Below are different categories relating to Cybersecurity that may be of interest to anyone looking to understand how better to defend themselves in regards to their IT Security. While most of this information relates to your RGU Account, this information can easily be transferred to your personal accounts and how to keep those secure also.
Account Security
Keeping your account secure is one of the most important tasks, as losing access to this can cause widespread havoc not only for yourself, but other students and the University as a whole dependent on what the attacker does with the account.
Tips to keep your account secure :
1 - Create a suitable password
RGU has strict rules on what a password requires before it can be added, this info can be found here : Password Manager | RGU
A good rule for Password Creation is the "Three Random Words" rule. Info on this can be found here : Three random words - NCSC.GOV.UK
2 - Never Share your password with anyone, not even us!
We will never ask you to send over your password for any reason, if you receive any contact from anyone claiming to be a member of the RGU Team and they request your password this is likely an someone attempting to maliciously access your account. Please report this to [email protected]
3 - Try to avoid using the same password across different accounts
While it's most definitely easier to share passwords, the issue comes when one of these accounts becomes compromised. If an account from 5 years ago on a different website has it's data leaked, your accounts now that use the same email and password are now at risk.
This is one of the top ways that Malicious actors gain access to users accounts these days.
This is where something like a Password Manager may be useful for some people, however this comes with other issues also. More info can be found here : Password managers: using browsers and apps to safely store... - NCSC.GOV.UK
4 - Enable Multi-Factor Authentication
RGU Accounts by default require the set up of a two form authentication on the account, this is normally an app on the phone as one form of authentication, and a mobile phone number for the second form of authentication. Info on how to set this up can be found here : Multi Factor Authentication - registration : IT Service Desk (rgu.ac.uk)
The reason this helps, is that even if someone gained access to your password, they would be stopped from logging in as it would require codes from either an app or a code that's text to your phone.
Email Cybersecurity
A Common way to gain access to Information or systems is through the use of email. While it's almost impossible for you yourself to stop malicious emails reaching you ( That's our Job ! ) there are steps you can take if an email ever comes through that seems suspect.
1 - Review who the email is coming from
If an email states that it's coming from Amazon, RGU, your bank or any other service check the email address that it's coming from. Does it look like it's coming from that sender? For example an email from an RGU Lecturer will have the RGU Domain name at the end "@RGU.AC.UK".
However if someone is claiming to be your bank, and the email is coming from a GMAIL or iCloud email address. This is most definitely phony
This isn't always the case however, as some more well practiced attackers are able to create/mask their sender emails to look more like legitimate senders. They may also use already compromised accounts to seem more legitimate by sending from within the domain.
2 - What are they asking from you? How are they doing it?
Most legitimate emails that want something from you tend to do so in a calm and relaxing manner. They tend to provide some information to confirm that they are legitimately who they are and almost never request that you login directly through a link they send you ( Even though they may provide the link to do so ). They will also provide clear next steps , and plenty of contact information should you require it.
Malicious emails usually try to scare you in some way, to make you react quickly out of fear rather than give you time to think rationally about something. They will push you through using a link through the email rather than going directly to the website.
3 - Never Click on a link or open an attachment from an email that you don't trust 100%
If you get an email through that requests you go through a link to sign-in / Confirm something. Unless you are expecting an email like this ( Such as a password reset ) never click on the link directly through the email.
Should it be asking you to login to your account to update information, instead go directly to the site through a web browser and login there and make the changes as required.
If the email is asking you to access an attachment such as a PDF or Word document, never download these unless you're expecting some documentation from the sender.
These are some smaller simple steps that Students and Staff can take to make sure they are as secure as possible while with us. We understand however that not everyone is going to understand 100% what it is you should do in every situation. If something happens with your RGU account such as you believe it to have been compromised or you have received a fishy email and would like advice on it please email us as [email protected] or post a ticket on our help portal here : https://itservicedesk.rgu.ac.uk/
Further information on Security : Cybersecurity Information | Knowledge Base | IT Service Desk (rgu.ac.uk)