Systems up or down

 

Protect yourself

Banner - Protect Yourself

To be safe you need to understand the different ways to keep yourself protected and how to identify and report cyber incidents.

  • Know about Cyber Security incidents and who to contact for help
  • Stay informed and learn simple steps to identify and protect yourself from common issues such as phishing or spam
  • Be aware of where and how you use your accounts and passwords
  • Keep your devices secure and updated
  • Where to go for more information
  • Learn more with self paced Cyber Security Awareness Training modules

How to protect yourself from phishing

For information on each of these, check out the following sections.

A cyber security incident is any event that threatens the security, confidentiality, integrity, or availability of information, services and/or systems. Attackers can use scare tactics or abuse users' behaviour or limited IT knowledge to obtain credentials, other information, or payment which can be used to spread the attack or gain financial benefit.

While the University has put in place reasonable safeguards to protect against malicious activity, only you can ensure your digital experience is safe and secure by acting appropriately and following good security practices.

Staff and students should be wary of:

  • Unsolicited calls, emails, or social media requests for any business information
  • Emails containing links to enter a username and password
  • Forced urgency or threats to provide information or perform an action
  • Requests for payment or purchasing gift cards that are unusual or don't follow normal process
  • Change in behaviour or contact method from a colleague, business, or friend (such as use of a personal email instead of their business email)
  • Lax security compliance with policies or procedures
  • Unusual computer or application behaviour
IT Alerts

If you know or believe an incident has occurred, report it to the IT Help Desk with as much information as possible. Please do not attempt to investigate incidents yourself, attackers can exploit many different types of vulnerabilities and interacting in any way is a risk.

For staff, students and visitors of UniSA please report any cyber security incidents to the IT Helpdesk by emailing ithelpdesk@unisa.edu.au or by calling (08) 8302 5000.

For external people reporting misuse or abuse of UniSA IT facilities, please report the incident to abuse@unisa.edu.au.

fishing rode coming from PC

Unexpected e-mail messages that have you click on links, open attachments, or disclose sensitive information can be seriously malicious. 

You should remember that all sections of an email you receive, including the sender, can be manipulated to look however an attacker wants it to.

UniSA prevents the majority of spam and phishing from reaching staff and students but not all unwanted emails can be stopped and it is important that users can identify and learn how to deal with to these emails.

Spam is unsolicited and/or bulk emails usually with a commercial focus on promoting or selling products. These can be a nuisance but don't need to be reported, blocking senders or unsubscribing from services are an effective control.

Phishing is a malicious email that attempts to gain some benefit from your interaction, such as responding or clicking a link. Websites that contain malware or other payloads don't require any interaction besides you opening the website. Any response informs attackers they've sent to a legitimate email address which can lead to further use of your email, such as trying to login as you.

The two main types of phishing emails are credential submission (getting you to enter your credentials into a website) and impersonation attempts (pretending to be someone you know to convince you to do something).

Staff and students should be aware of:

  • Unsolicited emails, including sender or content, unrelated to your role
  • Senders who appear to be a UniSA staff member but the email doesn't come from an @unisa.edu.au address
  • Use of scare tactics or threats to perform an action
  • Links to a website to enter credentials (particularly Outlook, OneDrive, or other Microsoft service)

If you're suspicious of an email you SHOULD NOT click links, open attachments, or respond. The email should be forwarded as an attachment (Ctrl + Alt + F) to the IT Help Desk (ithelpdesk@unisa.edu.au). However, if you have interacted with the email please follow the recommended process:

  • If an attachment was opened: 
    • Disconnect your computer from the network by unplugging network cables and/or turning off WiFi; AND
    • Call IT Help Desk IMMEDIATELY on (08) 8302 5000.
  • If credentials were submitted by clicking on a link within the email: 
    • Call the IT Help Desk IMMEDIATELY on (08) 8302 5000 to change your password.
  • If you replied to the email: 
    • Please stop any further communication
    • Call the IT Help Desk IMMEDIATELY on (08) 8302 5000 to change your password.
Screenshot of Password field

User accounts and passwords provides access to important data and services in work, study and in life.

The core of good account security is using strong unique passwords and using multi-factor authentication when able. 

For advice on creating and storing secure passwords, see our Passwords page.

Multi-factor authentication (MFA) adds a second factor of authentication to protect protect your account from being accessed even if your password is compromised. Consider using MFA for all services you use, such as banking or social media, when it is available.

Protect your device

Your device is one of the most important components of your work or studies at UniSA and it is important that it remains protected and free from malware.

UniSA devices have managed antivirus and commonly-required software but they still require consideration from users.

Good practices for protecting your device include:

  • Don't leave devices unlocked or unattended
  • Store devices in a secure location
  • Install antivirus software, including on your phone (Tom's Guide provides reviews of free antivirus software)
  • Using a password/pin and/or encryption
  • Setup remote tracking and wiping in case the device is lost (eg. Find My Phone)
  • Backup your data regularly to an external location such as OneDrive, an external hard drive or a UniSA managed location (e.g. SharePoint or shared drives)
  • Only install legitimate software and keep it updated
Contact

Some resources that provide additional information about cyber security and how you can act include:

  • Stay Smart Online - an Australian Government website that provides information on protecting yourself online and the latest online threats
  • ASD's Essential Eight - The Australian Signals Directorate's Essential Eight are the Top 8 recommendations for improving your organisation's cyber resilience and how they protect your organisation and users
  • Stay Safe Online - The National Cyber Security Alliance (NCSA) builds strong partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves safe and secure online and encourage a culture of cyber security
  • UniSA Portal Announcements - From time to time the IT team will publish cyber security information in our Staff and Student portals where we would advise on new information on how keep you safe
Photo of staff in a Video Conference

From ransomware and phishing to unattended laptops and business fraud, Cyber Security threats are many and they are real. There are plenty of bad actors ready to take advantage of our mistakes.  Even when mistakes are not being engineered and leveraged by malicious outsiders, poor cyber security habits can lead to difficult and costly situations for you and your University.

UniSA staff can access to Cyber Security Awareness video modules that will help you understand, identify and mitigate the cyber security risks stemming from easily corrected errors we make every day.

Start accessing these training modules through the training link here or find further information on our Cyber Security Awareness page.

MFA provides an extra layer of protection by adding an extra verification step when you log into UniSA websites and systems to make sure it’s really you.

Multi-factor authentication is a way of increasing the security of your account. When you login to a service you are providing a “factor” of authentication, usually a password. This is referred to as “something you know”, but there are other factors such as “something you have” and “something you are”. MFA adds the ability for you to use “something you have” to also help prove that you are who you say you are, in this case a mobile device that only you have.

The way it works is that when you login to certain UniSA services you will be asked to provide your regular account and password, and then you may be asked for a code or to approve a notification that will be sent to your mobile device. This prevents a hostile party from using your account without your permission, as only you will have access to your mobile device so only you will be able to provide the code or approval.

Passwords can be stolen, guessed or hacked, and compromised user accounts have become one of the primary methods used by cyber criminals to gain access to networks and data.  New technology and hacking techniques combined with the limited pool of passwords most people use for multiple accounts means information online is increasingly vulnerable.

Multi-factor authentication adds a second factor of authentication as an additional layer of security to make sure that no one else can access your account, even if they know your password. The second factor of authentication is separate and independent to the password step and never uses or sees your password.

When you attempt to access certain UniSA applications and services, you will be prompted to enter your username and password as usual (the first ‘factor'). You will then be taken to an additional MFA screen. The first time you visit one of these MFA pages, you will be asked to enroll an MFA factor, either SMS or a mobile application (the second 'factor'). On subsequent visits, you will be directed to an MFA screen where you will be asked to sumbit a code or approval sent to your enrolled MFA factor. This additional step is used to verify the person logging in is really you, not someone else that has stolen your credentials. 

All UniSA staff and students will be required to register and use MFA to access UniSA applications and services

Your mobile device number is securely stored with UniSA’s provider and is only used for the purpose of your account security.

  • The Okta Verify app will work anywhere once it is registered (registration requires internet connectivity)
  • The SMS functionality will work overseas if you have service (international roaming).
  • If you are based overseas you can register the mobile number from the country you are in.
  • If you are going to travel overseas and will not have access to SMS functionality, please use the Okta Verify app or contact the IT Help Desk.

UniSA supports Multi-Factor Authentication using the Okta Verify mobile application and SMS messages.
Note: SMS text messages do require cellular access

If you do not have a mobile phone, please contact the IT Help Desk.

NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface

  1. Download the Okta Verify App on the mobile device you wish to use for MFA
    1. Apple iPhone: https://itunes.apple.com/us/app/okta-verify/id490179405
    2. Android Phone: https://play.google.com/store/apps/details?id=com.okta.android.auth
    3. Other device: You will need to use the SMS authentication option, please see below
  2. Visit the website https://unisa.okta.com
  3. Sign-in with your UniSA username and password
  4. Click ‘Setup’ under the Okta Verify option
  5. Select the type of mobile device you wish to use and click Next
  6. This will present you with a QR code you can scan on your mobile device
  7. Open the Okta Verify app on your mobile device
  8. Continue through the Welcome and How it works page until you reach the Ways to Verify page. From this page, click the ‘Add Account’ button
  9. Choose the account type as Organization
  10. Select the Scan a QR Code option
  11. If prompted, allow the app access to your camera
  12. Position the QR code inside the square on the App to scan the QR code and you will be taken to a page prompting you for push notifications. On this page, select ‘Allow’
  13. If your phone prompts for app permissions to do this, select Allow
  14. You will now be presented with a message saying that your account has been added advising that your phone is set up for MFA

Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via the Okta Verify App page.

NOTE: While you can register your device using any MFA-enabled application, we recommend performing the initial setup via the Okta portal using a PC/Mac web browser as this has the most user-friendly interface

  1. Visit the website https://unisa.okta.com
  2. Sign-in with your UniSA credentials
  3. Click ‘Setup’ under the Okta Verify option
  4. Select the country your Mobile phone number plan is set up in is on from the drop down list, type your Mobile number in the Phone number field and click ‘Send code’
  5. You will receive an SMS notification to your mobile phone with a 6-digit code
  6. Enter this code in the ‘Enter Code’ field and click ‘Verify’
  7. If the code is correct, you will be taken to the following page which indicates you have registered successfully, and you can close this page

Or for step by step instructions (including screenshots) see the How to register for Multi-factor Authentication via SMS Code page.

If you have previously enrolled in MFA via the Okta Verify App or SMS, follow the instructions below to enroll in an additional MFA factor

  1. Visit the website https://unisa.okta.com
  2. Sign-in with your UniSA credentials
  3. When prompted, MFA using your previously enrolled factor
  4. On the landing page, choose the 'Additional Factors' tab then click the 'Enrol SMS MFA' or 'Enrol Okta Verify (App) MFA' option
  5. Follow the remaining steps for enrolling the selected factor as above

PLEASE NOTE: If you select the option to enrol a factor you have already enrolled, you will receive a '403 Access Forbidden' error.

If you cannot log in using the previously configured MFA factors, please contact the IT Help Desk.

The first thing you should do is contact the IT Help Desk and let them know. They can reset your factor to allow you to re-register a new number or in the case of a lost phone, they will disable the ability for your old phone to be available for MFA. Once you are setup with a new phone you can register it for MFA using the steps in this FAQ.

  1. Navigate to the login page of the UniSA service you wish to access
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send code button
  5. Enter the verification code that you received via SMS
  6. Click the verify button
  7. You will now successfully be logged in

Or for step by step instructions (including screenshots) see Sign-In with MFA page.

  1. Navigate to the login page of the UniSA service you wish to access
  2. Type in your username and password
  3. Click the Sign in button
  4. Click the Send Push button
  5. On your related device, press the Approve option on the notification received
    • If you do not receive a notification, open the Okta Verify app to see the Approve option.
  6. After a moment, your browser will begin loading again
  7. You will now successfully be logged in

You will be prompted for MFA when connecting to UniSA applications and service while on:

  • Remote networks, such as your home network or a mobile network;
  • UniSA Wireless;
  • UniSA student pool or barn computers.

Once you are logged in, you will not get prompted again until you logoff or your login times out.

Service

Risk Factor

Outlook Web Access

Reduce email account takeovers and identity abuse. (e.g. impersonation of employees)

myHR

Protect personal and financial information associated with myHR stored value services

F5 Big-IP Edge Client VPN

Prevent users connecting to the UniSA network and resources using your credentials.

Office 365 Applications

Prevent users accessing SharePoint, MS Teams, Webmail, etc using your credentials.

Appian Workflows

Prevent users connecting to Appian workflows using your credentials.

 

Other staff services that require MFA include:

CiAnywhere & finance workflows, ProMaster, ExpenseMe, AssetBank, myOSH, AskLibrary, AskPTC, AskCampus Central, AskOnline, Career Hub, SkillsForge, InPlace, Marketing Cloud, Service Cloud, Genesys PureCloud, StudyLink, TimeTrade.

Service

Risk Factor

Office365 Protect your data data and email
Learning Planner  Prevent users accessing and changing your data
learnonline (Moodle) Prevent users accessing and changing your data
learnonline (UniSA Online Moodle) Prevent users accessing and changing your data
Library Catalogue Prevent users using your credential to access UniSA resources
myCourseExperience (Student) Prevent users accessing and changing your data
Student Portal (myUniSA) Prevent users accessing and changing your data
Study Planner Prevent users accessing and changing your data
Teaching Prevent users using your credential to access UniSA resources
UniSA Student App Prevent users using your credential to access UniSA resources
Zoom Prevent users using your credential to access UniSA resources
eReserve Prevent users using your credential to access UniSA resources
Student Calendar Tool Prevent users accessing and changing your data
Gartner Prevent users using your credential to access UniSA resources
Library - LinkedIn Learning Prevent users using your credential to access UniSA resources
Panopto - AU Prevent users using your credential to access UniSA resources
PrintIQ Prevent users using your credential to access UniSA resources
SafeZone Prevent users using your credential to access UniSA resources
StudyLink Prevent users accessing and changing your data