people who specifically need access as part of their job can use them

How you can protect yourself

  • Manage access to your devices, and the data stored on them, by setting PINs or passcodes
  • Make sure no-one can see when you are entering your PIN or passcode
  • Use strong passwords
  • Store your devices securely at all times
  • For more advice see Information Security: Your devices

If in doubt…

Email safety

Hackers and identity thieves can use email to infect your computer with ransomware like WannaCry, malware or viruses, or to learn your personal details and passwords via deception. Often the sender details are ‘spoofed’ so that fake but genuine-looking emails appear to come from a trusted organisation, or even a part of the University like IT Services, Finance or ‘The System Administrator’.

  • Treat unsolicited email with suspicion, even if the sender appears to be someone you trust
  • Don’t click on links or open attachments in unsolicited email
  • Never respond to an email that asks for your password
  • If a link in an email takes you to a log in page - even one that looks genuine - don’t attempt to log in as these can be spoofed too. If you need to log in to a website, get there safely:
    • Use a desktop icon or bookmark you saved earlier
    • Carefully type the URL address by hand
    • To log in to a University site, go to the University home page - or MyGlasgow - and navigate from there
  • Always err on the side of caution. If you’re in doubt whether an email is genuine, contact the IT Helpdesk.