What is Cybersecurity?
Cybersecurity is the practice of protecting systems, networks, people, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal processes in our digital world.
Because Cybersecurity threats can impact your studies and personal lives, we need to work together to protect your data, as well as the University.
Cybersecurity at the University of Melbourne
You may not know that in Australia, and globally, tertiary education is one of the sectors most affected by cybercrime.
The University is working to uplift and bolster our current cybersecurity capability to prevent, detect, and respond to cyberthreats. New cybersecurity threats are discovered all the time and as soon as one threat is identified, a new one takes its place.
A cybersecure University of Melbourne is one where we’ve reduced our vulnerability to cyberthreats while balancing our need for openness, autonomy and collaboration. Taking a risk based approach to cybersecurity means we can better balance these needs while still managing our risk exposure.
Top Tip: Be wary of Phishing Emails!
Phishing emails are the number one method hackers use to steal information. If you recieve an email from someone you don't know asking you to reset your university email account password, do not click on any links. Report it to the cybersecurity team, block the sender, and delete the emailContact firstname.lastname@example.org to report any suspicious behaviour.
Tips for keeping your devices safe
Cybersecurity threats are becoming more advanced so it’s important to learn how to identify the risks and take steps to safeguard your devices and information. The loss or theft of information can cause personal inconvenience and have financial and other consequences.
- Connect securely
Random wireless hotspots can steal your passwords and private information. It is even possible to set up a hotspot that looks legitimate but lets people spy on everything you do while connected. To protect your privacy, use ‘UniWireless’ where available. Use the Virtual Private Network (VPN) when connecting from public wireless to remotely access the campus computer or if you need to transfer data securely to the University’s network.
- Keep your computer and phone software updated
The best way to protect yourself is to keep your computer and mobile phone operating systems and all your applications up-to-date. Make sure you have auto-updates turned on where it is available. Updating your software removes weaknesses that might be exploited by an attacker.
Make extra copies of your important files such as assignments and store them in a separate location like cloud storage, file servers, external hard drives, or USB memory sticks.
- Lock your devices
Always remember to lock your computer or phone screen before leaving it unattended. In addition, set your device to auto-lock after a period of inactivity (e.g. 5 minutes) in case you forget to lock your screen. This minimises the opportunity for someone to gain unauthorised access to your device. If you leave your device unattended, also be mindful of the potential for theft.
- Lost or stolen data and devices
Following these tips reduces the risk of someone breaking into your device and harvesting your data.
Changing all your passwords as soon as you realise your device is missing helps to further protect you.
Reporting that your device may be vulnerable also helps, especially if it wasn’t protected. Remember to contact your financial and other service providers as well as the University (by logging a ticket in ServiceNow), family and friends.
- Select a strong password
Research into choosing the best password is continually evolving our thinking around passwords, but the overarching principle is that your password should be easy for your to remember but hard for someone else to guess.
We recommend using a passphrase, which is 2 or 3 unrelated words joined together that also incorporates some numbers and symbols. It is also essential that you don’t reuse the same password for multiple accounts.
The current minimum requirements for your UniMelb password are that it:
- Must contain at least 8 characters
- Must contain at least one numeric character (0-9) and once special character (e.g. !, #, @)
- Must not be one of the last 10 passwords used
- Must not contain First Name, Last Name and UserID
- Don’t reuse passwords for different accounts
Use a different password for each account and website that you use. This ensures that even if one system is compromised, it won’t give automatic access to your other accounts. Having different, as well as complex, passwords will help to ensure your data and identity is protected.
- Consider using a firewall
A firewall helps you specify which other computers on the network your computer may communicate with. This will avoid unsolicited connections to your computer. A firewall can also be configured to request for your permission before allowing applications to access the network or Internet. There are free software firewalls available for download via the Internet. A firewall is particularly recommended for network or Internet connections that are active for long periods of time, for example, broadband Internet connections or wireless networks.
- Install and update anti-malware software
Anti-malware software (sometimes referred to as anti-virus) helps detect, block and remove malicious software from your computer, keeping your sensitive information safe. Devices owned by the University of Melbourne will automatically have this software installed and updated. Use reputable anti-virus software on your personal devices and ensure it is regularly updated. Configure it to scan every file accessed through any source, e.g. email, Internet, and disks. Occasionally, scan all disks for viruses and corrupt files. The University may notify you if your computer has been detected to contain malware.
- Internet Privacy
A good rule of thumb is to only post information you would be willing to put on a banner in a public place.
Assume that any information you enter online is public unless you are using a known, trusted, secure site.
Social networking sites (e.g. Facebook, Twitter), personal web pages, and blogs are great places for people to find personal information about you and once you post something, you can't take it back.
- Be cautious about downloads
Only execute or download files to your computer that are from known and trustworthy sources, as anti-virus software is not foolproof. Do not open email attachments in unsolicited emails and be wary of unsolicited emails requesting information or inviting you to click on a link.
- Minimise storage of sensitive information
Delete sensitive information whenever you can. Keep it off of your workstation, laptop computer, and other electronic devices if at all possible.
Don't keep sensitive information or your only copy of critical data, projects or files on portable or mobile devices (such as laptop computers, tablets, phones and memory sticks) unless they are properly protected. These items are extra vulnerable to theft or loss.
- Watch out for phishing or suspicious emails
You need to be increasingly cautious of unsolicited or suspicious emails, as they aim to steal your electronic identity and use it to compromise your personal information or access your computer system. Continue reading about unwanted emails.
Top Tip: Avoid using the same password across websites
Use a different password for each account and website that you use. This ensures that even if one system is compromised, it won’t give automatic access to your other accounts.
Having different, as well as complex, passwords will help to ensure your data and identity is protected.
- Report suspicious activity
Notify the University of Melbourne Cybersecurity team of any suspect or unusual behaviour via:Report Activity
- Have you been affected by a cyberthreat?
If you suspect that you have been the target of cyberthreat, please lodge a ticket through Service Now for assistance with moving forward to protect yourself and your device.Log a Ticket