Top tips for cyber security

Check the security of your devices and ensure you're protected against malicious attacks

Personalise

Beware of online threats targeting your accounts, devices and data. These cyber security tips will help you stay safe.

With the threat of cyber security continuously increasing, we have invested in comprehensive defensive measures to prevent online threats from affecting you. Failure to take protective measures could result in the theft of your sensitive information, malware installation in your devices or unauthorised tracking of your online activities. It’s important to know how you can manage your own cyber risks at uni, at home, and in public spaces.

Choose your Wi-Fi connection carefully

If you're in a public space, avoid connecting to public Wi-Fi networks in cafes, bars, restaurants, etc. Use your mobile phone’s hotspot instead, if you can.

When you're on campus, ensure you're connected to UNSW's secure, private Wi-Fi networks such as Uniwide. Are you in a secluded spot? Explore our various secure networks that you can choose from below.

UNSW Wi-Fi networks

A student sitting at their laptop while eating lunch on Kensington Campus

Quick & easy tips

Take a look at how you can improve your cyber security in several quick steps!

You’re probably used to getting pop-ups on your computer, phone or other devices telling you a system update is available, right? Top tip – don’t ignore them!

Updated versions of your device's operating system (OS) include enhanced security features that older versions don’t have! Keeping your OS up to date is a minimal effort way to protect your devices and information.

What we recommend

Enable automatic updates wherever possible, or at least avoid delaying updates when reminders appear

Allow updates to download over mobile data and not just Wi-Fi (if you're on a mobile plan that can accommodate it)

Restart your device regularly to auto-install updates.
Malware can infect our everyday devices even through simple interactions with software and web-based services. Security software (e.g. antivirus software) protects devices, servers and networks from unauthorised access, viruses and other threats. This software can be integrated into an operating system, or installed separately.

What we recommend

Look for security software that offers a multi-layered defence system encompassing features like anti-virus, anti-phishing, anti-malware, safe browsing and firewall capabilities

Check your device's built-in security software and ensure they're up to date.
Passwords, pins, patterns and other security question responses are important barriers for preventing unauthorised access to your accounts.

What we recommend

Use different passwords for different accounts

Don’t store passwords or answers to security questions in plain text form on your system or anywhere that is accessible to others. Use a password manager which will store your passwords in an encrypted format.
Our protective measures for you

To help keep your information safe from cyber criminals, we have strengthened the password requirements for your UNSW accounts. Use the UNSW Identity Manager self-service portal to manage, change or reset your password.

To be able to use all portal services, ensure you have a personal email address OR mobile number registered in your myUNSW Student Profile.
Multi-Factor Authentication (MFA) is an electronic verification method that requires two or more steps of authentication to provide access to online accounts, apps and other digital services.

For example, some online accounts might require you to enter your password (the first 'factor of authentication'), along with a one-time code that's sent to you at the time of logging in (the second 'factor of authentication'). The one-time code may be sent to you by SMS or to a device such as your mobile phone.

What we recommend

If you receive an email, SMS or notification from your MFA app triggered by a login attempt and you’re sure it wasn’t you, don't accept it - reset your password and report the issue

Not all forms of MFA are created equal. Mobile app-based login prompts with number matching (like the Microsoft Authenticator App, opens in a new window) are stronger than SMS-based ones. Where possible, use strong MFA, especially for your private email accounts and cloud storage services.
Adding an extra layer of defence for your university accounts

At UNSW, we use the Microsoft Authenticator App, opens in a new window for all Single Sign-on (SSO), opens in a new window applications, like your student email, myUNSW and Moodle. This ensures that only you can access your UNSW accounts and any sensitive information contained within them.
Email and text messages present a prime opportunity to exploit individuals and organisations. Cyber criminals can use various techniques such as phishing and smishing (SMS-based phishing) to deceive you into clicking malicious links, downloading malware-infected attachments or divulging sensitive information. These attacks are often disguised as legitimate emails from trusted sources, making it challenging for users to identify the threats.

Successful mail-based and text-based attacks can lead to data breaches, unauthorised access to systems, financial losses and reputational damage.

What we recommend

Report all potential phishing emails. Your personal email service provider will have a method by which you can do this. Follow the instructions for Outlook, opens in a new window, if you are using your UNSW account

Avoid opening attachments or links from unsolicited emails. Remember that you can check the identity of a sender via secondary methods, such as by phone or in-person. You can also search for the site with a search engine

Never open emails that make outlandish claims or offers that seem “too good to be true”

Enable mobile device security spam filters where possible - learn more for Apple, opens in a new window and Android, opens in a new window.

Beware of suspicious messages requesting personal details or containing links.

Medibank security incident

In late 2022, a major cyber incident occurred within Medibank Private, affecting international students in Australia with overseas student health cover policies from Medibank Private or its subsidiary, Australian Health Management Group Pty Ltd (ahm).

Who can I speak to?

Visit the Medibank store, opens in a new window on Kensington campus for face-to-face enquiries between 9:30am - 3pm, Monday to Friday

Contact Medibank directly on 13 23 31

Continue to check your email for further updates from Medibank.
What to do if your UNSW account has been affected

If you think you have clicked on a phishing link or downloaded a malicious attachment sent to your student email address, act fast. Report the cyber security incident to UNSW IT Service Centre, opens in a new window.

When you report potential phishing emails, UNSW Cyber Security will identify other mailboxes the phishing email could have reached and invoke our incident response practices.

If you receive a communication about your program, enrolment or related matters and you're not sure if it's legitimate, contact The Nucleus: Student Hub to verify it.

Learn more on scams
Backup and recovery methods ensure that important information stored on your devices and applications is also accessible to you from somewhere else. If the primary location is disrupted, you can then simply restore the data from your secondary location. Businesses employ this technique to avoid data loss issues.

What we recommend

Regularly back up personal information stored on devices to your preferred collaboration and storage platform

Use strong passwords and MFA for your chosen storage platforms

Encrypt laptops, PCs and mobile devices so they can't be tampered with if stolen.
Backing up your university data just got easier

As a UNSW student, you have access to Microsoft Office 365 services, including OneDrive and SharePoint, to help you encrypt and synchronise uni-related information. This ensures that you can safely access your data across your various devices.

Advanced tips

Go through some additional tips on how you can improve the security of your online ecosystem.

Your network router serves as the entry point to your home network. Without adequate security measures and timely updates, network routers become more susceptible to compromise, potentially endangering other devices connected to the network.

What we recommend

Keep your routing devices on your home network up to date with the latest patches to minimise vulnerabilities and enhance security (preferably through automatic updates)

Replace routing devices when they reach their end-of-life (EOL) for support so they can continue receiving updates and patches as new vulnerabilities are discovered

Consider using your own routing device alongside the modem/router provided by your Internet Service Provider (ISP) to gain greater control over your home network's routing and wireless capabilities

Take advantage of modern router features to establish a separate wireless network specifically for guests, thereby segregating it from your more trusted and private devices. Most network routing devices also allow configurations to block certain types of network traffic.
Remember that if your Wi-Fi connection isn’t secure, it can be used to steal sensitive information (such as passwords and documents) and to infect your devices with malware.

What we recommend

Ensure that your personal or ISP-provided Wireless Access Point (WAP) supports Wi-Fi Protected Access 3 (WPA3). When setting up WPA3 or WPA2/3:

Use a robust passphrase to your network device with a minimum length of fourteen characters;

Modify the default Service Set Identifier (SSID) to a unique value;

Avoid hiding the SSID as this does not provide any additional security to your wireless network and may cause compatibility issues.
Most current home networks consist of lots of different devices, including laptops, PCs, mobile phones, tablets, gaming consoles and smart devices. These are often from different manufacturers and come with varying degrees of security posture. Keeping the devices on separate networks can prevent malicious activity pivoting from device to device.

What we recommend

Implement network segmentation within your home network by creating distinct segments for your primary Wi-Fi, guest Wi-Fi, and IoT network. This segregation ensures that less secure devices are prevented from directly interacting with your more secure devices.
Email security protocols add mechanisms to protect your email from threats, maintain privacy and ensure the overall security of communication.

What we recommend

For your personal email accounts, use email services that employ secure means of authentication such as strong Multi-Factor Authentication (MFA) and robust encryption protocols such as Transport Layer Security (TLS).

Communicate through UNSW email accounts with ease of mind

Email is the most widely used communication tool between students and academic staff. As an enrolled UNSW student, you have access to our secure email system hosted by Microsoft Office 365, opens in a new window, which has extensive cyber security controls, including anti-phishing and anti-malware protection.

What to do if your account or device is compromised

UNSW devices & accounts
Personal devices & accounts

Affected UNSW devices or accounts

If you believe your account or device has been affected by a malware, report the the cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or submitting an online form, opens in a new window immediately.

UNSW data breaches

UNSW has published a new Data Breach Policy and Procedure aimed at identifying, assessing, managing and responding to a breach of data held by UNSW. You can view the procedure, opens in a new window, or learn more on the Sharepoint site.

Common examples of data breaches can include loss or theft of a device containing UNSW data, unauthorised access of UNSW systems, loss of user login details or any loss of data through a cyber-attack. As soon as you suspect or confirm that a breach has occurred, report it immediately to UNSW IT Service Centre.

Report incident

Affected personal devices or accounts

If you suspect that your personal device or account has been compromised by a malware or virus, report the cyber security incident to the Australian Cyber Security Centre (ACSC), opens in a new window as soon as possible. If you have been targeted by a scam, report the incident to Scamwatch, opens in a new window.

In the event that your identity or personal data have been affected, it is strongly recommended that you look into the following:

Contact IDCARE, opens in a new window - National identity and cyber support service for individuals and organisations
Report all tax-related security issues to the Australian Tax Office, opens in a new window (ATO)
If you need to report a financial misconduct, contact the Australian Securities & Investments Commission, opens in a new window (ASIC) - National corporate regulator who can help with issues such as superannuation and crypto-asset scams
Apply a credit ban with Equifax, opens in a new window. While under ban, credit reporting bodies cannot disclose your information, blocking potential fraudulent activity.