Training & awareness
Access information about the eLearning module as well as general cyber information and advice for keeping information secure.
Cyber security awareness
The security of our information resources, and the privacy of our students and staff, are essential to our University's operations. By completing a mandatory eLearning module, learning a few simple steps, and following advice and guidelines, we can be better equipped to protect ourselves and our University from cyber security threats and keep sensitive information secure.
As a result, in November 2023, the University introduced an online Cyber Security Awareness training module. The training is mandatory for all UNSW staff to complete annually. The module is automatically assigned within Moodle with an enrolment email sent directly to their UNSW mailbox. Please refer to the section below for more information.
Cyber security awareness - online training
The completion of the UCYBER - Cyber Security Awareness training module is mandatory for all UNSW staff (including casuals and academics) due to the increasing risks and threats to the University's information resources. This requirement is formalised in the UNSW Cyber Security Policy (section 3.6 B) which sets out our obligation as UNSW staff to protect the security of our information resources and details our organisational roles and responsibilities.
In this module, you will learn why cyber security is everyone's responsibility and how the actions you take on a daily basis can help keep yourself and the University safe from cyber-attacks and data breaches. By doing your part you will help build a greater cyber-aware culture at our University.
-
Take a closer look at this 3 minute video to see what you can expect and hear an important message from our Vice-Chancellor.
-
The eLearning training module is automatically assigned to all University staff and affiliates to complete annually. The module is easily navigable and is accessible on most devices including mobile devices.
The module comprises 6 topics with an assessment required at the end of the module, where an 80% pass rate is required.
Please look out for the enrolment email in your UNSW mailbox and;
- allow 24-48 hours for the course to appear in Moodle,
- sign on to Moodle: https://moodle.telt.unsw.edu.au/my/
- complete the UCYBER-Cyber Security Awareness course.
Please set aside approximately 30 minutes to complete the module.
You can complete modules in any order, all in one session, or save and exit to return to the module and complete others later.
-
-
Yes. You have 5 attempts to do the assessment before you are required to do the module again.
-
All staff are automatically enrolled in the training and will receive a notification email with details on how to access the module. Once the email is received, please allow 24 to 48 hours for the course to appear on your Moodle dashboard as UCYBER - Cyber Security Awareness. If the module is still not visible after 48 hours, please send an email to cybersecurityawareness@unsw.edu.au for assistance.
-
Due to the increasing risks and threats to the University's information resources, Cyber Awareness training is a mandatory requirement for all staff with an active zID that can access our systems. Even if you occasionally access any UNSW systems such as Microsoft Teams/Outlook or myUNSW it is helpful to have some awareness of our policies and standards as well as your obligations for handling digital information and staying secure online.
-
It is mandatory due to the increasing risks and threats to the University's information resources. This requirement is formalised in the University's Cyber Security Policy, which sets out our obligation as UNSW staff to protect the security of our information resources and details our organisational roles and responsibilities. All staff are responsible for completing cyber security training and awareness activities and following cyber security guidance provided by UNSW.
-
a) Casual employees can claim the time to complete the training via their timesheet.
b) Casual academic staff should select the Other Duties rate applicable to their engagement when claiming any hours for mandatory training and include a description in the comments field.
c) Identified contractors and all other staff should complete the training within their standard working hours.
d) For assistance submitting your timesheet, please reach out to your direct Supervisor/Manager or your local Faculty Administrator.
For more detailed information regarding the payment process, please reach out to your local Finance Team.
-
All staff need to complete the module annually per the Cyber Security Policy.
-
Please note that the training will only appear in your Moodle Dashboard one business day after enrolment. If it still does not appear in the Moodle portal after this timeframe, please contact the LMS & Systems Integration Team at PVCESE.LMS@unsw.edu.au.
-
Whenever the NEXT> button is greyed out, there is usually an X in the top right-hand corner of the screen. You need to click this X to close the screen before you can proceed.
-
A formal exemption request can be submitted to the Cyber Security Governance team via the MyCyberHub portal and use option A4 Exemption Request.
-
For all other queries, please contact us at cybersecurityawareness@unsw.edu.au.
Cyber news and links
UNSW Cyber news updates the latest developments in cyber security, including research, events and initiatives led by the University's cyber security teams.
-
- UNSW's cyber security is everyone's responsibility
- Suspect you are being phished?
- Top tips to prevent cyber attacks
- UNSW is advancing our cyber security
- Cyber Security Awareness for UNSW staff introduction video (3 minutes).
- Be aware of current scams
- Email tips to help protect UNSW sensitive data
- Cyber Security eLearning module
- Make sure your data is safe in chatbot conversations
General awareness and advice
Cyber Security is everyone's responsibility and by understanding a few guidelines, and following advice, you can help protect yourself and the University from cyber security threats and keep data and information safe.
-
Keep your information safe from cyber criminals who resort to social engineering, the practice of manipulating people into providing confidential, personal, or sensitive information. While attacks typically come by way of email, criminals may also resort to calling, SMSing, or social media to gather information.
Protect yourself by following these tips:
- Independently verify phone numbers when someone calls asking for confidential information, for example via official websites or company phone numbers, and call them back to make sure you know who you’re talking to.
- Research the facts if in doubt about the legitimacy of someone who has contacted you. Conduct your own research to see if others have reported related scams.
- Be aware that colleagues can be compromised. Criminals with access to someone’s account also have access to their contact list. If you receive a suspicious message from a trusted contact, confirm with them on another channel to verify the message in question.
- Be extra careful on smartphones, as web links are often shortened there, making it difficult to see what webpage you're visiting.
- Don’t assume they know you. Criminals can collect information about you from various sources and websites. Be aware of what personal information is available publicly.
Phishing is a type of social engineering where cybercriminals send an email deceptively crafted as an organisation or someone you trust. The University receives numerous targeted email scams (phishing) attempting to manipulate you into compromising sensitive information. The University has established strong security controls to help protect you from receiving these types of fraudulent emails however, some of them may still be delivered. It is therefore important to remain vigilant and keep yourself and the University safe from cyber-attacks by recognising phishing attempts.
Phishing campaign techniques
- Urgency. This technique attempts to gather your credentials or other confidential information by presenting a financial opportunity that you must act on quickly.
- Threat. Messages will try to manipulate you to resolve a bogus situation. These could include some or all the following: blackmail, a financial penalty that will increase if you do not respond, or the threat that your credentials have already been compromised.
- Curiosity. Fraudulent emails are crafted to attract your attention and curiosity by using a small amount of information and trying to entice you to click on a link to gather more information.
- Familiarity. Messages will be designed to look like a large reliable brand or appear to come from a trusted source.
What should I do if I suspect I am being phished?
Always stop and assess before you act. Does it sound urgent? Is it making you want to react emotionally or irrationally? Is it brief and does it leave you wanting to know more? Does it look familiar?
- If an email looks suspicious, click on the Report Phish button in your USNW Outlook menu bar. This will alert the Cyber Security team of a potential phishing campaign and the suspicious email will be automatically deleted.
- Do not reply to the email, click any links or attachments within it, or forward it.
- Contact the IT Service Centre on 02 9385 1333 for advice if you are uncertain.
Refer to the Viva Engage post.
-
NSW Policies and standards are reviewed and updated as technologies change, and our digital environment is updated.
As you have an obligation to comply, it is important that you review these, and all policies and standards at least once annually to stay up to date:
- The Acceptable Use of UNSW Information Resources Policy sets out the principles for using University information resources: which include any Information Service, Information Asset, or Digital Information.
- The Cyber Security Policy sets out the principles for ensuring University-wide information resources are appropriately protected. This policy: outlines appropriate governance of cyber security, management of cyber security risk, ensuring cyber security events are detected and responded to promptly, and UNSW Information Resources recover from cyber security incidents in a secure and timely manner.
-
At our University, digital information is at the core of our daily operations as staff. Personal and financial details - about you, our colleagues, our students, and our business associates - are valuable to cybercriminals. It is therefore important that we as staff understand the significance of our policies and standards when handling, sharing, storing, and disposing of sensitive data.
The University administers several policies on data governance and has a separate learning module available in Moodle.
Protect sensitive data
During your work, you may come across information of a confidential or sensitive nature. Whether it is student details, research data, or business documents, it is important that you handle this information carefully at all stages:
- When creating or receiving sensitive data. Be sure you only share it with those who require or are authorised to access it. Always store this data in a secure location, such as OneDrive-UNSW or SharePoint.
- When sharing and accessing data. Always have the appropriate protections for your devices and storage. Laptops, tablets, phones, and even thumb drives should be encrypted.
- When archiving and disposing of data. Know your obligations around recordkeeping and data retention, as you may need to keep a history or the files themselves. When disposing of University devices, contact the UNSW IT Service Centre to have the devices properly wiped.
Email tips to help protect UNSW sensitive data
Email is the most widely used communication tool for sending attachments and links to potentially sensitive information. Setting up rules in Outlook to automatically forward all UNSW email to an external mailbox potentially exposes that email and any data it includes to security risks.
The University has made significant investments to protect our email system by implementing cyber security controls such as anti-phishing and anti-malware protection. By automatically forwarding email to an external mailbox that doesn't have the same level of security as our University, you are exposing that data to potential compromise, and the University to liability for any associated privacy or security breach.
Follow these recommended email practices to help keep our data safe:
- Check your UNSW email inbox regularly for important updates.
- Set up your device to remotely access University email through a supported email application such as Outlook or access your email via Outlook Web Access (OWA) on a browser.
- Only access your UNSW email on your UNSW-managed device.
- Only share data with others who are authorised to access it.
- Disable any automatic email forwarding rules in Outlook. By automatically forwarding sensitive emails to an external mailbox that does not have the same level of security as the University, you expose that data to potential compromise and the University to liability for any associated privacy or security breach.
- Do not forward sensitive information, especially emails with a do not forward label.
- Sensitive and Highly Sensitive data should be stored on trusted platforms such as OneDrive-UNSW and SharePoint. The Cyber Security Standard - Data Security and UNSW Data Governance Policy provide detailed guidelines on the storage of UNSW data.
Reporting data breaches
We all play an important part in protecting the security of our digital information from unauthorised access, use, and disclosure. If you think you have lost information or accidentally shared it, report it immediately to the UNSW IT Service Centre on 02 9385 1333 or open a service ticket. By reporting the breach immediately, the IT Service Centre will escalate the matter to the Data Breach Management Committee who will take the necessary actions to protect the University from further damages.
Learn more
- Learn more about Data Classification and Data Governance.
- Refer to UNSW Policies to access the Data Classification Standard and Data Handling Guidelines.
- Read the Tips to keep your data safe and tidy article.
- Read the Did you know it's mandatory to report a data breach article.
-
Your zID is your digital key to a wider range of University online services and resources. When someone else has access to your zID, they also have the information it provides access to.
Weak passwords are a common vulnerability that can be exploited by cybercriminals to gain unauthorised access to sensitive information. Changing your password to a passphrase will improve your online security. A passphrase is a string of words that is longer than a traditional password, easier to remember, and more difficult to crack.
Follow the below guidance to create strong passphrase:
- Use a passphrase. Your password (passphrase) needs to be a minimum of 14 characters, however the longer it is, the harder it is for cybercriminals to crack. Make your passphrase unpredictable, unique, and difficult to crack but easy for you to remember.
- Be unique. Each password, from your zID to your personal email, should be different from one another. This ensures that if one password is compromised, your other accounts aren't vulnerable.
- Use the Identity Manager portal to change your zID password and perform other functions required. Refer to the Identity Manager for staff or students webpages for more information.
- Use strong security questions. Many sites allow you to reset your password if you correctly answer security questions about yourself. Since this information is readily available online, we recommend avoiding easy-to-guess questions and answers.
Important: Where available in your personal life, enable Multi-Factor Authentication (MFA). This added layer of security requires you to authenticate, after entering your password, via another factor (typically your smartphone). MFA is a requirement for your zID account at UNSW.
Read the Cyber Security update or refer to the Viva Engage post.
- Use a passphrase. Your password (passphrase) needs to be a minimum of 14 characters, however the longer it is, the harder it is for cybercriminals to crack. Make your passphrase unpredictable, unique, and difficult to crack but easy for you to remember.
-
- Take care to lock your UNSW laptop when not in use and do not share your passwords.
- Avoid public/unsecured Wi-Fi. Ensure the Wi-Fi being used is secure.
- Be aware of online cyber threats that can place you and our University’s reputation at risk. Think before you click on links in emails or give out personal or business information via social media or public websites.
Things you can do to secure your home workstation:
- Lock your devices when not in use.
- Use strong and unique passphrases (see Creating a strong passphrase section above).
- Be aware of your surroundings.
- Don’t share work devices with members of your household.
- Staff should use the UNSW VPN when working from home.
Learn more
- Refer to the working and studying remotely information for more details.
-
Your information is only as secure as the devices that house them, such as your laptop, tablet, smartphone, and even paper documents. Always ensure your devices have the latest security updates.
Malicious apps are mobile apps that replicate the look or functionality of popular apps to trick you into downloading them thereby infecting devices and stealing data.
To help identify malicious apps:
- Check the legitimacy/publisher of the app.
- Check the app icon for slight differences in shape and colour.
- Check online reviews of the app.
- Watch out for low numbers of downloads on apps.
- Be wary of extra symbols and extra words on the stated app name/developer.
- Check the app description name for spelling and grammar errors.
Reporting cyber incidents
It is important to report any cyber security incidents as quickly as possible so that UNSW IT’s Cyber Security team can address any issues and mitigate risk exposure.
What should I report?
- Suspecting your computer or account has been compromised.
- Having evidence on how technology or University data may be vulnerable.
- Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
- Losing a University asset containing sensitive information.
Report a cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or using the link below.
Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect ourselves and our University from cyber security threats and keep data safe. Go to Cyber Security Training and Awareness for more information.
"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."
Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney