Staff Cyber Security Training Useful Links Page

This is a page of useful links for resources mentioned during the College’s internal Staff Cyber-Security training sessions.

Oxford University Information Security Advice

If you want to keep your computer, portable devices and personal data safe, you’ve come to the right place. These easy-to-read, practical guides will help you make sense of the technical jargon and, most importantly, show you how to recognise and avoid everything the online crooks and chancers throw at you.

https://infosec.ox.ac.uk/want

Tools for improving your IT Security

Virus Total

Use this site to check any files, attachments or web links you may be suspicious about. If in doubt, ask IT.

https://www.virustotal.com

How Secure Is My Password?

Ever wondered how strong your password is? Use this site to test and find out how long it would take a single computer to crack your password.

https://howsecureismypassword.net/

Has any of my personal data been Pwned (aka compromised)?

Enter your e-mail address or username to find out whether or not your account details or personal information have been leaked. Sign up to receive instant alerts for any new data breaches.

https://haveibeenpwned.com/

Password Safe

Always forgetting your passwords? Tools are available to securely store your passwords in one location using an encrypted master password:

http://keepass.info/

https://www.dashlane.com

Public Wi-Fi

Be very careful if using public open Wi-Fi – these are unencrypted and not to be trusted! If you do need to use it, use the Oxford VPN service to create a secure connection.

http://help.it.ox.ac.uk/network/vpn/index

Browsing

Use an Adblocker with your browser. These are free to install (Firefox or Chrome) and prevent adverts and malicious scripts running on the web pages you visit. Adverts are common source of compromises that may infect your device.

https://adblockplus.org

Two Factor Authentication

Two factor authentication is an extra layer of protection (in addition to a password) that helps secure your online accounts. If can often be the additional requirement of a code sent to your mobile phone or a biometric such as a fingerprint – these additional authorisation steps (to just having a password) can make it a lot hard to break in to your online accounts. Below is a sites that offers a list of online services which support two-factor authentication – if your bank or email provider does not offer 2-factor authentication, ask why! Visit this site for information on how to add additional protection to your accounts.

https://twofactorauth.org

How to check if an online service is a scam

Before you go through with an online purchase at a service provider you have not used previously, enter their web address  on the site below to check whether or not the website is safe.

https://www.scamadviser.com/

Additional Tips

Accounts & Passwords

It’s important to have a completely unique password and as much security as possible for your personal e-mail account – your personal email account is usually the route offered to reset most other online passwords. If attackers get control of your personal email account, they can often start resetting the passwords on most of your other services via common ‘forgotten password’ processes.

How can you recover your lost account passwords if your verification address has been compromised?

What should I do if I think I’ve been compromised?

If a work account has been compromised, contact College IT immediately. Don’t be scared to ask for help!

If your account has been compromised it is imperative to find out how. Responding to fake phishing scam is a common cause. However, keylogging software or other malware installed on one of your devices, if not spotted and disinfected, will lead to subsequent compromises. If you suspect a device is compromised, DO NOT try to change your account passwords or access your newly reset accounts using it! Bring the device to IT; we can advise or help in cleaning it.

After any compromise, use a clean device you trust to change all the accounts and services that use any of the passwords compromised. It is common for people to secure multiple accounts with the same password.