To be safe you need to understand the different ways to keep yourself protected and how to identify and report cyber incidents.
For information on each of these, check out the following sections.
A cyber security incident is any event that threatens the security, confidentiality, integrity, or availability of information, services and/or systems. Attackers can use scare tactics or abuse users' behaviour or limited IT knowledge to obtain credentials, other information, or payment which can be used to spread the attack or gain financial benefit.
While the University has put in place reasonable safeguards to protect against malicious activity, only you can ensure your digital experience is safe and secure by acting appropriately and following good security practices.
Staff and students should be wary of:
If you know or believe an incident has occurred, report it to the IT Help Desk with as much information as possible. Please do not attempt to investigate incidents yourself, attackers can exploit many different types of vulnerabilities and interacting in any way is a risk.
For staff, students and visitors of UniSA please report any cyber security incidents to the IT Helpdesk by emailing ithelpdesk@unisa.edu.au or by calling (08) 8302 5000.
For external people reporting misuse or abuse of UniSA IT facilities, please report the incident to abuse@unisa.edu.au.
The "International Travellers Cyber Security Guideline" (download PDF guide) is to assist you in staying secure before, during, and after your trip. Travelling internationally can pose significant additional risks to information stored on or accessible through your devices. Whether travelling for work, research, or vacation, it is very important that you are prepared against the unique cyber security threats of global travel.
Unexpected e-mail messages that have you click on links, open attachments, or disclose sensitive information can be seriously malicious.
You should remember that all sections of an email you receive, including the sender, can be manipulated to look however an attacker wants it to.
UniSA prevents the majority of spam and phishing from reaching staff and students but not all unwanted emails can be stopped and it is important that users can identify and learn how to deal with to these emails.
Spam is unsolicited and/or bulk emails usually with a commercial focus on promoting or selling products. These can be a nuisance but don't need to be reported, blocking senders or unsubscribing from services are an effective control.
Phishing is a malicious email that attempts to gain some benefit from your interaction, such as responding or clicking a link. Websites that contain malware or other payloads don't require any interaction besides you opening the website. Any response informs attackers they've sent to a legitimate email address which can lead to further use of your email, such as trying to login as you.
The two main types of phishing emails are credential submission (getting you to enter your credentials into a website) and impersonation attempts (pretending to be someone you know to convince you to do something).
Staff and students should be aware of:
If you're suspicious of an email you SHOULD NOT click links, open attachments, or respond. The email should be forwarded as an attachment (Ctrl + Alt + F) to the IT Help Desk (ithelpdesk@unisa.edu.au). However, if you have interacted with the email please follow the recommended process:
Good password selection and management can help keep your accounts secure and minimise the risk of compromise.
Consider the following tips to improve the security of your password:
Passwords can be hard to remember, and it is considered best practice to use a unique password for each of the personal websites and services you have access to.
A password manager can help you keep track of all your passwords in one place and make it easy to retrieve those passwords and enter them into websites and services as you need them
If you do choose to use a password manager, it will contain every password you use. It is then very important to use a strong and memorable password to protect it. You may also be able to take other pre-cautions such as requiring multi-factor authentication (MFA).
While looking for the password manager that may be right for you, advice from renowned vulnerability researcher Tavis Ormandy is “… using the one already built into your browser”. Browsers like Google Chrome, Microsoft Edge, Apple Safari and Firefox provide many of the same functions as an online password manager, including integrating with your browser, while avoiding the issues found in third party password manager integrations.
Our recommendation is try out the password manager functionality in your web browser and see if it works for you. ZDNet have an article that will get you on your way: https://www.zdnet.com/article/is-it-ok-to-use-your-browsers-built-in-password-manager
If you are still unsure of the benefits of a password manager, How-To Geek have an article that may help https://www.howtogeek.com/445274/how-safe-are-password-managers
If you are interested in a third-party online password manager, tom’s guide has an article available: https://www.tomsguide.com/us/best-password-managers,review-3785.html
Your device is one of the most important components of your work or studies at UniSA and it is important that it remains protected and free from malware.
UniSA devices have managed antivirus and commonly-required software but they still require consideration from users.
Good practices for protecting your device include:
Some resources that provide additional information about cyber security and how you can act include:
From ransomware and phishing to unattended laptops and business fraud, Cyber Security threats are many and they are real. There are plenty of bad actors ready to take advantage of our mistakes. Even when mistakes are not being engineered and leveraged by malicious outsiders, poor cyber security habits can lead to difficult and costly situations for you and your University.
UniSA staff can access to Cyber Security Awareness video modules that will help you understand, identify and mitigate the cyber security risks stemming from easily corrected errors we make every day.
Start accessing these training modules through the training link here or find further information on our Cyber Security Awareness page.
MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.
Multi-factor authentication is a way of increasing the security of your account. When you login to a service you are providing a “factor” of authentication, usually a password. This is referred to as “something you know”, but there are other factors such as “something you have” and “something you are”. MFA adds the ability for you to use “something you have” to also help prove that you are who you say you are, in this case a mobile device that only you have.
The way it works is that when you login to certain UniSA services you will be asked to provide your regular account and password, and then you may be asked for a code or to approve a notification that will be sent to your mobile device. This prevents a hostile party from using your account without your permission, as only you will have access to your mobile device so only you will be able to provide the code or approval.
Passwords can be stolen, guessed or hacked, and compromised user accounts have become one of the primary methods used by cyber criminals to gain access to networks and data. New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.
Multi-factor authentication adds a second factor of authentication as an additional layer of security to make sure that no one else can access your account, even if they know your password. The second factor of authentication is separate and independent to the password step and never uses or sees your password.
When you attempt to access certain UniSA applications and services, you will be prompted to enter your username and password as usual (the first ‘factor'). You will then be taken to an additional MFA screen. The first time you visit one of these MFA pages, you will be asked to enroll an MFA factor, either SMS or a mobile application (the second 'factor'). On subsequent visits, you will be directed to an MFA screen where you will be asked to submit a code or approval sent to your enrolled MFA factor. This additional step is used to verify the person logging in is really you, not someone else that has stolen your credentials.
All UniSA staff and students will be required to register and use MFA to access UniSA applications and services
Your mobile device number is securely stored with UniSA’s provider and is only used for the purpose of your account security.
NOTE: UniSA has been notified by our service provider for multi-factor authentication, that as of Monday 17th October 2022 they will cease to service requests from the countries identified by the United States regulatory changes to their export control laws. As such any UniSA users will not be able to access UniSA’s digital environment from Cuba, Iran, North Korea, Syria, the regions of Crimea, Luhansk (LNR) or Donetsk (DNR either directly through the internet or through a VPN (virtual private network).
UniSA supports Multi-Factor Authentication using the Okta Verify mobile application and SMS messages.
Note: SMS text messages do require cellular access
If you do not have a mobile phone, please contact the IT Help Desk.
NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface
Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via the Okta Verify App page.
NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface
Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via SMS Code page.
If you have previously enrolled in MFA via the Okta Verify App or SMS, follow the instructions below to enroll in an additional MFA factor
PLEASE NOTE: If you select the option to enroll a factor you have already enrolled, you will receive a '403 Access Forbidden' error.
If you cannot log in using the previously configured MFA factors, please contact the IT Help Desk.
The first thing you should do is contact the IT Help Desk and let them know. They can reset your factor to allow you to re-register a new number or in the case of a lost phone, they will disable the ability for your old phone to be available for MFA. Once you are setup with a new phone you can register it for MFA using the steps in this FAQ.
Or for step-by-step instructions (including screenshots) see Sign-In with MFA page.
You will be prompted for MFA when connecting to UniSA applications and service while on:
Once you are logged in, you will not get prompted again until you logoff or your login times out.
Or for step-by-step instructions (including screenshots) see How can I remove Okta verify app OR SMS authentication page.
Service |
Risk Factor |
Outlook Web Access |
Reduce email account takeovers and identity abuse. (e.g. impersonation of employees) |
myHR |
Protect personal and financial information associated with myHR stored value services |
F5 Big-IP Edge Client VPN |
Prevent users connecting to the UniSA network and resources using your credentials. |
Office 365 Applications |
Prevent users accessing SharePoint, MS Teams, Webmail, etc using your credentials. |
Appian Workflows |
Prevent users connecting to Appian workflows using your credentials. |
Other staff services that require MFA include:
CiAnywhere & finance workflows, ProMaster, ExpenseMe, AssetBank, myOSH, AskLibrary, AskPTC, AskCampus Central, AskOnline, Career Hub, SkillsForge, InPlace, Marketing Cloud, Service Cloud, Genesys PureCloud, StudyLink, TimeTrade.
Service |
Risk Factor |
Office365 | Protect your data data and email |
Learning Planner | Prevent users accessing and changing your data |
learnonline (Moodle) | Prevent users accessing and changing your data |
learnonline (UniSA Online Moodle) | Prevent users accessing and changing your data |
Library Catalogue | Prevent users using your credential to access UniSA resources |
myCourseExperience (Student) | Prevent users accessing and changing your data |
Student Portal (myUniSA) | Prevent users accessing and changing your data |
Study Planner | Prevent users accessing and changing your data |
Teaching | Prevent users using your credential to access UniSA resources |
UniSA Student App | Prevent users using your credential to access UniSA resources |
Zoom | Prevent users using your credential to access UniSA resources |
eReserve | Prevent users using your credential to access UniSA resources |
Student Calendar Tool | Prevent users accessing and changing your data |
Gartner | Prevent users using your credential to access UniSA resources |
Library - LinkedIn Learning | Prevent users using your credential to access UniSA resources |
Panopto - AU | Prevent users using your credential to access UniSA resources |
PrintIQ | Prevent users using your credential to access UniSA resources |
SafeZone | Prevent users using your credential to access UniSA resources |
StudyLink | Prevent users accessing and changing your data |