Information Security for students
Resources to help students handle information in line with University policies and procedures.
Introduction
Information Security is very important to the University.
Use these quick links for useful Information Security resources and guidance for students.
-
Student Regulations - defining the University’s approach to acceptance use of it’s IT systems for students
-
Register for the Self Service Password Reset Tool for an easier way to manager your account, wherever you are working, without needing to call our IT Helpline
-
Multi-factor authentication - What it is, why it is important and key messages
-
Concerned your personal device has been compromised? Worried about malware?
Multi-factor authentication
What is multi-factor authentication?
Multi-factor authentication (MFA) is also referred to as two-factor authentication (2FA). It offers additional protection for your accounts. The idea is that to access an account you must provide your password and some other evidence to prove who you are. This other evidence could be:
- a code that is sent to your phone
- a code that you generate using your phone or other device
- a simple prompt that you accept on your phone.
What’s wrong with just using passwords?
The problem with relying on just a password – even a strong password – to protect your account is that if it is ever found out by someone else, they can log in to your account and access everything you can. If you’ve used the same password for other accounts, they can potentially access those as well.
People could obtain your password in several ways. It could be guessed, phished, leaked in a data breach or captured by malicious software.
How does multi-factor authentication work?
When you have multi-factor authentication set up on an account, you will need to:
- Enter your username or email address and password as normal
- Complete an additional authentication step to access the account
This means that even if someone has managed to get hold of your password, they still cannot login to your account without the additional security step.
Key messages
- You should never approve an authentication request that you don’t recognise – if you didn’t expect it, reject it
- Manchester Met IT will never ask you for your password or authentication codes
- You should contact the IT Service Desk if you believe your account has been compromised
How to avoid a phishing attack
To help identify and avoid a phishing attack please follow these steps:
-
Always check the sender’s address
-
Be wary of generic greetings as opposed to your name
-
Look at the time of the email – was it sent at an unusual time?
-
Check the subject line – is an urgent reply demanded?
-
Check the content of the email
-
Check for poor spelling or grammar
-
Be wary if you’re asked to open an attachment or link to avoid either negative consequences or to gain something of value
If you think you have received a phishing email, trust your instincts and please report it to the IT Helpline by emailing [email protected]
For more information on what to do if you have responded to a phishing attempt, please go to Managing Suspicious Emails.
Concerned your personal device has been compromised? Worried about malware?
If you are concerned that your device might have been compromised then you should take the following steps:
- Disconnect from the University network
- Follow the National Cyber Security Centre guidance on how to recover your device
Worried about malware?
Consider the use of anti-virus software on your devices. If you already have AV software, it must be active (receiving regular software updates). If your trial or licence has expired, you are no longer protected so need to upgrade or replace it as soon as possible.
Ensure you remove any outdated anti-virus software you have on your devices.
Your device should get regular security updates. Make sure you install them as soon as possible: don’t turn them off or ignore them.
Report an Information Security Incident
An information security incident is:
-
A suspected, attempted, successful, or imminent threat of unauthorised access, use, disclosure, breach, modification, or destruction of information
-
Interference with the operation of information systems
-
A breach of Information Security Policy or Procedures, including the Acceptable Use of IT Systems
All users who access, use or manage University information are responsible for reporting information security incidents.
This includes concerns about the security of an IT account, computer or University IT service, as well as loss or disclosure of paper information, or weaknesses in a business process.
If you are aware of, or suspect, an information security incident is taking or has taken place, please report it by clicking the button below. Please provide as much detail as you can about the incident.
Contact the Information Security team
For any information security advice, please contact the Information Security team. Email: [email protected]