Information Services Allen McTernan Building Uninterruptible Power Supply (UPS) Maintenance – 17th 18th December

Information Services Allen McTernan Building Uninterruptible Power Supply (UPS) Maintenance

As part of our ongoing infrastructure maintenance schedule, we are required to replace the batteries in the main data centre UPS, which provides backup power to the majority of services housed in Allen McTernan, in the event of a power outage.
This work will take place on the 17th December and will last one working day.
Whilst this work is ongoing the existing services will be powered directly from the mains supply, but we will have no battery backup in the event of a mains power failure.
Services should therefore be considered at risk during Monday the 17th and Tuesday the 18th of December.
All services run from Allen McTernan should be backed up in advance of this date.

Any questions, please submit a ticket to the Help Desk ITHelp@hw.ac.uk

Heriot-Watt secures Cyber Essentials Plus accreditation #InformationServices

We have recently been awarded Cyber Essentials Plus accreditation in information security following an audit by a Scottish Government approved assessment body, ID Cyber Solutions.

The UK government scheme, which is specifically designed for public sector organisations in the UK, is a globally recognised certification that serves as a kite mark for industries around the world and is increasing becoming a requirement for research funders.

Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and safeguarding data

Kathy McCabe, Global Director Information Services

The certification covers the entire range of IT services provided within the university. It includes an assurance framework and a set of security controls to protect information from threats coming from the internet. Cyber Essentials Plus includes additional independent testing which requires an on-site technical assessment.

We achieved accreditation by the 31st October 2018 target date set out by the Scottish Government as part of its Cyber Resilience Strategy for Scotland, making it the largest Scottish University of our size and complexity to achieve the CE+ certification to date.

Kathy McCabe, Global Director of Information Services labelled the certification a huge achievement and an absolute credit to the teams involved”, saying it was the “culmination of many thousands of hours of work undertaken by an institution-wide team of dedicated colleagues.”

She added: “Receiving the certification is testament to our commitment to cyber security. It is also a demonstration of our commitment to continuous process improvement and  safeguarding data. But more than that, it provides the necessary accreditation to access funding from a range of funders, a proactive step giving Heriot-Watt an advantage over other HEIs/competitors.” 

Congratulations to everyone involved.

Cyber-EssentialsPlus-forweb (1)

‘Payment submitted’ – spam and phishing emails

Phishing emails with ‘Payment submitted’  in the subject line similar to those below are doing the rounds – please beware

spam emailIf you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • forward the email to abuse@hw.ac.uk
  • delete it

Phishing emails ‘Invoice’ or ‘Purchase Order’

Phishing emails with ‘Invoice’ or ‘Purchase Order’ in the subject line similar to those below are doing the rounds – please beware

If you think you have received a phishing email

  • DON’T click on any links
    DON’T open any attachments
  • forward the email to abuse@hw.ac.uk
  • delete it

Phish purchase

phish invoice

Top tips to help you spot phishing emails

  • Be suspiciousof any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates
  • Check that you’re using a secure websitewhen submitting credit card or other sensitive information;
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

 

Get Safe Online Week 2017

Get Safe Online week starts today in the UK.  The key theme this year is phishing – and how to reduce the chances of getting caught.

National Stats reveal that

  • Younger people are more likely to be victims of phishing than older people:
    • 11 per cent of 18-24 year olds have been a victim of phishing
    • 5 per cent of 55+ year olds have been a victim of phishing
  • This is despite the fact that older people are more likely to be targeted:
    • 36 per cent of 18-24 year olds have been targeted by phishing, but have not fallen victim to it
    • 47 per cent of 55+ year olds have been targeted by phishing, but have not fallen victim to it
  • This indicates younger people are less savvy when it comes to phishing than older people

Visit Get Safe Online for more info and advice.

GSO_Week-17

Ransomware strikes again

Users are reminded to remain vigilant as yet another international cyber-attack affects computers across the globe.

Machines affected by this attack will display a message like:

Repairing file system on C:

The type of the file system is NTFS.
One of your disks contains errors and needs to be repaired. This process may take several hours to complete. It is strongly recommended to let it complete.

WARNING: DO NOT TURN OFF YOUR PC! IF YOU ABORT THIS PROCESS, YOU COULD DESTROY ALL OF YOUR DATA! PLEASE ENSURE THAT YOUR POWER CABLE IS PLUGGED IN!

CHKDSK is repairing sector xxxxx of xxxxxxxx (x%)

If you have this or a similar message displayed on your screen disconnect your PC  immediately and contact ithelp@hw.ac.uk

See Global ransomware attack causes turmoil to keep up to date with this story in the news.

Ransomware attack

You will have noticed the high profile ransomware attack that has been in the news over the past few days. (http://www.bbc.co.uk/news/technology-39915440)

Information Services are monitoring our systems and have the necessary precautions in place to minimise the risks from ransomware, however, staff and students should remain vigilant at all times.

In particular, please be suspicious of any emails received from unknown sources with attachments or links:

  • Do not click on suspicious links
  • Do not open email attachments
  • Forward the email to abuse@hw.ac.uk
  • Do not plug in unattended USB devices that are found

Typically ransomware will be hidden in emails that look like invoices for goods, communication from the tax office (HMRC) or your bank, requests to authenticate your accounts (confirm your user name and password) following an update etc.

If you use a machine that is not on the managed desktop please ensure that you

  • Update all Anti-Virus
  • Have a backup in place and that it is operational
  • Use minimal user permissions where possible

Can we remind all users to log out from their machines at the end of the working day. Information Services apply updates and patches to managed machines overnight and some patches do not apply until a machine is restarted.

If you have not logged out and restarted your machine for a few days please do so.

See https://www.getsafeonline.org/protecting-yourself/ransomware/ for more information on protecting against ransomware.

Tax refund phishing scam alert!

The phishing email below is doing the rounds – so don’t get caught out! If you think you have received a phishing email

  • DON’T click on any links
  • forward it to abuse@hw.ac.uk
  • delete it

taxrefundscam

Pointers that indicate that this is a scam include: –

  • poor grammar/proofing of text – note the capital “W” after a comma in the first line
  • the URL that the link points to doesn’t look anything like an HMRC URL
  • the URL isn’t secure – it’s http, not https

There are often phishing scams from fraudsters pretending to be HM Revenue and Customs. At certain times of year (like when the tax return deadline looms closer) you tend to get more than usual.

For more information on spotting the difference between genuine HMRC emails and phishing emails see Genuine HM Revenue and Customs contact and recognizing phishing emails

But remember – it’s not just HMRC that fraudsters pretend to be – so be vigilant!

Top tips to help you protect your mobile devices

1 Lock your smartphone/tablet

Restrict access to your phone by using a pin, password, complex swipe or other option. If it gets lost or stolen it’ll be more difficult for someone to access your information on it. Check the settings and enable automatic screen locking after several minutes of non-use.

2 Install software that lets you find/lock/wipe/disable your device

Many smartphones come with easy options to help you locate your device, flash up a message on screen to anyone finding it or to activate a loud noise to aid recovery or deter a thief. Or you could consider a stand-alone app.

3 Install anti-virus software

Every device you connect to the internet needs protecting from viruses and malware.

4 Keep up with the updates

If it’s an option turn on automatic updates so that you don’t forget. We’d recommend that you apply operating system updates when they’re made available.

5 Be cautious about the apps you install

It’s best to stick with the official marketplaces. Be wary about permissions requested during the installation process – does that free app really need to be able to read/send text messages or access your camera?

6 Backup your device regularly

Your mobile device will inevitably end up holding lots of data. Good housekeeping is recommended – you should routinely remove data that doesn’t need to be kept on your phone and back up what does.

7 Be wary of free Wi-Fi

Stick with trusted data connections or your home Wi-Fi for sensitive activities like banking transactions and purchases – and stick to secure sites – look out for https:// in the address bar, and check the padlock on the stats bar (click or double click on it to see details of the site’s security).

8 Don’t click on links (or open files) you weren’t expecting

Delete text spam – avoid responding to lottery or competition messages or clicking on links they include to strange looking websites.  If you read your personal or business emails on your phone keep a look out for phishing messages.

9 Be alert to your smartphone behaving oddly

  • Check your bills to see if text messages (especially to premium rate or overseas numbers) – are being sent without you knowing about it
  • High data usage might point to a problem with your phone or an app you’ve installed
  • If the battery is draining rapidly check what apps or processes are running in the background in case anything is going on that you weren’t expecting

10 Erase personal info before reselling/recycling

If you’re thinking of selling or recycling your smartphone delete all apps and related data before securely erasing personal information. iPhone owners can use Apple’s factory reset to do this, Android and Windows Phone owners have similar options.

For more tips and information on staying safe online see: –

Online fraud – watch out for scam emails

Online fraudsters often target students at this time of year as they know you might be expecting emails from the Student Loans Company – or would really like an email saying you were entitled to a grant to help finance your studies (if you would just click this link to confirm your details…).

Students at some HE institutions (not HWU so far) have reported receiving emails like this recently…

scamemail

and it’s a scam – so if you do receive a similar email please delete it.

Top tips to help you spot phishing emails

  • Be suspicious of any urgent requests for personal or financial information
  • Be aware: Phishing scams are common at main instalment payment dates i.e. September, January and April
  • Check that you’re using a secure website when submitting credit card or other sensitive information; look out for “https://” and/or the security lock
  • Prevention: Your email details may have been taken from a social networking site so avoid disclosing your email address or make sure you hide it on your page
  • Look for tell-tale signs of phishing: Check the quality of the communication. Misspelling, poor punctuation and bad grammar are often good indicators

For more info and advice see

You should report any suspicious emails arriving in your @hw.ac.uk account to abuse@hw.ac.uk