Systems up or down

 

Protect yourself

Banner - Protect Yourself

To be safe you need to understand the different ways to keep yourself protected and how to identify and report cyber incidents.

  • Know about Cyber Security incidents and who to contact for help
  • Stay informed and learn simple steps to identify and protect yourself from common issues such as phishing or spam
  • Be aware of where and how you use your accounts and passwords
  • Keep your devices secure and updated
  • Where to go for more information
  • Learn more with self paced Cyber Security Awareness Training modules

For information on each of these, check out the following sections.

A cyber security incident is any event that threatens the security, confidentiality, integrity, or availability of information, services and/or systems. Attackers can use scare tactics or abuse users' behaviour or limited IT knowledge to obtain credentials, other information, or payment which can be used to spread the attack or gain financial benefit.

While the University has put in place reasonable safeguards to protect against malicious activity, only you can ensure your digital experience is safe and secure by acting appropriately and following good security practices.

Staff and students should be wary of:

  • Unsolicited calls, emails, or social media requests for any business information
  • Emails containing links to enter a username and password
  • Forced urgency or threats to provide information or perform an action
  • Requests for payment or purchasing gift cards that are unusual or don't follow normal process
  • Change in behaviour or contact method from a colleague, business, or friend (such as use of a personal email instead of their business email)
  • Lax security compliance with policies or procedures
  • Unusual computer or application behaviour
IT Alerts

If you know or believe an incident has occurred, report it to the IT Help Desk with as much information as possible. Please do not attempt to investigate incidents yourself, attackers can exploit many different types of vulnerabilities and interacting in any way is a risk.

For staff, students and visitors of UniSA please report any cyber security incidents to the IT Helpdesk by emailing ithelpdesk@unisa.edu.au or by calling (08) 8302 5000.

For external people reporting misuse or abuse of UniSA IT facilities, please report the incident to abuse@unisa.edu.au.

fishing rode coming from PC

Unexpected e-mail messages that have you click on links, open attachments, or disclose sensitive information can be seriously malicious. 

You should remember that all sections of an email you receive, including the sender, can be manipulated to look however an attacker wants it to.

UniSA prevents the majority of spam and phishing from reaching staff and students but not all unwanted emails can be stopped and it is important that users can identify and learn how to deal with to these emails.

Spam is unsolicited and/or bulk emails usually with a commercial focus on promoting or selling products. These can be a nuisance but don't need to be reported, blocking senders or unsubscribing from services are an effective control.

Phishing is a malicious email that attempts to gain some benefit from your interaction, such as responding or clicking a link. Websites that contain malware or other payloads don't require any interaction besides you opening the website. Any response informs attackers they've sent to a legitimate email address which can lead to further use of your email, such as trying to login as you.

The two main types of phishing emails are credential submission (getting you to enter your credentials into a website) and impersonation attempts (pretending to be someone you know to convince you to do something).

Staff and students should be aware of:

  • Unsolicited emails, including sender or content, unrelated to your role
  • Senders who appear to be a UniSA staff member but the email doesn't come from an @unisa.edu.au address
  • Use of scare tactics or threats to perform an action
  • Links to a website to enter credentials (particularly Outlook, OneDrive, or other Microsoft service)

If you're suspicious of an email you should not click links, open attachments, or respond. The email should be forwarded as an attachment (Ctrl + Alt + F) to the IT Help Desk.

  • If an attachment was opened: disconnect your computer from the network by unplugging network cables and turning off WiFi and call IT Help Desk immediately
  • If credentials were submitted: please contact the IT Help Desk immediately to change your password
  • If a reply was sent: please stop any further communication and contact IT Help Desk for further help
Screenshot of Password field

User accounts and passwords provides access to important data and services in work, study and in life.

The core of good account security is using strong passwords, don’t reuse or share your password, and use multi-factor authentication when able.

Strong passwords favour

  • length (minimum 10 characters)
  • complexity (at least three from lowercase letters, uppercase letters, numbers, and special characters)
  • uniqueness (don't reuse the same password for different accounts). A sentence makes an excellent password that meets length and complexity, and is easy to remember

Password managers, such as LastPass or KeePass, are applications that can safely secure your passwords and account details. This makes it easier to have different and complex passwords for all your accounts while only needing to remember one strong password. 

Multi-factor authentication (MFA) uses multiple sources of authentication to protect against illegitimate access to your user accounts and passwords. Such examples of MFA include Google Authenticator or a code sent by SMS. Using MFA protects your account from being accessed even if your password is compromised. Consider using MFA in the internet services you use in daily life such as banking or social media.

Protect your device

Your device is one of the most important components of your work or studies at UniSA and it is important that it remains protected and free from malware.

UniSA devices have managed antivirus and commonly-required software but they still require consideration from users.

Good practices for protecting your device include:

  • Don't leave devices unlocked or unattended
  • Store devices in a secure location
  • Install antivirus software, including on your phone (Tom's Guide provides reviews of free antivirus software)
  • Using a password/pin and/or encryption
  • Setup remote tracking and wiping in case the device is lost (eg. Find My Phone)
  • Backup your data regularly to an external location such as OneDrive, an external hard drive or a UniSA managed location (e.g. SharePoint or shared drives)
  • Only install legitimate software and keep it updated
Contact

Some resources that provide additional information about cyber security and how you can act include:

  • Stay Smart Online - an Australian Government website that provides information on protecting yourself online and the latest online threats
  • ASD's Essential Eight - The Australian Signals Directorate's Essential Eight are the Top 8 recommendations for improving your organisation's cyber resilience and how they protect your organisation and users
  • Stay Safe Online - The National Cyber Security Alliance (NCSA) builds strong partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves safe and secure online and encourage a culture of cyber security
  • UniSA Portal Announcements - From time to time the IT team will publish cyber security information in our Staff and Student portals where we would advise on new information on how keep you safe
Photo of staff in a Video Conference

From ransomware and phishing to unattended laptops and business fraud, the threats are many and they are real. There are plenty of bad actors ready to take advantage of our mistakes.  Even when mistakes are not being engineered and leveraged by malicious outsiders, poor cyber security habits can lead to difficult and costly situations for you and your University.

UniSA staff can access to Cyber Security Awareness Training modules that will help mitigate the cyber security risks stemming from easily corrected errors we make every day.

Start accessing these training modules through the training link here.