Protect yourself

If you know or believe an incident has occurred, report it to the IT Help Desk with as much information as possible. Please do not attempt to investigate incidents yourself, attackers can exploit many different types of vulnerabilities and interacting in any way is a risk.

For staff, students and visitors of UniSA please report any cyber security incidents to the IT Helpdesk by emailing ithelpdesk@unisa.edu.au or by calling (08) 8302 5000.

For external people reporting misuse or abuse of UniSA IT facilities, please report the incident to abuse@unisa.edu.au.

Travelling internationally can pose significant additional risks to information stored on or accessible through your devices. Whether travelling for work, research, or vacation, it is very important that you are prepared against the unique cyber security threats of global travel.

ISTS have compiled an "International Travellers Cyber Security Checklist" to assist you in staying secure before, during, and after your trip.

Unexpected e-mail messages that have you click on links, open attachments, or disclose sensitive information can be seriously malicious. 

You should remember that all sections of an email you receive, including the sender, can be manipulated to look however an attacker wants it to.

UniSA prevents the majority of spam and phishing from reaching staff and students but not all unwanted emails can be stopped and it is important that users can identify and learn how to deal with to these emails.

Spam is unsolicited and/or bulk emails usually with a commercial focus on promoting or selling products. These can be a nuisance but don't need to be reported, blocking senders or unsubscribing from services are an effective control.

Phishing is a malicious email that attempts to gain some benefit from your interaction, such as responding or clicking a link. Websites that contain malware or other payloads don't require any interaction besides you opening the website. Any response informs attackers they've sent to a legitimate email address which can lead to further use of your email, such as trying to login as you.

The two main types of phishing emails are credential submission (getting you to enter your credentials into a website) and impersonation attempts (pretending to be someone you know to convince you to do something).

Staff and students should be aware of:

• Unsolicited emails, including sender or content, unrelated to your role
• Senders who appear to be a UniSA staff member but the email doesn't come from an @unisa.edu.au address
• Use of scare tactics or threats to perform an action
• Links to a website to enter credentials (particularly Outlook, OneDrive, or other Microsoft service)

Good password selection and management can help keep your accounts secure and minimise the risk of compromise.

Consider the following tips to improve the security of your password:

• Strong passwords should:
  • Contain at least 12-16 characters (or more, if the system supports it!)
  • Be entirely unique to each system (re-using a password gives attackers access to more of your information and resources when they compromise that password.)
  • Not contain your name or personal information
  • Not be a single word or common phrase
  • Not be shared with other people or written down on paper
• Consider:
  • Enabling MFA for any service that supports it (This means attackers can’t log in even if they know your password!)
  • Using a password manager app, which can securely store all your passwords (see below for tips on using password manager apps)
  • Using a ‘pass-phrase’ (a password combining several words), such as a quote from your favourite book or movie, or a reference you can easily remember; or,
  • Take the first letter from each word and punctuation in a sentence to create a complex password you can easily remember. For example, “5 minutes ago, I came up with this random sentence.” could become “5ma,Icuwtrs.”

Passwords can be hard to remember, and it is considered best practice to use a unique password for each of the personal websites and services you have access to.

A password manager can help you keep track of all your passwords in one place and make it easy to retrieve those passwords and enter them into websites and services as you need them

If you do choose to use a password manager, it will contain every password you use. It is then very important to use a strong and memorable password to protect it. You may also be able to take other pre-cautions such as requiring multi-factor authentication (MFA).

While looking for the password manager that may be right for you, advice from renowned vulnerability researcher Tavis Ormandy is “… using the one already built into your browser”. Browsers like Google Chrome, Microsoft Edge, Apple Safari and Firefox provide many of the same functions as an online password manager, including integrating with your browser, while avoiding the issues found in third party password manager integrations.

Our recommendation is try out the password manager functionality in your web browser and see if it works for you. ZDNet have an article that will get you on your way: https://www.zdnet.com/article/is-it-ok-to-use-your-browsers-built-in-password-manager

If you are still unsure of the benefits of a password manager, How-To Geek have an article that may help https://www.howtogeek.com/445274/how-safe-are-password-managers

If you are interested in a third-party online password manager, tom’s guide has an article available: https://www.tomsguide.com/us/best-password-managers,review-3785.html

Your device is one of the most important components of your work or studies at UniSA and it is important that it remains protected and free from malware.

UniSA devices have managed antivirus and commonly-required software but they still require consideration from users.

Good practices for protecting your device include:

• Don't leave devices unlocked or unattended
• Store devices in a secure location
• Install antivirus software, including on your phone (Tom's Guide provides reviews of free antivirus software)
• Using a password/pin and/or encryption
• Setup remote tracking and wiping in case the device is lost (eg. Find My Phone)
• Backup your data regularly to an external location such as OneDrive, an external hard drive or a UniSA managed location (e.g. SharePoint or shared drives)
• Only install legitimate software and keep it updated

Some resources that provide additional information about cyber security and how you can act include:

• Stay Smart Online - an Australian Government website that provides information on protecting yourself online and the latest online threats
• ASD's Essential Eight - The Australian Signals Directorate's Essential Eight are the Top 8 recommendations for improving your organisation's cyber resilience and how they protect your organisation and users
• Stay Safe Online - The National Cyber Security Alliance (NCSA) builds strong partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and academic unit with the information they need to keep themselves safe and secure online and encourage a culture of cyber security
• UniSA Portal Announcements - From time to time the IT team will publish cyber security information in our Staff and Student portals where we would advise on new information on how keep you safe

From ransomware and phishing to unattended laptops and business fraud, Cyber Security threats are many and they are real. There are plenty of bad actors ready to take advantage of our mistakes.  Even when mistakes are not being engineered and leveraged by malicious outsiders, poor cyber security habits can lead to difficult and costly situations for you and your University.

UniSA staff can access to Cyber Security Awareness video modules that will help you understand, identify and mitigate the cyber security risks stemming from easily corrected errors we make every day.

Start accessing these training modules through the training link here or find further information on our Cyber Security Awareness page.

MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.