Skip to Main Content

Digital Basics Guide

This page outlines the essential digital skills students need for their studies and outside curriculum.

Digital Safety

As mentioned previously, the internet is a massive place and unfortunately with that comes bad actors who will purposely try to cause harm to users. This could come it lots of different forms like stealing personal information (like national insurance numbers or banking information), impersonating a user or installing malicious software on a device. Knowing how to avoid, prevent and defuse these situations are important for staying safe online. 

Accounts and logins

When using websites, apps or online services, you might be asked to log in more than once, even if it seems like you're staying on the same site. This is because many online platforms are made up of different systems, each with their own security and login process.
For example, you might have separate logins for:
•    Your email account
•    A shopping or streaming service
•    A learning platform
•    Cloud storage or productivity tools
•    Forums, social media, or banking apps
Even if some of these services are connected or look similar, they often run on different systems behind the scenes. That’s why you may be asked to enter your details again when switching between them. This is to ensure that you have varying levels of protection between websites or applications. 
It is highly recommended that you use a different password per account owned to ensure that security between account is maintained. If a hacker manages to access an account with a username and password combination, by using different passwords across account that ensures that other accounts are protected. See our article discussing password management here .

MFA 

MFA stands for Multi-Factor Authentication and is a security process that requires individuals to provide multiple forms of identification before accessing a system, application, or online account. This makes it more challenging for unauthorised users to gain access to sensitive data, even if they manage to obtain login credentials. 

MFA has already been successfully implemented for all staff and students across the university, which has added a valuable layer of protection to everyone’s accounts. 

University of Staffordshire currently permits mobile phone calls, SMS messages and the Microsoft Authenticator application to be registered for MFA. Although mobile phone calls and SMS is permitted, we recommend that everyone uses Microsoft’s Authenticator application as this is recognised as the most secure method. It is also incredibly easy to use as this requires you to simply enter a code that is displayed on your computer screen into the application, and authorisation is complete! 

At the University we require all staff to register for Multi-Factor Authentication, and we combine a risk-based approach alongside periodic authentication when accessing cloud applications from off-campus locations.  
You can view our MFA guidance here, and the National Cyber Security Centre (NCSC) provide advice about how to register for MFA for social media/e-mail accounts.  

Safe Web Browsing 

As mentioned above, it is important to be careful which sites you browse to as they can be a source of malware, but can also steal your personal data, such as login credentials or financial details. 

The image below displays a message that you may see when there is a security concern with a website, and any communication being sent is not secure, meaning that any details entered (username/password or bank account details) could be maliciously intercepted and stolen.  
Although it is possible to bypass this message and continue, we request that users do not continue in this situation, and if you feel that the site is legitimate, please raise a ticket via Solve so that we can investigate

These types of attacks are more likely when connecting to open wi-fi networks, such as coffee shops or airport wi-fi, so we recommend that you only connect your university device to secured wi-fi networks that have been provided by trustworthy suppliers, rather than public wi-fi. 

Phishing 

Being aware of what phishing is, and how we can help to detect and report phishing is really important. Check out our article containing phishing examples and advice. 

In addition to e-mail phishing, there are other techniques such as ‘vishing’ and ‘smishing’.  

Vishing 

This stands for ‘Voice Phishing’ and involves rogue calls where the caller claims to be from within the university, or from a legitimate external company, and will request the recipient provides confidential details, or accepts MFA requests that have been instigated by the attacker themselves.  

Smishing 

This stands for ‘SMS Phishing’ and occurs when criminals send fake SMS text messages claiming to be from a legitimate contact, in order to trick the recipient into clicking on malicious links, performing bank transfers or providing sensitive details. 
If you experience either of these and you are unsure if they legitimate, please end the call and do not reply to any message. Instead, separately search for the company’s legitimate contact details and contact them through the official channels in order to verify the authenticity of the communication. 

If you feel that you have been a victim of these on your university numbers, please advise us immediately via Solve. If you have concerns regarding any vishing calls or smishing messages on your personal number, please refer to the NCSC page for advice.  

What is Malware and how do they do damage

A computer malware is a malicious string of code or program that is designed to spread between different systems to cause harm and damage to a user’s device. Malware poses a serious security risk to a user’s data as they can can sit undetected and often will multiply attaching themselves to other documents and programs.  

Due to this, they can often cause damage to a device by corrupting data (meaning you’ll lose important information or apps off your device, slow down your device or even disable security features on your device to download even more harmful softwares. Some malware can also capture your activities or even capture the keys you type in to record passwords or other sensitive information which can be used against you or to commit fraud using your identity.  

Different types of Malware 

You might not  be familiar with what Malware means or maybe you’ve heard of a form of malware such as virus or trojan, which is a form of malware. Malware can come it different shape and sizes such as:  

  • Virus – A common malware which can infect a device through a user’s interaction and is often designed to destroy, corrupt or slow down data on a device.  
  • Worms – Similar to a virus but does not require any user interaction as it will “tunnel” and create copies of itself on a device. 
  • Trojan – Masquerading as legitimate software but found on a suspicious website, trojans will then download and install other types of malware like viruses or worms. But can also be used to record keystrokes (what keys you enter when typing in information) or send your personal information to another individual. 
  • Spyware – Collects your personal or sensitive information without your knowledge which can be used in identity theft. 
  • Ransomware – A malware that threatens a user by destroying or blocking access to a system or data until a ransom is paid. (Even if paid, the ransomware can remain on a device and triggered again at a later date)  
  • Adware – Installs on a device without the user’s consent often to download advertisements to make money off displaying adverts and click throughs. (Can lead to malicious links being pressed)  

How does a device get malware 

Like real viruses, a malware can attach itself to different items that are accessible digitally and then will reproduce and spread on other forms of files that you might create. For example:  

  • Clicking on a suspicious link on a webpage without knowing it’s place of origin or if it’s been verified safe 
  • Opening or downloading email attachments that have not been scanned or know the user who has sent them 
  • Downloading files off the internet without it being verified or safe.  

Signs your computer is infected 

There are a number of signs that a device could be infected, a good indication that something might be wrong with the device is if it slower then usual or frequent crashing and freezing.  

For malware like adware or ransomware these will often use popups making themselves obvious, however other malware like trojans, viruses or spyware can go undetected.  

Preventing Malware 

Malware just like technology can and often does get updated with new ways of infecting devices. However there are steps that you can take to avoid malware getting onto a device or it being detected.  

  1. Ensure that a virus detector/ firewall is enabled – By far the most important step that you can take to prevent malware is to ensure that your firewall is enabled in your device’s settings. By default these are enabled automatically in your device, but it can be turned off either by another user or a piece of software / malware. Firewalls often protect your device and will alert you to any potential issues that a device might encounter regarding malware. Be sure to have it enabled, as you browse the internet. You can find Windows Security support here or if you are on a Apple product find that here
  2. Run a Malware scans – Often, the firewall will come installed with a scan that you can perform on a device. Be sure to often complete a full scan on your device to ensure that it is clear of malware. (Full scans can take a while to complete and can slow down your device.)  
  3. Update your device – Updating your device and the applications on the device, will ensure that the latest security features are enabled, also preventing newer malwares from gaining access to a device through old programs.  
  4. Be sure you know what you are accessing – Being sure you are on the right website that is secure is vital to avoiding malware. Make sure that website you are access have the correct URL domain (looking for things like incorrect spelling or abnormal URLs that differ from www.[websitename].co.uk (com or another typical domain ending). Check for the padlock on the left of a URL as it will tell you if the webpage is labelled as safe.   
  5. Don’t use pirated software – Something that’s free is often too good to be true, that’s especially the case when it comes to the internet. While yes you might get a product for free, it often comes with the caveat of having a form of malware installed alongside the program.  
  6. Be careful downloading app – While the apple and google Appstore does check for malware in apps to ensure that it is save, it can still get through. Before downloading anything, make sure that the app’s developer website is safe.  
  7. Stay away from popups and ads – Malware can be hidden in adverts or popups, if you see something that does interest you, instead of selecting the popup, use the browser to search for the advert first and be sure to check if the link is safe and legitimate before going further.
  8. Keep a sense of scepticism – Be alert and aware of links or attachments that you weren’t expecting in emails or other messages. Be aware of what you click on and find secure and legitimate websites to access.