Cyber Security Tips
Use a Strong Password
Picking a good password is important, however in accordance with University Password Policy all passwords must be over 8 characters, contain a mixture of upper case, lower case
and symbols, must not be re-used, and should not be a word listed in a dictionary.
The recommendation from the Cyber Aware campaign is to use three random words. These can be any three words in any order, and numbers or special characters can still be used, for example 7blueElevat0rRis!ng33, but don't use words or phrases which are easy for other people to guess e.g. TheLionKing.
For more information visit our dedicated page on Password security
Use Multi-Factor Authentication
It is important to have a strong password, but it is even more imperative to set up multi-factor authentication. This method provides two layers of security measures so if a hacker can accurately guess your password, there is still an additional security measure in place to ensure that your account is not breached. We encourage all students to sign up to multi-factor authentication by following the process below:
- Visit the My Security Info Page
- You will need to provide your existing password for verification
- You can add contact methods of Email, Phone or Mobile Authenticator app where you will receive a verification code if you need to reset your password. (You can’t use your University e-mail address for this because you won’t have access to it without your password!)
- Important note on security: if you register for this service you must ensure the security of your external e-mail account. Your University password is only as secure as your private e-mail account. You must ensure that you use a secure password on it and do not allow others to share access to it. It is best if you do not use this password for anything else. (You may well already be set up to receive password reminders for other sites on your private e-mail address, so this is good practice anyway).
Reset Your Password
If you think your account may have been compromised, you should reset your password straight away!
If you forget your password, you can reset it by following the process below:
- Go to the self-service password reset page
- Here you will first be prompted to enter your username and prove that you aren’t a robot. Provided that you have previously registered for the service (see above), you will be able to choose a registered contact method for verification.
- A unique verification code will then be sent to your chosen contact method
- Once the verification code is correctly entered, you can proceed to choose a new password and get back into your account
Beware of Phishing Scams
Phishing attacks are some of the greatest cybersecurity threats as they are very easy to fall for. In a phishing attack, a hacker will pose as someone that the recipient may be familiar with to trick them into opening a malicious link, divulging important credentials, or opening software that infects the recipient’s system with a virus. The best way to be on the lookout for phishing scams is by avoiding emails from unfamiliar senders, look for grammatical errors or any inconsistencies in the email that looks suspicious, and hover over any link you receive to verify what the destination is.
If you receive an IT related email you are unsure of, contact Digital Services.
Clicking Without Thinking is Reckless
Just because you can click, doesn’t mean you should. Malicious links can do damage in several different ways, so be sure to inspect links and ensure they’re from trusted senders before clicking. If you are unsure of a link, don’t click on it.
Keep Up to Date with Updates
Keep your devices up to date. Software patches can be issued when security flaws are discovered. You may find these notifications annoying, but you can consider them the lesser of two evils when weighing up rebooting your device versus putting yourself at risk for malware and other types of computer infection.
Secure Your Devices
Security doesn’t end at your desktop. It’s important to get into the habit of securing your presence through your mobile device as well. Use strong passwords and biometric features, ensure you turn off your Bluetooth, don’t automatically connect to any public Wi-Fi, and download with caution.
Back-Up Your Data
There’s no excuse not to have a backup of important data. Remember, malicious threats and hackers don’t always want to steal your data, but sometimes the end-goal is to encrypt or erase it. Back it up to have an ultimate recovery tool.
Protecting Your Account
The University uses identity protection tools to establish your typical IT usage to block unexpected behaviour. Types of activities that could be blocked include:
- Logons from unusual locations, such as overseas
- Logons from multiple locations at the same time
- Unusual usage of proxies to mask your location
- Access from machines know to have viruses/malware
To add additional protection to your account, or to allow usage from locations/devices that would otherwise be blocked by the University policy, you should register for the University’s Multi-factor authentication system in at our My Security Info page. More information on Multi-factor authentication is available in the Multi-Factor Authentication User Guide.