Cyber security programs

In 2022 an external assessment was undertaken that identified UNSW websites (IP addresses and domains) with vulnerabilities. Depending on the nature and severity of the vulnerability, remediation can happen in a few different ways. It may involve patching or updating software, configuring firewalls or other security controls, restricting access to certain assets, or decommissioning obsolete systems or applications. 

The Program is working on identifying high-priority UNSW website owners and technical teams to provide recommendations for remediation activities to close out vulnerabilities and reduce the likelihood of them being exploited. This project is expected to close by end of May.

By Q2 2024, the Program will facilitate the compliance and certification of UNSW's Information Security Management System (ISMS) against ISO/IEC 27001, opens in a new window. With the Cyber Strategy & Governance team, the Program will undertake a gap analysis, risk assessment, documentation, and audit accreditation with involvement from other key areas of the University.

What are the benefits of ISO27001 certification?

Achieving the globally recognised certification for information security will allow the University to demonstrate to third parties that it has a mature information security governance and risk management practice.

ISO27001 Audit

To achieve certification, the University must undergo an audit performed by an independent body. The independent body provides a certificate if ISMS meets specific requirements under ISO27001. As part of the ISO27001 audit, those within the ISMS must understand the ISO27001 objectives, what the ISMS is, and their role within it. 

For more information, please visit the Cyber Security Strategy & Governance webpage.

With the Cyber Security Policy Framework established, the Program extended the MyCyberHub functionality to include a searchable policy directory named CyberPolicyHub. 

CyberPolicyHub will be a central directory of the Cyber Security Policies, Standards, and Guidelines designed to support Business Owners, Information Service Owners, and Technical SMEs (subject matter experts) to understand their cyber security obligations for their UNSW information resources. 

Within the CyberPolicyHub you can search for relevant cyber security clauses using your role, asset type, and relevant topics. 

To learn more, please refer to the Cyber Security Strategy & Governance webpage for services provided.

Together with Business Owners, the Program has continued to identify and migrate applications to the Azure SSO (Single Sign-On) platform for single sign-on functionality. SSO applications enable Multi-Factor Authentication (MFA), via a seamless login, and provide an extra level of protection.

Since 2021, the Program has:

• Worked with IT and Business Owners to build an Azure Application Proxy capability for critical legacy applications: SIMS, and NS Financials.
• Engaged with Business Owners to discuss the suitability of their targeted medium to high cyber risk-rated applications being onboarded to SSO, especially if their application has had a gap identified against the Cyber Security Framework.

From 2022 to April 2024, 243 applications have been onboarded to SSO. This work will continue, and form part of the new Cyber Security Enablement Program deliverables.

Refer to the SSO webpage for more information or to enquire about onboarding your application to the Azure SSO platform.

Together with Business Owners, the Program has continued to identify and migrate applications to the Azure SSO (Single Sign-On) platform for single sign-on functionality. SSO applications enable Multi-Factor Authentication (MFA), via a seamless login, and provide an extra level of protection.

Since 2021, the Program has:

• Worked with IT and Business Owners to build an Azure Application Proxy capability for critical legacy applications: SIMS, and NS Financials.
• Engaged with Business Owners to discuss the suitability of their targeted medium to high cyber risk-rated applications being onboarded to SSO, especially if their application has had a gap identified against the Cyber Security Framework.

From 2022 to April 2024, 243 applications have been onboarded to SSO. This work will continue, and form part of the new Cyber Security Enablement Program deliverables.

Refer to the SSO webpage for more information or to enquire about onboarding your application to the Azure SSO platform.

In 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University.

The Program is continuing to work with Business Owners and senior leaders across the University to manage risks through the UNSW Risk Management Framework as part of the Policy Framework implementation.

Compliance Reports were issued to senior leaders (such as DVCs, VPs, and Deans), Business Owners, Information Service Owners, and technical SME (subject matter experts). The reports outline compliance gaps against the minimum defensible controls outlined in the Cyber Security Policy Framework. 

Remediation work to address these gaps will begin as part of the new Cyber Security Enablement Program of work. It will involve Business Owners in the planning and prioritisation of the work required.

Refer to the Cyber Security Policies and Standards webpage for more information about the Framework.

From February to March 2024 the Microsoft (MS) 365 strengthening project implemented security controls to improve the University MS Teams, OneDrive, and SharePoint collaboration platforms. Strengthening critical controls of our core collaboration tools minimises the potential for accounts to be compromised, inadvertent sharing of sensitive and highly sensitive data, and the potential of reputational damage to the University.

Summary of the changes implemented:

1. Private cloud storage services will no longer connect with UNSW Teams: Third-party cloud storage services (i.e. DropBox, Google Drive, Egnyte, or Box) do not have the same security level as UNSW and might be exposed to inadvertent or intentional data breaches. Refer to storage guidelines for staff and storage guidelines for students.
2. The GIF setting is upgraded to strict in UNSW Teams: This setting prevents users from sharing inappropriate/adult GIF (short looped video clips) content in UNSW Teams chat windows.
3. UNSW Teams app no longer downloads for Skype: The UNSW Teams app will no longer automatically download in the background of Skype for Business.
4. External guests, invited to UNSW Teams meetings, will wait in the Teams lobby: The meeting organiser, or another internal UNSW user (staff or students using their zID), can allow guests in as the default setting only allows UNSW users to join a Teams meeting before the organiser.
5. UNSW SharePoint blocks the use of legacy authentication applications: Legacy authentication, or basic authentication using username and password only, is not allowed in SharePoint. Only applications that use modern authentication are allowed.
6. External users cannot share links: Sharing links from UNSW Teams, SharePoint, and OneDrive with other external users is no longer allowed. Only UNSW users (staff and students using their zID) can share file links with external users.
7. Only allow users from UNSW-accepted domains can send email to a Teams channel: Additional domains that require a channel email communication must request a Security Service Risk Assessment Service to request an exemption, opens in a new window. 
8. Anonymous users cannot interact with a UNSW Teams application during a meeting: The ability for anonymous users to interact with a Teams application (e.g., Whiteboard, Forms, Poll Everywhere, Channel Calendar, Task Planner, To Do, etc.) in meetings has been blocked.
9. Only UNSW users and invited guests can present during a UNSW Teams meeting: The default setting only allows UNSW users (staff and students using their zID) and (invited) guests to present during a Teams meeting as the sharing option is disabled. Meeting organisers can change the default setting if required. Refer to the guide: Change who can present in Teams, opens in a new window.  
10. Only UNSW users can bypass the lobby: The default setting allows only UNSW users (staff and students using their zID) to bypass the lobby and join the Teams meeting. Meeting organisers can change the default setting if required. Refer to the guide: Change who can bypass the lobby in Teams., opens in a new window
11. A 30-day session applies to non-UNSW guests for access to Teams Files: A session expiry will be enforced for non-UNSW (external) guests who access UNSW Teams Files (or folders). Non-UNSW guests will be prompted to enter an OTP (one-time passcode) to re-authenticate their identity every 30 days. Refer to the FAQ: How do external guests have access to links shared to internal UNSW files and folders, opens in a new window?  
12. External guests have a 365-day guest link expiration limit set for shared files/folders from MS Teams, SharePoint, and OneDrive: From 26 March 2024, any new links to MS Teams, SharePoint, and OneDrive shared with external guests will automatically expire after 365 days. The link owners will receive Guest Expiration email notifications approximately 2-3 weeks before the access expires. Link owners can further manage guest access by extending or removing the access. Refer to the FAQ: How long will shared links, to files and folders in UNSW SharePoint and Teams, remain active for external guests, opens in a new window?  

Refer to the full list of Frequently Asked Questions, opens in a new window for more information about these changes or contact the IT Service Centre for technical assistance.

In early 2024 the Program completed a current state assessment of UNSW's Data Loss Prevention (DLP) capability, including a review of findings from the previous DLP pilot conducted in 2021. The Program, who engaged with key stakeholders, produced a Cyber Data Loss Prevention Strategy and Roadmap for UNSW. 

Cyber security is everyone's responsibility and by understanding a few simple steps and guidelines, we can help protect ourselves and the University from cyber security threats and keep data and information safe.

In mid-November 2023, the University introduced a new Cyber Security Awareness eLearning module mandatory for all staff. The module will help staff improve their awareness of cyber security threats and develop good cyber-savvy behaviours to protect themselves and the University. Staff will receive a direct email asking them to access and complete the module on an annual basis.

Refer to Cyber Security training and awareness webpage to access all information regarding the training as well as other cyber awareness advice. 

If you have questions, please contact the Cyber Security Awareness team, opens in a new window.

In 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University.

In 2023 the Program worked with Business Owners and Technical Owners to:

• Outline their accountabilities,
  
• Identify (and cyber risk assess) their UNSW Information Resources (into an Asset Inventory), and
• Perform a Cyber Security baseline Gap Assessment against the new Policy Framework to identify and manage risks through the UNSW Risk Management Framework. 

All Gap Assessments were completed by Business Owners using the MyCyberHub tool. Compliance reports have been issued to senior leaders (such as DVCs, VPs and Deans) for resources in their area with Business Owners receiving individual reports for each of their information resources. 

Refer to the Cyber Security Policies and Standards webpage for more information about the Policy Framework. 

Multi-Factor Authentication (MFA) is a requirement at UNSW for all staff (including casuals and affiliates) and current students. 

Currently, students and staff who access Physical Containment (PC 2/3) laboratories are not protected by MFA when working on campus. This is due to those labs not allowing mobile phones or YubiKeys in the containment area. As a result MFA only applies to them when working remotely (off-campus) and accessing UNSW single sign-on (SSO) applications.

From November 2023, MFA coverage for these staff and students has been improved by extending MFA controls to apply when they are on campus. Once the Campus Wi-Fi Upgrade is complete, staff/students will be MFA-exempt only when working from within a PC 2/3 rated lab.

Important: Lab Managers are requested to advise the IT Service Centre of any changed conditions for their PC 2/3 labs so that the appropriate IT Lab Support Team can assist in enabling MFA controls. 

Visit the Cyber Security MFA page for information and support materials.

If you have set up rules in Outlook to automatically forward UNSW email to an external mailbox you are potentially exposing that email, and any data it includes, to security risks. 

The University takes great steps to protect our email systems by implementing cyber security controls such as anti-phishing and anti-malware. By setting up rules to automatically forward emails to an external mailbox that doesn't have the same level of security as the University, you expose that data to potential compromise, and the University to liability for any associated privacy or security breach.

Staff are encouraged to directly check their staff email inbox regularly for important University updates.

Instead of using auto-forwarding, it is recommended that you:

• Set up your device (computer, tablet, phone) to remotely access University email through a supported email application (Outlook), or
  
• Access your UNSW email via Outlook Web Access (OWA) using a browser on your device.

Support

• Access the guide to disable auto-forwarding in Outlook, opens in a new window.
• Access other self-help guides 
• Contact the IT Service Centre for technical assistance.  

In 2023 Endpoint Security Policies were deployed to UNSW IT-managed endpoints (Windows and Mac OS devices). An endpoint is any physical device that can be connected to the UNSW network, such as computers, laptops (smartphones, tablets), and servers.

These policies have improved the security of staff using UNSW IT-managed computers to access the university network. The policies are aligned with the Cyber Security Policy Framework, which aims to reduce the cyber security risk exposure across the University.   

Support:

• Refer to the FAQs, opens in a new window to understand the changes implemented.
  
• For technical assistance, please contact the IT Service Centre.

Laptop with internet connection

Important: Connect your UNSW IT-owned computer to the UNSW network or internet, on a regular basis to ensure the latest security updates are installed and you are protected. Good practice would be to restart your computer weekly. 

In September 2023, the University migrated the on-premises Cisco Email Security Appliance (ESA) to the new Cisco Cloud Email Security solution. The new solution provides an advanced and layered defence to stop a broad array of sophisticated email-based threats. 

Application administrators are to configure their platform to use Transport Layer Security, opens in a new window (TLS) protocol for outbound email traffic. 

Refer to the Cyber Security Standard - Risk Management, opens in a new window or report technical issues via the IT Service Centre.

The Program is continuing to harden the University's network firewall rules. Firewall policies will be audited, reviewed, and hardened to address all agreed critical to medium vulnerabilities and to align with the Cyber Security Standard - Network Security.

Non-production firewall rule change

On 21 August 2023, changes were made that block all unidentified traffic in non-production (test) environments. This improves our cyber security posture and ensures that only safe and legitimate network traffic is allowed. 

New requests, or technical issues, will need to follow existing processes via the IT Service Centre.

In November 2023 a SIEM onboarding request service was established.

Security Information and Event Management (SIEM) is a solution that helps the University detect, analyse, and respond to security threats before they harm operations. Once onboarded to the SIEM, the Security Operations Centre (SOC) will provide 24x7 real-time monitoring, threat detection, and security incident response services for your platforms, applications, or services. 

Please refer to the Cyber Security Operations services webpage to make a request and learn more

EDR Service for UNSW IT-managed endpoints.

In early 2023, a state-of-the-art endpoint detection and response (EDR Service) software, CrowdStrike, was implemented on all UNSW IT-managed endpoints which include servers, desktops, and laptops. 

With CrowdStrike, UNSW can provide more advanced threat detection, monitoring, and endpoint remediation capabilities to enhance the protection of our systems.

EDR CrowdStrike Falcon Notification message.

If a potential threat is detected, staff may be presented with a pop-up Falcon Notification, indicating that CrowdStrike has protected your device and generally there is no further action required. If a potential or actual threat is detected, an alert is raised for UNSW IT Cyber Security Operations to manage.

For UNSW IT-managed endpoints, CrowdStrike installs occur automatically when connected to the UNSW network or internet.  

EDR Service for UNSW-owned endpoints

From September 2023, the EDR Service was made available for installation on UNSW-owned endpoints that are not managed by UNSW IT. Please refer to Cyber Security Operations to make a request for the EDR Service and understand the conditions that apply.

Microsoft Defender for Endpoint provides antivirus and firewall protection to UNSW-managed computers (laptops and desktops). Microsoft Defender helps the University to prevent, detect, investigate, and respond to advanced threats, improving security and reducing cyber risk.

Microsoft Defender for Endpoint replaced Symantec Endpoint Protection (SEP) and is licensed for enterprise-wide use. 

Learn more:

• Refer to the Microsoft Defender FAQs, opens in a new window (PDF, 630KB) 
  
• Refer to resolving connectivity issues with Global Protect 

For further assistance please contact the IT Service Centre.

In 2023 the Program conducted a current state assessment of the University's legacy Cisco Email Security solution and developed an Email Security Strategy and Roadmap. The strategy proposes a refresh of UNSW's current solution to incorporate advanced capabilities which include Business Email Compromise and Behavioural Protection, Account Takeover Prevention, and Supply Chain Compromise Protection. These capabilities will leverage Natural Language Understanding (NLU) techniques in conjunction with AI/ML technologies.

Zero Trust is a maturity approach that prioritises data security controls, requiring all requests (regardless of origin) to be authorised, authenticated, and continuously validated against data controls.

In mid-2023 the Program facilitated workshops with key UNSW IT senior leaders, subject matter experts, and Service Owners to understand the current UNSW environment. In September 2023, a Zero Trust Strategy was finalised and endorsed. It will be used to inform the development of potential future Cyber Security initiatives. 

Identity and Access Management (IAM) is critical to managing our cyber security risk exposure, but just as importantly it is a key enabler of the University's strategy in education and research. An updated IAM Strategy and Roadmap will prioritise and inform UNSW of what it needs to focus on going forward. 

In late 2022 workshops were held with key stakeholders across the University to understand stakeholder perspectives on business technology priorities for improvements to our identity and access management infrastructure. A draft UNSW IAM Strategy (and Roadmap) summary was produced and socialised with key stakeholders.

In 2023 the strategy was finalised and includes a prioritised roadmap for UNSW.

In 2022, UNSW continued to improve the resilience of our Microsoft 365 platform though the implementation of additional technical controls to SharePoint, Teams, and Outlook in line with the University Cyber Security and Acceptable Use policies.

Strengthening critical controls of our core collaboration tools will minimise the potential for accounts to be compromised and for potential reputational damage. 

Anti-phishing

Phishing is an email attack that tries to steal sensitive information in messages that appear to be from legitimate or trusted senders. With the growing complexity of attacks, it's even difficult for trained users to identify sophisticated phishing messages. UNSW has implemented advanced anti-phishing controls that will assist users in identifying sophisticated phishing attacks and protect the University, including:

• First Contact Safety Tip.
• User Impersonation Unusual Characters Tip.
• Show (?) for Unauthenticated Senders for Spoof.

Safe Attachments

Safe Attachments is a feature that provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection by removing attached files that are found to have malicious software. Safe Attachments controls help detect and block new and existing files that are identified as malicious in document libraries in SharePoint, Teams, and Outlook.

Safe Links

Safe Links is a feature that provides URL scanning of inbound email messages and time-of-click verification of URLs and links in email messages and other locations. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect the organisation from malicious links that are used in phishing and other attacks.

Important: The above improvements are necessary to protect the confidentiality of the University’s information, and the privacy of our students and staff information and to reduce the risk of financial loss associated with business email fraud.

Refer to the FAQs, opens in a new window to understand these changes more clearly. 

Contact the IT Service Centre for assistance with SharePoint, Teams, or Outlook. 

In 2022, UNSW implemented changes to Microsoft 365 (Office) services, to prevent the use of insecure login methods (legacy authentication), typically associated with the use of older email software and some applications. All students and staff were required to update their email client software to a version that supports modern authentication. 

To access UNSW email on any of your devices, please see FAQs, opens in a new window for guidance on recommended University applications or use Outlook, opens in a new window on the web. Contact the IT Service Centre, opens in a new window for further assistance.

Important: Non-Azure Active Directory applications that utilise legacy authentication protocols, such as PIMS, SIMS, NSF, etc, are not impacted.

In December 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University. The CyberSecurity Policy, Acceptable Use of UNSW Information Resources Policy, and two University-wide Cyber Security Standards were approved by the UNSW Management Board.

The remaining Cyber Security Standards, which apply to staff with technology management or operational responsibilities, were approved by the UNSW IT Chief Information Officer (CIO).

 Access all Cyber Security policies, standards, and guidelines. 

In 2022 the UAR process was introduced for an annual review to be undertaken to evaluate and manage user accounts and access rights associated with IT services and assets. Business Owners of targeted applications are involved in the entire process. Managers/Supervisors, or anyone with staff reporting to them, are involved in the review phase only.  

Refer to the Cyber Security UAR webpage for all details and support materials relating to current, future, or past UARs.

In 2022, MFA became an ongoing requirement at UNSW for all staff (including casuals and affiliates) and current students. All new students and staff are prompted to set up MFA as part of their onboarding activity.  

Visit the Cyber Security MFA webpage for all information and support materials.

For technical assistance contact the IT Service Centre.