Handwritten Text Recognition for manuscripts and early printed texts
"We're all in this together" - educating users on the importance of cyber security
1. “We are all in this together” -
educating users on the
importance of cyber security
Frank Wadmore
IT networks and security
manager, University of Central Lancashire
2. Created by - Frank Wadmore7-8 Nov 2018
We’re all in this together
Educating users on the importance of cyber security
3. Created by - Frank Wadmore7-8 Nov 2018
Things are expected to just work
• Gas, Water, Electricity ……IT (4th utility)
• Take the car industry….
• Service intervals of years
• Run flat tyres
• Dynamic cruise control and lane assist
• So complex they have to be reliable otherwise to expensive to own
• Users heavily reliant on technology
• Must work first time
• Easy to setup
• Must be able to do everything
• Help you get from A-B and by the transport of your choice
• Walking round with their life compressed in to small box in their pockets
• And when they don’t, we buy new
4. Created by - Frank Wadmore7-8 Nov 2018
BBC News clipping
5. Created by - Frank Wadmore7-8 Nov 2018
2015 – Preparing for an Attack
• Crash team
• Who should be involved
• Depends on type of incident,
• Time of day and who was available
• Who would we inform and how
• Depends on type of incident,
• Time of day and who was available
• What would be our immediate steps
• Depends on type of incident,
• Time of day and who was available
• Clearly this would have to be a team effort and not just involving IT
6. Created by - Frank Wadmore7-8 Nov 2018
2015 – Our 1st Ransomware Attack
• Over 6,000 imaged clients
• Over 700 imaged mobile clients
• 38 buildings
• 7 remote sites including our Cyprus campus
• 600+ servers
• 1,200+ switches
• Nearly 1,000 shares
• 2,500+ staff users with access to multiple shared drives
•Oh……..@%$#%cks!!!!!!!!!!!
8. Created by - Frank Wadmore7-8 Nov 2018
Network Traffic
9. Created by - Frank Wadmore7-8 Nov 2018
Time Line
• 11: 00 -The malicious site went live
• 14:30 - We got hit
• 15:30 - It was reported to the Infrastructure team
• 16:00 - Files stopped being encrypted
• 16:15 – Locked all shared drives
• 19:00 - User and machine located
• 20:30 – Located entry route and .exe, sent file to McAfee and requested new DAT
• 21:15 - Kicked off restore of affected shared drive from last back up (24hr)
• 21:30 – Six hours after first being informed of issue, Team goes home
• Next day - Distribute new DAT
• Talk to user and find out what they had done
• 12:00 - Unlocked shares (Business as Usual)
• Team debrief
10. Created by - Frank Wadmore7-8 Nov 2018
And then it began!
• Ransomware outbreaks on a weekly basis
• At least 24 hours of disruption to the business (worst case – 48hrs)
• Extremely resource intensive
• Impact on other projects
• Each time user was oblivious about what they had done
• All zero days
• There had to be a better way
11. Created by - Frank Wadmore7-8 Nov 2018
Our response to each incident
• Locked all shares
• Identify the user – Time and
resource consuming
• Locked device and user off
network
• Visit user (in pairs) -
• Introduced our selves
• Informed them what had
happened.
• Reassured them that they were
not in trouble
• Questioned users at to what they
were doing
• Educated user
• Sent files to McAfee
• Distributed new DAT file
• Rebuilt affected drives
• Cleaned infected PC
• Re-enable user and device
• Wait for next out break
12. Created by - Frank Wadmore7-8 Nov 2018
?
C:
D:
N:
S:
T:
A
B
.
.
.
ZExe
Exe
Ransomware – Honey Pots
(000-UCLan)
(zzz-UCLan)
Windows File Auditing
13. Created by - Frank Wadmore7-8 Nov 2018
Still Resource Intensive
• Managed to limit the impact on the business
• Still same resource required to follow up on incidents
• New firewalls deployed helped
• Ransomware incidents replaced by other types of incidents
• Educating was only hitting a small number of users
14. Created by - Frank Wadmore7-8 Nov 2018
Users responses ranged from…..
Its not my problem. “IT” shouldn’t
have let this happen!
I’m so sorry, am I in
a lot of trouble now?
16. Created by - Frank Wadmore7-8 Nov 2018
Buy in from Senior Management
Finance
Learning & Information ServicesHuman Resources
Communications & Engagement
Recruitment & Partnerships Service
Information Governance Manager
Academic Registry Planning & Insight Team
Research Services
Legal & Governance Corporate ServicesCorporate Records ManagerIT Data Networks & IT Security
Chair - Pro Vice Chancellor (Corporate Dev.)
Senior Executive Team
ISDQ
(Information Security & Data Quality Group)
17. Created by - Frank Wadmore7-8 Nov 2018
Mandatory Training
(senior management buy in)
• Only 12% staff under taken some form of security training
• GDPR
• Information Security Essentials
• Safe Guarding
• PCI DSS (SIG)
• Nearly 90% staff have now under gone training
18. Created by - Frank Wadmore7-8 Nov 2018
Some Surprising Results
• Users taking the test multiple time
• A lot more calls to the Security team asking for advice
• Some staff became over zealous with securing attachments
19. Created by - Frank Wadmore7-8 Nov 2018
Making it personal
• Be thankful that this happened at work – “When its gone, its gone”
• Don’t use work related passwords for private use and visa versa, the
consequence could be very bad for all
• This is a global problem so spread the word to family and friends
20. Created by - Frank Wadmore7-8 Nov 2018
View an accessible text-only version of this email
10 DAYS TO GDPR DAY
It’s only 10 days until the General Data Protection Regulations (GDPR) come into force and it’s
essential that appropriate technical and organisational measures are in place and staff are fully
informed to ensure personal or confidential data is kept secure and not lost, damaged, destroyed
or disclosed without authority.
The University handles a large amount of personal information about our stakeholders, so staff
awareness of the following procedures is paramount.
Information Governance incident reporting
Sent an email containing student data to an unauthorised person? Lost your SurfacePro? Misplaced
papers containing personal contact details? Any breaches relating to the use of personal or
confidential information need to be reported as soon as possible through the new Information
Governance Incident Reporting form. This ensures that the incident is quickly raised with the
Information Governance and Information Security teams, who can follow up as appropriate and if
necessary report it to the Information Commissioner’s Office – we only have 72 hours to report to
the ICO so swift reporting is essential.
Guidance on what an information governance incident is can be found on the Staff Intranet.
Data Protection Impact Assessment template and guidance launched
Data protection impact assessments (DPIAs) are an important tool to help identify any data
protection and GDPR risks associated with a project, initiative or policy so that those risks can be
addressed and resolved early in the work programme. They should be used at the start of any
project or change to a procedure or an activity where personal data will be processed, regardless of
the size and scale of the project.
The template and guidance can be found in this document on the Staff Intranet.
If you have any queries regarding the above or if you need to seek guidance on a completed DPIA,
please contact the Information Governance Manager (DPFOIA@uclan.ac.uk) with your questions.
Visit the Policies and guidance SharePoint page for further information and associated templates
relating to data protection, freedom of information and records management matters.
View an accessible text-only version of this email
Seven steps to a GDPR spring clean
The clocks have gone forward and with spring in the air and GDPR looming on the horizon,
here’s some steps you can take to get organised and clear the clutter. Keep the golden rule in
mind to REDUCE and REORGANISE whilst also ensuring the data which needs to be retained
is safe and secure.
1. The Banner system is currently being decluttered with expectations that up to nearly 500 users
who don’t need access can be removed. You too can take action by reviewing and updating the
shared drives, mailboxes, IT systems and SharePoint sites under your control or have access to.
2. Spring clean your desk – dispose of paperwork you no longer require, making sure that you only
use the confidentiality bins to dispose of any confidential information.
3. Portable hard drive hoarder? USB user? Lost USBs, disks and hard drives you carry around have
the potential to fall into the wrong hands. Keep your data secure by using encryption* or consider
using an alternative solution by saving data using authorised IT systems. BitLocker is an encryption
tool that can be used to encrypt portable media devices, while 7-Zip is a File Manager which allows
you to compress, encrypt and zip files; both are available on all UCLan PCs.
4. Online and remote working are great – but ensure you’re using authorised and secured IT systems.
Drop the Dropbox and Google Drive antics, the only online cloud storage approved by UCLan is
OneDrive from Office 365. Applications in the Office suite (Word, Excel, PowerPoint etc.) all have the
feature to enable files to be password protected and help you work securely.
5. Dig out your original iPad and any redundant IT equipment and hand back to LIS to dispose of
securely.
6. Get into the GDPR habit. All information we work with is valuable. Ensure you don’t leave sensitive
or personal information unattended on desks, by the photocopier or visible on your computer screen.
If it is personal, put it away.
21. Created by - Frank Wadmore7-8 Nov 2018
Wishing you a safe cyber Christmas
View this email in an accessible text-only version
Christmas, the season of goodwill – or so you’d like to think. If you’re busy shopping online for
mobile devices, laptops, PCs and games consoles as gifts or better still, lucky enough to find one
with your name on it under the Christmas tree, here’s some timely advice about Malware –
something which won’t be on anyone’s Christmas list this festive season.
Malware is malicious software designed specifically to find its way onto your device in order to
manipulate or cause damage. Some versions can also record and steal your information including
your credit card account details – a real nightmare before Christmas!
Viruses - no, not the one you’re likely to catch just after your office party. A computer virus is
designed to cause damage, steal personal information, modify data, send e-mails, display messages,
or a combination of these actions. Viruses are always attached to a program, file or document.
Worms function without the need to ‘piggyback’ onto files, so if you’re connected to a network, a
worm can break into your computer without you necessarily doing anything. They infiltrate
networks and computers by finding gaps and soft spots in the code and cause harm by deleting,
modifying, distributing, or otherwise manipulating data, making your device act strangely.
Trojans are impostors – files that claim to be something desirable but containing malicious code
and when triggered can cause loss or even theft, of data. In order for a Trojan to spread, it has to be
‘invited in’, by, for example, opening an email attachment. Trojans differ from viruses and worms in
that they are a one-off infection and can’t copy and spread themselves.
Adware and Spyware doesn’t attack directly but is more passive aggressive - opening doors and
passing along information, often without causing much harm to your device. Adware pushes ads
onto your device when downloaded and monitors the websites you visit in order to present you
with more adverts hoping you’ll just click. Spyware is the ‘watchful eye’ of malware. Gathering
information, tracking your activities and monitoring your browsing activity. It may even record your
keystrokes – obviously an issue when typing in passwords.
View this email in an accessible text-only version
Happy Halloween!
Here’s some spooktacular advice from our IT Security Team to make sure you're not tricked into
clicking a link or attachment in a scary scam email.
Over the past year the University has invested heavily in new technologies to prevent and protect
against online threats, however, it’s still essential for staff and students to remain vigilant where
emails are concerned. Make sure you dodge the fiendish fraudsters and ensure you don’t fall into a
trap by responding to requests for personal information.
To avoid getting caught up in a web of conspiracy and cons, don’t click on any links or open any
attachments, without double checking whether the e-mail is legitimate and ask yourself some
simple questions:
1.) Does something look strange or wrong with the email address of the sender?
2.) Are you expecting an email from the sender or is the communication unexpected? If the
content sounds too good to be true … it usually is!
3.) Are you being addressed by your proper name? Scam emails often use a non-specific
greeting such as “Dear customer.”
4.) Is there a request for personal and confidential information such as username, password
or bank details?
5.) Are there any grammatical and spelling errors in the email text?
Be particularly careful if you have set up accounts with large businesses such as Amazon using your
UCLan e-mail address. Many rogue e-mails look like they come from legitimate businesses and can
trick us into unleashing ghoulish gremlins onto the University network or your home PC or laptop.
Stay safe online both at home and at work by using tools such as Virus Total, a free online checker,
useful for checking files or URLs and find out more about protecting yourself from the horrors of
cybercrime with free expert advice at Get Safe Online.
25. Created by - Frank Wadmore7-8 Nov 2018
Regular topical updates
26. Created by - Frank Wadmore7-8 Nov 2018
Regular topical updates
WARNING - Spear Phishing on the
increase
Most of us have probably been sent a phishing email
at some time. Phishing emails are blanket emails sent
to millions of addresses across the globe everyday,
hoping that some recipients will be caught off guard
and respond.
A more sophisticated attack known as Spear Phishing,
target individuates directly is now on the increase and
is much harder to spot. The Phishers are doing their
homework and know the types of emails you expect
to receive and when.
Please take time to view the You Tube video (Spear
Phishing Awareness) for some useful advice on how to
spot a Spear Phishing email.
Think before you Click
27. Created by - Frank Wadmore7-8 Nov 2018
Web links
• https://securingtomorrow.mcafee.com/
• https://www.getsafeonline.org/
• http://www.pewinternet.org/quiz/cybersecurity-knowledge/
• https://www.thecompleteuniversityguide.co.uk/preparing-to-
go/staying-safe-at-university/top-tips-to-stay-safe/
28. Created by - Frank Wadmore7-8 Nov 2018
Summary
• Users need to be drip fed
• IT has got to be interesting and in bite size chunks
• Try and keep it non-technical
• Make it personal
• Encourage users to report incidents
• Get senior management buy in
• Mandatory training worked for us
• Establish a good relation ship with your communications team
29. Created by - Frank Wadmore7-8 Nov 2018
Questions?