Security

Keeping your University account details secure is crucial, not only for protecting your email account, but also for preventing unauthorised access to a whole host of University services and data. As a result, the University places a lot of emphasis on password security and it's important you do your bit to keep your password safe.

An introduction to information and data security

Aerial view of students at computers

An introduction to information and data security

Reporting IT security incidents

To report an IT security incident please contact the IT Service Desk:

How to keep your personal device secure

Keeping your computer up-to-date is one of the easiest ways to remain secure, however it is something many people often neglect.  

Periodically, software manufacturers release updates to fix flaws that could be used by malicious attackers to gain access to systems. It is vitally important that you ensure your devices are kept up-to-date. 

Below are guides to help you ensure that your device is up-to-date and secure: 

Antivirus

Antivirus protects your computer from malicious software infections. It is important for you to ensure you have an antivirus program installed on your device and that it is up-to-date. 

Most current day laptops and desktop computers come with either built-in antivirus or a subscription to a well-known antivirus product. 

If your antivirus is a subscription, then it is important you either renew this or switch to a different antivirus program when this subscription runs out. Failure to do this will leave your machine at risk of being exploited. 

How to check your antivirus is up to date

Guides on how to check your antivirus is up to date:

If your antivirus has lapsed

If you had any of these (or another) products and your subscription has lapsed, do not panic! Windows and Mac devices come with built in security (Windows Defender and macOS security). 

Just remove the lapsed software and ensure that Windows Defender or macOS security is up to date. 

Phishing emails

Phishing is when malicious criminals attempt to trick you into believing a message you have received is from a trusted source.

You can help tackle phishing attacks by forwarding suspicious emails to phishing@surrey.ac.uk or use the ‘Report Phish’ button in Outlook. If you are unsure if the email is genuine we will always be happy to help you.

How to spot a phish

Phishing emails can be very convincing, below are some helpful tips to help you spot a phish:

  1. Generic greetings – Instead of an email opening with “Hi Brian!” or “Hello Mr Smith”, the email opens with a generic greeting such as “Dear Customer”. This is because the cybercriminal will often send the email out to thousands of victims at a time.
  2. Poor grammar and spelling – This is a dead giveaway. Your bank isn’t going to spell account “acount”. Also, be aware of emails using similar looking characters e.g “ɑʗʗουɳʈ” as crooks often use this method to get around software that scans the content looking for keywords.
  3. It doesn’t look right – Is it an offer that is too good to be true? Is it from someone you know but they don’t sound like themselves.
  4. URGENT! – Cybercriminals often like to make the email sound important to fool you into taking action before noticing all the problems with the email.
  5. Trying to scare you – Cybercriminals use this method to scare you into acting. “Your account has been breached”, “£1568 has been transferred out of your account”.
  6. WINNER! – One of the most common phishing emails says you’ve won a prize, all you have to do is reveal personal details about yourself to claim.
  7. Specific information about you – Our lives are increasingly becoming entwined with the online world. Don’t be fooled because they know your job title, personal interests and Manager’s name when all that information is on LinkedIn.
  8. Links to official looking sites - Does this page look genuine? Well it’s supposed to! Always check the address bar (another top-tip! If you use a password manager and it doesn’t attempt to auto-fill your username and password, then it is probably not the real site!).
  9. Squatters – Cybersquatting is when a criminal will purchase domains that are similar to popular domains such as www.microsoft.com vs www.mlcrosoft.com. Always stop and check the address closely
  10. “Verify now” – This common phish asks you to verify an account with a site or an organisation. Always question why you have received this – if you weren’t expecting it then there’s a high chance it is a scam.
Reporting phishing attempts
  • If you “logged in” on a suspicious website, then change that password immediately
  • Report the incident immediately via the Report a breach form
  • If the compromised account could be used to access financial services (bank or student loans), inform them with the details of what has happened
  • For all other phishing emails, please use the Report Phish button in Outlook, or forward the email to phishing@surrey.ac.uk.

Password advice

It is important that you use a strong and unique password to secure your University account.

The University recommends using the "three random words" method - where you combine three random words to create a password that is long enough and strong enough to withstand attack.

There are things to avoid when creating your password such as:

  • Using memorable dates such as your birthdate
  • Swapping letters for numbers (for example, swapping an "o" for a zero)
  • Using the names of your pets, your children or popular culture references

Password strength and complexity is dynamically evaluated for University of Surrey accounts at the time you choose your password; if a password meets sufficient length, complexity, age and history requirements it will be permitted.

It is important that your password is easy for you to remember. Other things to note:

  • You must never write your password down
  • Your password must be unique (not a password you have used anywhere else)
  • You must not share your password with anyone, even within the University

Whilst the University does not currently offer a password manager, you are free to use one if you choose. 

Password managers are software designed to store passwords safely and securely. There are many options on the market that offer this service. Some of the more popular options include:

Using a password manager means you can have many longer and more complex passwords, without having to repeat them or worry about forgetting them. 

If you think your password has been compromised:

  • Report the incident immediately via the Report a breach form
  • Immediately change the password following the instructions and then report the incident to the IT service desk by calling 01483 689898 / ext 9898

Need more help?

MySurrey Help is packed with answers to the most common questions, and Surrey Support is available if you would like to ask a question to one of our support services.

Search MySurrey Help now