Top tips for cyber security
Check the security of your devices and ensure you're protected against malicious attacks
Beware of online threats targeting your accounts, devices and data. These cyber security tips will help you stay safe.
With the threat of cyber security continuously increasing, we have invested in comprehensive defensive measures to prevent online threats from affecting you. Failure to take protective measures could result in the theft of your sensitive information, malware installation in your devices or unauthorised tracking of your online activities. It’s important to know how you can manage your own cyber risks at uni, at home, and in public spaces.
Choose your Wi-Fi connection carefully
If you're in a public space, avoid connecting to public Wi-Fi networks in cafes, bars, restaurants, etc. Use your mobile phone’s hotspot instead, if you can.
When you're on campus, ensure you're connected to UNSW's secure, private Wi-Fi networks such as Uniwide. Are you in a secluded spot? Explore our various secure networks that you can choose from below.
Quick & easy tips
Take a look at how you can improve your cyber security in several quick steps!
-
You’re probably used to getting pop-ups on your computer, phone or other devices telling you a system update is available, right? Top tip – don’t ignore them!
Updated versions of your device's operating system (OS) include enhanced security features that older versions don’t have! Keeping your OS up to date is a minimal effort way to protect your devices and information.
What we recommend
- Enable automatic updates wherever possible, or at least avoid delaying updates when reminders appear
- Allow updates to download over mobile data and not just Wi-Fi (if you're on a mobile plan that can accommodate it)
- Restart your device regularly to auto-install updates.
-
Malware can infect our everyday devices even through simple interactions with software and web-based services. Security software (e.g. antivirus software) protects devices, servers and networks from unauthorised access, viruses and other threats. This software can be integrated into an operating system, or installed separately.
What we recommend
- Look for security software that offers a multi-layered defence system encompassing features like anti-virus, anti-phishing, anti-malware, safe browsing and firewall capabilities
- Check your device's built-in security software and ensure they're up to date.
-
Passwords, pins, patterns and other security question responses are important barriers for preventing unauthorised access to your accounts.
What we recommend
- Use different passwords for different accounts
- Don’t store passwords or answers to security questions in plain text form on your system or anywhere that is accessible to others. Use a password manager which will store your passwords in an encrypted format.
Our protective measures for you
To help keep your information safe from cyber criminals, we have strengthened the password requirements for your UNSW accounts. Use the UNSW Identity Manager self-service portal to manage, change or reset your password.
To be able to use all portal services, ensure you have a personal email address OR mobile number registered in your myUNSW Student Profile.
-
Multi-Factor Authentication (MFA) is an electronic verification method that requires two or more steps of authentication to provide access to online accounts, apps and other digital services.
For example, some online accounts might require you to enter your password (the first 'factor of authentication'), along with a one-time code that's sent to you at the time of logging in (the second 'factor of authentication'). The one-time code may be sent to you by SMS or to a device such as your mobile phone.
What we recommend
- If you receive an email, SMS or notification from your MFA app triggered by a login attempt and you’re sure it wasn’t you, don't accept it - reset your password and report the issue
- Not all forms of MFA are created equal. Mobile app-based login prompts with number matching (like the Microsoft Authenticator App) are stronger than SMS-based ones. Where possible, use strong MFA, especially for your private email accounts and cloud storage services.
Adding an extra layer of defence for your university accounts
At UNSW, we use the Microsoft Authenticator App for all Single Sign-on (SSO) applications, like your student email, myUNSW and Moodle. This ensures that only you can access your UNSW accounts and any sensitive information contained within them.
-
Email and text messages present a prime opportunity to exploit individuals and organisations. Cyber criminals can use various techniques such as phishing and smishing (SMS-based phishing) to deceive you into clicking malicious links, downloading malware-infected attachments or divulging sensitive information. These attacks are often disguised as legitimate emails from trusted sources, making it challenging for users to identify the threats.
Successful mail-based and text-based attacks can lead to data breaches, unauthorised access to systems, financial losses and reputational damage.
What we recommend
- Report all potential phishing emails. Your personal email service provider will have a method by which you can do this. Follow the instructions for Outlook, if you are using your UNSW account
- Avoid opening attachments or links from unsolicited emails. Remember that you can check the identity of a sender via secondary methods, such as by phone or in-person. You can also search for the site with a search engine
- Never open emails that make outlandish claims or offers that seem “too good to be true”
- Enable mobile device security spam filters where possible - learn more for Apple and Android.
- Beware of suspicious messages requesting personal details or containing links.
Medibank security incident
In late 2022, a major cyber incident occurred within Medibank Private, affecting international students in Australia with overseas student health cover policies from Medibank Private or its subsidiary, Australian Health Management Group Pty Ltd (ahm).
Who can I speak to?
- Visit the Medibank store on Kensington campus for face-to-face enquiries between 9:30am - 3pm, Monday to Friday
- Contact Medibank directly on 13 23 31
- Continue to check your email for further updates from Medibank.
What to do if your UNSW account has been affected
If you think you have clicked on a phishing link or downloaded a malicious attachment sent to your student email address, act fast. Report the cyber security incident to UNSW IT Service Centre.
When you report potential phishing emails, UNSW Cyber Security will identify other mailboxes the phishing email could have reached and invoke our incident response practices.
If you receive a communication about your program, enrolment or related matters and you're not sure if it's legitimate, contact The Nucleus: Student Hub to verify it.
-
Backup and recovery methods ensure that important information stored on your devices and applications is also accessible to you from somewhere else. If the primary location is disrupted, you can then simply restore the data from your secondary location. Businesses employ this technique to avoid data loss issues.
What we recommend
- Regularly back up personal information stored on devices to your preferred collaboration and storage platform
- Use strong passwords and MFA for your chosen storage platforms
- Encrypt laptops, PCs and mobile devices so they can't be tampered with if stolen.
Backing up your university data just got easier
As a UNSW student, you have access to Microsoft Office 365 services, including OneDrive and SharePoint, to help you encrypt and synchronise uni-related information. This ensures that you can safely access your data across your various devices.
Advanced tips
Go through some additional tips on how you can improve the security of your online ecosystem.
-
Your network router serves as the entry point to your home network. Without adequate security measures and timely updates, network routers become more susceptible to compromise, potentially endangering other devices connected to the network.
What we recommend
- Keep your routing devices on your home network up to date with the latest patches to minimise vulnerabilities and enhance security (preferably through automatic updates)
- Replace routing devices when they reach their end-of-life (EOL) for support so they can continue receiving updates and patches as new vulnerabilities are discovered
- Consider using your own routing device alongside the modem/router provided by your Internet Service Provider (ISP) to gain greater control over your home network's routing and wireless capabilities
- Take advantage of modern router features to establish a separate wireless network specifically for guests, thereby segregating it from your more trusted and private devices. Most network routing devices also allow configurations to block certain types of network traffic.
-
Remember that if your Wi-Fi connection isn’t secure, it can be used to steal sensitive information (such as passwords and documents) and to infect your devices with malware.
What we recommend
Ensure that your personal or ISP-provided Wireless Access Point (WAP) supports Wi-Fi Protected Access 3 (WPA3). When setting up WPA3 or WPA2/3:
- Use a robust passphrase to your network device with a minimum length of fourteen characters;
- Modify the default Service Set Identifier (SSID) to a unique value;
- Avoid hiding the SSID as this does not provide any additional security to your wireless network and may cause compatibility issues.
-
Most current home networks consist of lots of different devices, including laptops, PCs, mobile phones, tablets, gaming consoles and smart devices. These are often from different manufacturers and come with varying degrees of security posture. Keeping the devices on separate networks can prevent malicious activity pivoting from device to device.
What we recommend
Implement network segmentation within your home network by creating distinct segments for your primary Wi-Fi, guest Wi-Fi, and IoT network. This segregation ensures that less secure devices are prevented from directly interacting with your more secure devices.
-
Email security protocols add mechanisms to protect your email from threats, maintain privacy and ensure the overall security of communication.
What we recommend
For your personal email accounts, use email services that employ secure means of authentication such as strong Multi-Factor Authentication (MFA) and robust encryption protocols such as Transport Layer Security (TLS).
Communicate through UNSW email accounts with ease of mind
Email is the most widely used communication tool between students and academic staff. As an enrolled UNSW student, you have access to our secure email system hosted by Microsoft Office 365, which has extensive cyber security controls, including anti-phishing and anti-malware protection.
What to do if your account or device is compromised
- UNSW devices & accounts
- Personal devices & accounts
Affected UNSW devices or accounts
If you believe your account or device has been affected by a malware, report the the cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or submitting an online form immediately.
UNSW data breaches
UNSW has published a new Data Breach Policy and Procedure aimed at identifying, assessing, managing and responding to a breach of data held by UNSW. You can view the procedure, or learn more on the Sharepoint site.
Common examples of data breaches can include loss or theft of a device containing UNSW data, unauthorised access of UNSW systems, loss of user login details or any loss of data through a cyber-attack. As soon as you suspect or confirm that a breach has occurred, report it immediately to UNSW IT Service Centre.
Affected personal devices or accounts
If you suspect that your personal device or account has been compromised by a malware or virus, report the cyber security incident to the Australian Cyber Security Centre (ACSC) as soon as possible. If you have been targeted by a scam, report the incident to Scamwatch.
In the event that your identity or personal data have been affected, it is strongly recommended that you look into the following:
- Contact IDCARE - National identity and cyber support service for individuals and organisations
- Report all tax-related security issues to the Australian Tax Office (ATO)
- If you need to report a financial misconduct, contact the Australian Securities & Investments Commission (ASIC) - National corporate regulator who can help with issues such as superannuation and crypto-asset scams
- Apply a credit ban with Equifax. While under ban, credit reporting bodies cannot disclose your information, blocking potential fraudulent activity.
See also
Need help?
The UNSW IT Service Centre is here to assist you with issues regarding your devices, accounts, cyber security and network issues. We're here to help.