Skip to main content

ITMS

Cyber security

What is a cyber threat and why we should care

Why is cyber security important?

In today's world, we are all faced with cyber security threats.

Some of the main threats you might come across include:

  • reporting a cyber incident
  • phishing and spear-phishing emails
  • data protection
  • password management
  • malware and ransomware
  • online privacy (Think Before You Link)

    If we are all vigilant we can work together to help secure our data and systems.

    Reporting a cyber incident

    What is a cyber incident?

    A cyber security incident is a single or series of unwanted or unexpected events that have a significant probability of compromising an organisation’s business operations.

    Cyber security incidents can impact the confidentiality, integrity or availability of a system and the information that it stores, processes or communicates.

    Types of cyber security incidents

    The types of cyber security incidents you should report include:

    • suspicious system and network activities
    • compromise of sensitive information
    • unauthorised access or attempts to access a system
    • emails with suspicious attachments or links
    • denial of service attacks
    • suspected tampering of electronic devices.
    How should I report a cyber incident?

    Contact ITMS and report your concerns. Methods of contact include calling the IT Service Desk on (08) 8946 6600, logging a job in LogIT, or in the case of a spam or phishing email attaching the email to another and sending it to report-spam@cdu.edu.au.

    Please note: The suspect email needs to be attached so that the headers of the email can be examined. Forwarding it removes the suspect emails' original headers.

    Phishing and spear phishing emails

    What are phishing and spear phishing emails?

    Phishing

    Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

    Whaling or spear phishing

    The scammer targets a business in an attempt to get confidential information for fraudulent purposes. To make their request appear legitimate, they use details and information specific to the business that they have obtained elsewhere.

    For further information

    What does a phishing or spear phishing email look like?

    Phishing and spear phishing emails try to look like legitimate emails.

    Below are some indicators that an email is fake.

    Spotting a fake email

    spot fake emails
    How should I report a phishing and spear phishing email?

    Should you suspect an email is a phishing or spear-phishing email you should use
    the "Phish Alert Report" button in Outlook or send it to report-spam@cdu.edu.au
    where it will be accessed, and if found to be such an email, blocked.

    How to use the phish alert button

    Please refer to the How to use the phish alert button page from KnowBe4.

    I have received an email with a suspicious attachment. What should I do?

    Be wary of opening an attachment from an unknown source as it can have serious consequences for everyone at CDU.

    Points to note are:

    • do not run or enable macros on documents you do not know or trust. When opening a document, it will ask you if you want to enable macros, never enable macros on a document you do not totally trust.
    • be very cautious around phone contacts asking or pressuring you into opening documents and enabling macros.
    • if in doubt please forward emails containing documents with macros to CDU.SecurityAlerts@cdu.edu.au.
    • do not open documents from private or personal email addresses containing macros while connected to the CDU network directly or via VPN.

    Recognising a macro document

    Macros were designed to be helpful and provide document automation, but now they have been subverted and are often malicious.

    The icon for Word and Excel documents that have Macros looks like these:

    word marco icon

     

     Word

    Excel marco icon

     

     Excel

    Macros can also come in other file formats, such as PDF, so beware of opening any documents.

    If you open the document, it will ask if you want to enable content.
    Never click "Enable Content" unless you trust the document.

    word marco question


    Further information on Macro viruses can be found here Norton - Macros Viruses and here Caliro - What is a Macro Virus.

    Cyber security training

    What training materials do I have access to?

    CDU uses the industry-leading company KnowBe4 as our cybersecurity training provider.

    There are also 14 optional Cyber-Security training courses available via the KnowBe4 library. To access these, login to KnowBe4 Training and click the Library tab to the right of the Training tab to access them.

    The courses cover the below subjects, and much more;

    • Email threats
    • CEO Fraud
    • Safe Web Browsing
    • Mobile Device Security
    • Social Engineering
    • Safely working from home
    • Common threats

    Data protection

    What is data protection?

    Data protection is ensuring that only people that are authorised have access to your data or CDU's data have access. This is to ensure the confidentiality, integrity and availability of that data.

    How can I ensure my data is protected?

    You can improve the protection of your data by:

    • never share your password with anyone regardless of who it is, this includes giving it to IT Support when asked.
    • using two-factor authentication where available.
    • never use your password to try and log in to suspicious websites.
    • use trusted cloud storage solutions, such as OneDrive, instead of storing on thumb drives or external hard drives, which can be lost or stolen.
    • add password protection to sensitive files. Programs such as Microsoft Word and Excel have this built-in but need to be applied. Be aware if you do this and forget the password, the document will be lost and not recoverable.
    • keep computers up to date with the latest security patches. 
    • keep anti-virus software up to date. 

    At CDU anti-virus and security patches are done automatically but home computers are your responsibility.

    Password management

    What is password management?

    Passwords are the most common method for users to confirm their identities on computer systems or websites. It acts as the first line of defence against unauthorised access.

    Password Management is critical to maintaining the effectiveness of this line of defence by practising a good password management policy.  

    Further information

    Stop|Think|Connect - General Tips & Advice for practicing online safety

    How can I manage my passwords?

    If you really want to manage your passwords well, you can get a password manager. This is a program or application that acts as a wallet for your passwords. It requires a master password to open and once opened allows you to access your other passwords. It will even create and store passwords for you, which can be copied and pasted when needed. Make sure if you do this, that the program or application has a good reputation and that you create a strong master password.

    If you don't want to get this sophisticated, you need to at least avoid using the same password for everything, because once it has been compromised it can be used on other websites. One way of doing this would be to have a composite password made up of two parts. One that is standard for everything and the second part that is unique to the website. That way, when you log in, you build the password from the rules that only you know.

    Further information

    LinkedIn Learning - Protecting yourself Online - Passwords (Video 2m 58s) 

    Malware and ransomware

    What is malware and ransomware?

    Malware is malicious software that is specifically designed to disrupt, damage, or gain authorised access to a computer system.

    Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Normally the files are encrypted and the victim, to regain access, is expected to pay to get the files decrypted.

    Further information

    LinkedIn Learning - Viruses and Malware (4 Mins)

    How can I avoid malware and ransomware?

    Malware and Ransomware have to get on your computer in the first place. They are normally disguised as legitimate-looking attachments that have malicious code buried inside them.

    To prevent this make sure you carefully examine any attachments that you receive. If an attachment says it needs special permission before it will open, don't try and open it. It needs to be carefully examined to see if it is malicious.

    Before trying to open attachments ask yourself:

    • was I expecting this?
    • have I received files like this before from this sender?
    • do I know the sender?

    Points to note are:

    • do not run or enable macros on documents you do not know or trust. When opening a document, it will ask you if you want to enable macros, never enable macros on a document you do not totally trust.
    • be very cautious around phone contacts asking or pressuring you into opening documents and enabling macros.
    • if in doubt please forward emails containing documents with macros to CDU.SecurityAlerts@cdu.edu.au.
    • do not open documents from private or personal email addresses containing macro’s while connected to the CDU network directly or via VPN.

    Also, see "I have received an email with a suspicious attachment. What should I do?" in the top section above.

    Online privacy

    What is online privacy?

    Online privacy (or sometimes called Internet privacy) involves the ability to control what information you reveal about yourself over the Internet and to control who could access that information. 

    How can I maintain my online privacy?

    Be careful where you post personal information. If you want to give someone some personal information, do it in a private message, not on an open post that everyone can read.

    Check your privacy settings on social media, so that only the people you want to see information are in fact the only ones.

    Further information

    LinkedIn Learning - Protecting Yourself Online  - Sharing Sensitive Information (Video 4m 59s)

    Think before you link

    Not everyone you meet online is who they say they are. That won’t be news if you’re familiar with the messaging from our colleagues at the Australian Cybersecurity Centre and Australian Federal Police about keeping yourself safe online.

    Any invites to link online with people should be viewed with a high degree of caution. Only link to people that you have confidence they are who they say they are.  People are out there are tricking unsuspecting individuals into connecting and then manipulating them once they have. People receive offers that sound too good to be true because they are too good to be true.

    The Australian Security Intelligence Organisation (ASIO) have developed a resource kit to let you know more about the problem and how to avoid it.

    Resource kit: https://www.asio.gov.au/TBYL.html

     

    Please note: Clicking the unsubscribe link on emails, from non-reputable sources, just confirms to them the email address is a valid one and to continue sending emails to it. It is often better to just right-click it and mark it as junk.

    All campuses contacts

    We are your first point of contact for assistance with computers, the internet, telephones, printers and associated information technology equipment and services.

    Service Desk
    T:  08 8946 6600
    Internal: Ext 6600
    International: 
    +618 8946 6600

    Opening hours
    Mon - Thu: 7:30am - 6.00pm
    Friday: 7.30am - 5.30pm 

     

    In-person (kiosk)
    CDU Library, Red Building 8, Casuarina campus
    Casuarina campus map (PDF 1MB) (PDF, 1.03 MB)

    Feedback
    ITMS would love to hear from you.
    Provide feedback