Coronovirus: Cyber security information
Meeting Passwords Required for Zoom from 9 May
From 9 May 2020, all meetings for Free or Basic accounts on Zoom, including previously scheduled meetings, new meetings, and meetings started or scheduled using Personal Meeting IDs, will now require a password.
If your participants join by clicking a meeting link with a password embedded, there will be no change to their joining experience.
For participants who join by manually entering a Meeting ID, they will need to enter a password to access the meeting, including participants who join via telephone.
For previously scheduled meetings, you can locate your meeting password by logging in to your Zoom account. Go to your Meetings tab, select the upcoming meeting by name, and copy the new meeting invitation to share with your participants. For more information, please visit the Zoom Knowledge Center or Blog.
Please be reminded that if you use your Roehampton user name when setting up Zoom, please do not also use your Roehampton password.
Tips and settings to make your Zoom chat more secure
- Don't share the Zoom meeting link or the meeting ID on public platforms, e.g on social media
- Don't use the personal meeting ID; allow Zoom to create a random number for each meeting
- Set a meeting password
- Set screen sharing to "host only"
- Limit recording permissions for call participants
- Create a "waiting room" for the call, which allows the host to manually give users entry to the call
- Disable file transfer
- Disable "join before host"
- Disable "allow removed participants to rejoin
For more guidance around Zoom, please click here.
Phishing and malware emails
Please be aware that we are expecting a rise in phishing and malware emails referencing coronavirus.
Whilst our systems are fully operational and protecting your University mailboxes, there is always a possibility of an attack slipping through, so it's important for all staff and students to remain vigilant.
Remember: if a university account is hacked, the phishing attempt may come from a @roehampton.ac.uk email address. If you receive an email and the content is unexpected or suspicious, please verify with the sender (please do not reply to the suspicious email) or contact ServiceDesk.
All University-wide communications about coronavirus are sent from Roehampton.News@roehampton.ac.uk. We will never ask you to verify your identity or login to a system to verify your details.
Further cyber security advice can be found on the portal here.
Cyber security: advice for working at home
Please be assured that we know that working from home can be new to some of you, perhaps even overwhelming as you adjust to your new environment. One of our goals is to enable you to work as securely as possible from home.
Below are some simple steps to working securely. The best part is all of these steps not only help secure your work, but they will make you and your family far safer as you create a cyber secure home.
Quick Take-Away's to protect University and your personal data:
- Check your remote working PC is Secure (personal devices).
- Stay with your device or secure them.
(see also point 2 below)
- Keep software and Anti-Virus up to date.
(see also point 4 below)
- Stay with your device or secure them.
- Continue to be cyber wise
- Be careful about what you click on the web and social media
- Avoid Phishing / Scams - beware of suspicious emails, texts and calls.
(see point 1 below)
- Stay with your devices or secure them
(see also point 5)
- Maintain good password management.
(see point 3 below)
- Collaborate safely online using
- University Office 365 tools
- and other tools provided by the university
never save University Confidential information on non-Roehampton devices
- Keep you data secure by storing on UR systems
- Use O365, SharePoint, OneDrive, etc.
Please do consider that devices maintained by Roehampton tend to be more secure than your own personal devices at home as our IT put in a good measure of work to keep you and the university safe at work. So please take a few moments and review the practical advice below to ensure that when using your device, you continue to protect university data adequately.
Also, please weigh up whether to print university data on personal printing devices as domestic paperwork waste inevitably end up in landfill where anyone could access it, unlike at University where we use secure waste disposal services.
Below are five simple steps to working securely. The best part is all of these steps not only help secure your work, but also will keep you and your family safer as you create a cyber secure home.
- First and foremost, technology alone cannot fully protect you – you are the best defense. Attackers have learned that the easiest way to get what they want is to target you, rather than your computer or other devices. If they want your password, work data or control of your computer, they'll attempt to trick you into giving it to them, often by creating a sense of urgency. For example, they can call you pretending to be Microsoft technical support and claim that your computer is infected. Or perhaps they send you an email warning that a package could not be delivered, fooling you into clicking on a malicious link. The most common indicators of a social engineering attack include:
- Urgency: Someone creating a tremendous sense of urgency, often through fear, intimidation, a crisis or an important deadline. Cyber attackers are good at creating convincing messages that appear to come from trusted organizations, such as banks, government or international organizations.
- Policies: Pressure to bypass or ignore security policies or procedures, or an offer too good to be true (no, you did not win the lottery!)
- Contacts: A message from a friend or co-worker in which the signature, tone of voice or wording does not sound like them.
The best defense against these attacks is you and we thank you for your vigilance and support
- Home Network: Almost every home network starts with a wireless (often called Wi-Fi) network. This is what enables all of your devices to connect to the Internet. Most home wireless networks are controlled by your Internet router or a separate, dedicated wireless access point. Both work in the same way: by broadcasting wireless signals to which home devices connect. This means securing your wireless network is a key part of protecting your home. We recommend the following steps to secure it:
- Change the default administrator password: The administrator account is what allows you to configure the settings for your wireless network. An attacker can easily discover the default password that the manufacturer has provided.
- Allow only people that you trust: Do this by enabling strong security so that only people you trust can connect to your wireless network. Strong security will require a password for anyone to connect to your wireless network. It will encrypt their activity once they are connected.
- Make passwords strong: The passwords people use to connect to your wireless network must be strong and different from the administrator password. Remember, you only need to enter the password once for each of your devices, as they store and remember the password.
Not sure how to do these steps? Ask your Internet Service Provider, check their website, check the documentation that came with your wireless access point, or refer to the vendor's website.
- Passwords: Please see also "Passwords at Roehampton" for Roehampton related information around passwords.
When a site asks you to create a password: create a strong password, the more characters it has, the stronger it is. Using a passphrase is one of the simplest ways to ensure that you have a strong password. A passphrase is nothing more than a password made up of multiple words, such as "bee honey bourbon." Using a unique passphrase means using a different one for each device or online account. This way if one passphrase is compromised, all of your other accounts and devices are still safe. Can't remember all those passphrases?
Use a password manager, which is a specialized program that securely stores all your passphrases in an encrypted format (and has lots of other great features, too!). Finally, enable two-step verification (also called two-factor or multi-factor authentication) whenever possible. It uses your password, but also adds a second step, such as a code sent to your smartphone or an app that generates the code for you. Two-step verification is probably the most important step you can take to protect your online accounts and it's much easier than you may think.
- Make sure each of your computers, mobile devices, programs and apps are running the latest version of its software. Cyber attackers are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates promptly, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including not only your work devices but Internet-connected TV's, baby monitors, security cameras, home routers, gaming consoles or even your car.
- Children / guests: Something you most likely don't have to worry about at the office is children, guests or other family members using your work laptop or other work devices. Make sure family and friends understand they cannot use your work devices, as they can accidentally erase or modify information, or, perhaps even worse, accidentally infect the device.
What to do if you have already clicked?
The most important thing to do is not to panic. There are number of practical steps you can take:
- Open your antivirus (AV) software if installed, and run a full scan. Follow any instructions given.
- If you think your university password has been compromised, try and use a different device to change your password via Password Self-service. Details can be found on the Staff / Student Portals. Once changed, inform the ServiceDesk.
- If you're using a work device or used it to work on university data, contact ServiceDesk and let them know.
- If you've been tricked into providing your password on non UR systems, you should change your passwords on this and all your other accounts where you might have used the same password.
- If you have lost money, you need to report it as a crime to Action Fraud. You can do this by visiting actionfraud.police.uk.
You can find additional advice at:
Password must meet the following complexity requirements:
- It can't contain the user's account name or parts of the user's full name that exceed two consecutive characters
- Be at least eight characters in length
If you don't make use of non-alphabetic characters, please create a longer password
- Contain characters from three of the following four categories:
While not enforced as of now, we strongly suggest to make use of all four categories
- English uppercase characters (A through Z)
- English lowercase characters (a through z)
- Base 10 digits (0 through 9)
- Non-alphabetic characters (for example, !, $, #, %)