Be Cyber Secure

Cyber Security at CDU

In today's world we are all faced with cyber security threats. 

This page covers some of the main threats you might come across.

  • Reporting a Cyber Incident
  • Phishing and Spear Phishing Emails
  • Data Protection
  • Password Management
  • Malware and Ransomware
  • Online Privacy (Think Before You Link)

If we are all vigilant we can work together to help secure our data and systems.

Training

CDU uses the industry-leading company KnowBe4 as our Cybersecurity training provider. Access to their training can be found here.

Open all | Close all

Reporting a Cyber Incident

What is a Cyber Incident?

A cyber security incident is a single or series of unwanted or unexpected events that have a significant probability of compromising an organisation’s business operations. Cyber security incidents can impact the confidentiality, integrity or availability of a system and the information that it stores, processes or communicates.

Types of Cyber Security Incidents

The types of cyber security incidents you should report include:

  • suspicious system and network activities
  • compromise of sensitive information
  • unauthorised access or attempts to access a system
  • emails with suspicious attachments or links
  • denial of service attacks
  • suspected tampering of electronic devices.

How should I report a Cyber Incident?

To report a cyber incident you should contact ITMS and report your concerns. Methods of contact include calling the IT Service Desk on (08) 8946 6600, logging a job in LogIT or in the case of a Spam or Phishing email attaching the email to another and sending it to report-spam@cdu.edu.au 

Note The suspect email needs to be attached so that the headers of the email can be examined. Forwarding it removes the suspect emails original headers.

Phishing and Spear Phishing Emails

What are Phishing and Spear Phishing emails?

Phishing

Phishing is the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

Whaling or Spear Phishing

The scammer targets a business in an attempt to get confidential information for fraudulent purposes. To make their request appear legitimate, they use details and information specific to the business that they have obtained elsewhere.

For Further Information

What does a Phishing or Spear Phishing email look like?

Phishing and Spear Phishing emails try to look like legitimate emails.

Below are some indicators that a email is fake.

Spotting a Fake Email

Spot a fake email

How should I report a Phishing and Spear Phishing email?

Should you suspect an email is a Phishing or Spear Phishing email you should use
the "Phish Alert Report" button in Outlook or send it to report-spam@cdu.edu.au
where it will be accessed and if found to be such an email, blocked.

How to use the Phish Alert button

Please refer to the "How to Use the Phish Alert Button" page from KnowBe4.

I have received an email with a suspicious attachment. What should I do?

Staff are reminded that if they receive an email from an unexpected source that has an attachment which they then try to open, it can have serious consequences for everyone at CDU.
Points to note are;

  • Do not run or enable macros on documents you do not know or trust. When opening a document, it will ask you if you want to enable macros, never enable macros on a document you do not totally trust.
  • Be very cautious around phone contacts asking or pressuring you into opening documents and enabling macro’s
  • If in doubt please forward emails containing documents with macro’s to CDU.SecurityAlerts@cdu.edu.au
  • Do not open documents from private or personal email addresses containing macro’s while connected to the CDU network directly or via VPN

Recognising a Macro Document

Macros were designed to be helpful and provide document automation, but now they have been subverted and are often malicious.

The icon for Word and Excel documents that have Macros looks like these

Word and Excel

Macros can also come in other file formats, such as PDF, so beware of opening any documents.

If you open the document, it will ask if you want to Enable Content.
Never click "Enable Content" unless you totally trust the document.


Further information on Macro viruses can be found here Norton - Macros Viruses and here Caliro - What is a Macro Virus.

Data Protection

What is Data Protection?

Data protection is ensuring that only people that are authorised have access to your data or CDU's data have access. This is to ensure the confidentiality, integrity and availability of that data.

How can I ensure my data is protected?

You can improve the protection of your data by;

  • Never sharing you password with anyone regardless of who it is, this includes giving it to IT Support when asked.
  • Using two factor authentication where available.
  • Never use your password to try an login to suspicious websites.
  • Use trusted cloud storage solutions, such as OneDrive, instead of storing on thumb drives or external harddrive, which can be lost or stolen.
  • Add password protection to sensitive files. Programs such as Microsoft Word and Excel have this built in, but needs to be applied. Be aware if you do this and forget the password, the document will be lost and not recoverable.
  • Keep computers up to date with the latest security patches. 
  • Keep anti-virus software up to date. 

At CDU anti-virus and security patches are done automatically but home computers are your responsibility.

Password Management

What is Password Management?

Passwords are the most common method for users to confirm their identities on computer systems or websites. It acts as a first line of defence against unauthorised access.

Password Management is critical to maintain the effectiveness of this line of defence by practising a good password management policy.  

Here is CDU's password policy:

http://www.cdu.edu.au/governance/doclibrary/pol-023.pdf

Further Information:

How can I manage my Passwords?

If you really want to manage your passwords well, you can get a password manager. This is a program or application that acts as a wallet for your passwords. It requires a master password to open and once opened allows you to access your other passwords. It will even create and store passwords for you, which can be copied and pasted when needed. Make sure if you do this, that the program or application has a good reputation and that you create a strong master password.

If you don't want to get this sophisticated, you need to at least avoid using the same password for everything, because once it has been compromised it can be used on other websites. One way of doing this would be to have a composite password made up of two parts. One that is standard for everything and the second part that is unique to the website. That way, when you login, you build the password from the rules that only you know.

For Further Information

Malware and Ransomware

What is Malware and Ransomware?

Malware is malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Normally the files are encrypted and the victim, to regain access, is expected to pay to get the files decrypted.

For Further Information

How can I avoid Malware and Ransomware?

Malware and Ransomware has to get on your computer in the first place. They are normally disguised as legitimate looking attachments that have malicious code buried inside them.

To prevent this make sure you carefully examine any attachments that you receive. If an attachment says it needs special permission before it will open, don't try and open it. It needs to be careful examined to see if it is malicious.

Before trying to open attachments ask yourself;

  • Was I expecting this?
  • Have I received files like this before from this sender?
  • Do I know the sender?
Points to note are;
  • Do not run or enable macros on documents you do not know or trust. When opening a document, it will ask you if you want to enable macros, never enable macros on a document you do not totally trust.
  • Be very cautious around phone contacts asking or pressuring you into opening documents and enabling macro’s
  • If in doubt please forward emails containing documents with macro’s to CDU.SecurityAlerts@cdu.edu.au
  • Do not open documents from private or personal email addresses containing macro’s while connected to the CDU network directly or via VPN
Also see "I have received an email with a suspicious attachment. What should I do?" in the top section above.

Online Privacy

What is online privacy?

Online privacy (or sometimes called Internet Privacy) involves the ability to control what information you reveal about yourself over the Internet, and to control who could access that information. Protect your online privacy. Don’t ever put anything online that you wouldn’t want to show up on the front page of NT News, or that you wouldn’t want your grandmother to see.

For Further Information

How can I maintain my online privacy?

Be careful where you post personal information. Don't over share! If you want to give someone some personal information, do it in a private message not on an open post that everyone can read.

Check your privacy settings on social media, so that only the people you want to see information are in fact the only ones.

Think Before You Link

Not everyone you meet online is who they say they are. That won’t be news if you’re familiar with the messaging from our colleagues at the Australian Cybersecurity Centre and Australian Federal Police about keeping yourself safe online.

Any invites to link online with people should be viewed with a high degree of caution. Only link to people that you have confidence they are who they say they are.  People are out there are tricking unsuspecting individuals into connecting and then manipulating them once they have. People receive offers that sound too good to be true because they are too good to be true.

The Australian Security Intelligence Organisation (ASIO) have developed a resource kit to let you know more about the problem and how to avoid it.

Resource Kit: https://www.asio.gov.au/TBYL.html

Note: Clicking the "Unsubscribe" link on emails, from non-reputable sources, just confirms to them the email address is a valid one and to continue sending emails to it. It is often better to just right-click it and mark it as junk.

ITMS

Contact information

W: logit.cdu.edu.au

Location
IT Kiosk, Red 8, Casuarina campus
Office hours: 8am - 4pm, Mon- Fri (CST)

Telephone
08 8946 6600 (ext 6600)
Phone hours: 7:30am - 6pm (Mon - Thu)
7.30am - 5.30pm (Fri)

News

ADAPT Technologies


The ADAPT technologies make it easier to access your work across a variety of devices.

Find out more about how ITMS are making the transition to ADAPT.

Related links