What you can do

The internet is part of everyday life, at home, work and school. It's important to be safe when online and to secure your computers and servers properly, otherwise you may be putting your home finances or business at risk.

If malicious software infects your computer equipment it can corrupt your files and can allow others to access your confidential business information.

You can help reduce the risks by having up-to-date security software installed and activated, securing your internet connections and services and understanding and managing the emails and files you receive or download.

Backing-up your data can also help you recover your information if a virus destroys your files, or if your computer is stolen or damaged.

Find out how to safely:

• Set and use strong passwords

  • Remembering passwords can get difficult so using a password manager can help.

• Protect your email

  • Manage and reduce spam
  • Malware
  • Prevent spyware from getting onto your computer
  • Is your computer infected?
  • Use online telephoning (VoIP)
  • VoIP threats
  • Minimising security threats

  Back-up your data

• Comparison of back-up options

• Frequency and types of back-ups

• The benefit of multiple back-ups
• Disaster recovery and back-ups
• Develop a back-up strategy

• Share files

  • Sending and receiving files via email
  • Sending and receiving files via portable storage devices
  • Peer-to-peer file-sharing networks

• Update software

  • Updates for Windows
  • Updates for Apple
  • Updating anti-virus and plugins
  • Updating security software
  • Anti-virus features

• Secure your internet connection

  • Secure your wireless network
  • Protect your web browser
  • Cookies and security
  • Access security settings on your browser

• Secure your computers

  • Secure your servers
  • Secure your equipment
  • Firewalls
  • Remotely accessing your network
  • Secure your network
  • Secure your remote access

Information provided by Department of Communications - Stay Smart Online

Some of us love sharing our personal news and views about what’s going on in our lives. Have you stopped to think who outside your trusted circle of friends and relatives may be viewing what you post?

Did you know that spam bots, vindictive “friends” and even criminals could take an interest, too?

When you’re talking and sharing thoughts and information online; remember that once a message, photo or video is shared, there’s no control over where it goes. Good privacy settings help control who you “friend”. Not sharing the password, setting your profile to private and not accepting friend requests from random people are a great start.

Check out how to do a privacy check on Facebook, Instagram, Snapchat etc. they all have help available on their sites to do that.

Online forums, messaging, and social media sites are great for socialising with friends and family, sharing photos and videos, and expressing yourself and being creative.

Unfortunately there are people who use social media to:

• embarrass, harass or attack others
• steal personal information and identities.

To get the most out of social media you sometimes need to provide personal information. However, it's important to be careful about what information you put online and who you allow to see it.

Remember: social media sites allow you to control the types of information you share online and how you interact with others.

Using social media safely

Here are some steps to help protect you when using social network sites.

• Read and understand social networking privacy settings, be aware of what you share and who you are sharing it with.
• Ensure you read and understand any terms and conditions before accepting and agreeing to them.
• Protect your accounts with strong passwords.
• Think before you post—people other than your friends and family may see what you post online.
• Think before you click—remember that it can be difficult or impossible to remove posted photos or information after the event.
• Be careful posting information that could compromise your or others the security, such as:
  • date of birth
  • address
  • information about your daily routine
  • holiday plans
  • your children's schools.
• Consider turning off geolocation features in social networking apps.
• Don't post inappropriate photos of you or your family and friends, and always seek permission before posting a picture of someone else.
• Never click on suspicious links, even if they are from your friends, as their social media account may have been hacked.
• Be wary of strangers as people are not always who they say they are.
• Never access social networking by clicking a link in an email or other website.
• Don't use social networking sites that do not offer any privacy settings or that enable users to contact each other anonymously.

Check the site's privacy policy

Read the website's privacy policy before you sign up.

Legitimate social networking sites will have a privacy statement that tells you how they collect and use your information and when and how they might disclose this information either through the website or to third parties.

• Some sites may share your information, such as email addresses or user preferences, with third party businesses, that may send you spam.
• Locate the sites' policies for handling referrals to make sure that you do not accidentally sign your friends up for spam.
• Privacy policies can change. In many cases by continuing to access or use the services after those changes become effective, you agree to be bound by the revised privacy policy. You should regularly review privacy policies and review how much information you reveal in your profile.
• If you use applications or sign up for games inside the website, remember to read the individual privacy policy. Do not assume that they will have the same policy as the parent website.

Some online games' privacy policies specifically state that they can use your and your friends' information in whatever way they like if linked to your social media accounts.

Be careful how much personal information you share online

Once information is online, it is difficult to remove it completely. Even if you remove information from your profile, saved or cached versions may still exist on other computers.

• Adjust your privacy settings to control the amount and type of information you share, and who can see what parts.
• The photos, comments and messages that you share could be seen by anyone, and are not always removable if you change your mind.
• Do not post information that would make you or your family vulnerable (for example your date of birth, address, information about your daily routine or holiday plans). This information can be used by criminals to commit identity theft, or to stalk and harass you.

Be careful when sharing your opinion online

Be careful about what you say about others online. Posting something rude, offensive or derogatory about another person or business in a public forum can have consequences. Once you post a comment it can be difficult to remove all record of it. Comments you make may be used as legal evidence.

Many companies check to see if job applicants have online profiles. Be aware that the photos and information you share with your friends may not be what you want a prospective employer to see. 

Be wary of strangers

Remember people are not always who they say they are online.

• If you are 'friends' with people you do not know, be careful about the amount of information that you reveal and take care if choosing to meet them in person.
• Use your social networking site's privacy settings to limit their access to your information.

Watch out for phishing emails

Emails pretending to be friend requests from social networking sites try to direct people to fake versions of these websites. These fake websites may contain malicious software that could steal your personal information and infect your computer.

Protect yourself from phishing emails

• Before you click on a link in an email, hover over the link and check the destination URL address. Is it going where you expect it to?
• Always type your social networking website address into your browser or access it through a trusted app on your phone.

Protect your accounts with strong, unique passwords

Your profile in social networking sites often include information that could be used to steal your identity (for example open a bank account or credit card in your name), such as your date of birth, your phone number and your work and study history.

Never use the same password that you use for your email account. This reduces the chances of a hacker logging in to your account.

Have a different password for each social networking site so that if one password is stolen, not all of your accounts will be at risk.

Where to get help

Find out more:

• Protecting Yourself Online- What Everyone Needs to Know (PDF 2.7 MB)
• Protecting Your Identity booklet – What Everyone Needs to Know (PDF 985 KB)

Information provided by Department of Communications - Stay Smart Online

Mobile devices like smartphones and tablets are basically small portable computers. Just like your computer at home they can be hacked, infected with a virus and, if unsecured, provide access to your personal information.

Protect yourself and your mobile device

Keep your mobile device with you at all times. Remember if your mobile device is unsecured and it is lost or stolen:

• It could be used to access your money or to steal your identity using information on your device.
• You may have lost irreplaceable data (if it is not backed up).
• It may provide access to your social media accounts which could enable someone to pose as you, or steal your identity using your profile information (such as your date of birth and photo).
• Someone may use your phone or its Subscriber Identity Module (SIM) card and rack up telephone charges to your account.

Remember your smartphone or tablet is a mini-computer and you need to protect and secure it just as you would you home or laptop computer. Treat your smartphone like your wallet; keep it safe and with you at all times.

Secure your mobile device

• Turn on the security features of your device – all devices have them. Contact your manufacturer or service provider for instructions, or look them up online.
• Set a password or Personal Identification Number (PIN) that must be entered to unlock the device and put PINs on your SIM card and voicemail.
• Install reputable security software – your device's manufacturer can provide recommendations.
• Update your device's operating system as soon as new updates are available. Set them to update automatically when connected to wi-fi to keep data costs to a minimum.
• Leave your Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it. When connecting using Bluetooth, do it in private, uncrowded areas only.
• Use encrypted wi-fi networks that require a password and ensure your device does not automatically connect to new networks.
• Record the International Mobile Equipment Identifier (IMEI) of your handset, a 15 or 17 digit number usually printed on a label under the battery. If your device is lost or stolen, you can report this number to your provider and they can block the handset from being used.
• Use remote tracking (via GPS) and enable the locking and/or wiping functions, if your device supports them.

Secure your information

• Back up your data regularly, either when you synchronise it with a computer or on a memory card.
• Do not save passwords or PINs as contacts on your phone.
• Avoid online banking over public wi-fi or in busy public areas. Passers-by could be watching what you are typing (known as shoulder-surfing).

Using applications (apps) on mobile devices

Many apps have the ability to collect and transmit data from your device about your personal information, location, contacts and messages. You can control the personal information accessed by an app by choosing permissions when you install it.

Be careful of downloading hoax or malicious software that could contain a virus or malware. Always source your apps from reputable providers and check the feedback other users leave. If you are unsure why an app needs access to your contacts, calls, photos or location, see if there is a different app available that has the same functionality that you need.

Be smart about how and where you use your mobile device

• Stick with reputable sites and applications when downloading anything from the internet.
• Do not download content, particularly applications, from unknown or unreliable sources. They could contain malicious software.
• Turn GPS settings off when not in use as this can be used to track your location.
• Log out of websites when you are finished.
• Think before you click. Do not open anything unless you are expecting it and it is from a trusted source. It could contain malicious software or take you to a malicious website.
• Change your settings so that your device asks permission to join any new wireless networks.

Protect against malicious software (malware)

Viruses, spyware, trojans and worms are all types of malware. Malware is software designed to be installed into a computer system to cause harm to the user or others.

Malware can track your movements in the real world and steal information (including passwords) for the purposes of identity theft or crime.

• Watch out for prompts or warnings asking if you want to allow software to install or run. If you don't know what it is, don't accept the prompt.
• Avoid 'rooting' or 'jailbreaking' your device. Rooting or jailbreaking involves intentionally bypassing software restrictions in the device to get additional flexibility or functionality, but it also bypasses security restrictions and exposes your device to malware threats.
• Only use legitimate app stores. Avoid 'side loading' from third party app stores, as these are more likely to harbour malware (even in seemingly legitimate apps).
• Check app permissions. When an app is installed it has to ask the user for 'permission' to use specific types of functionality. Consider whether you want that app to have access to your information.
• Keep a close watch on your billing information. Some malware makes money for scammers by sending SMSs from your device to premium-rate numbers. Contact your carrier immediately if you see any unexpected activity on your account.

Symptoms of malicious software infections

Your device may have been infected with malicious software if any of the following things have happened:

• There is a sudden increase in your phone or data bill with no clear reason.
• Your device has emails and messages in the sent folder that you did not send.
• The user interface changed without you taking any action to change it.

Contact your service provider for instructions on how to identify and remove malicious software.

Using public wireless networks

Public wi-fi 'hotspots' in places like cafés, airports, hotels and libraries are convenient but, unlike your home computer, use of public hotspots involves security compromises. It's easy for other users to intercept your data, so be careful about what information you send or receive while connected. Try and limit activity when connected to a public wi-fi network to web browsing and avoid banking or any other activities that involve user password access.

Avoid using hotspots that are run by people you do not know or trust. Criminals can set up hotspots known as 'evil twins' and 'rogue hotspots' to steal users' information.

Always try and use encrypted (password protected) networks.

Choose networks with WPA2 and WPA encryption if they are available as they are more secure than other types of security encryption.

Connect using the right network type

When you connect to a wi-fi network many devices will prompt you to select or identify the network type ('home', 'work' or 'public'). Always select 'public' when you connect to a public wi-fi network as this will lock down the connection more securely.

Use a virtual private network (VPN) if possible as they encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted.

If you can't connect securely using a VPN, avoid:

• online banking or shopping
• sending confidential emails
• entering passwords or credit card details unless you're using a secure website
• using passwords, credit card details, emails, online documents or social networking

If making sensitive transactions, only use secure websites and look for:

• https://     instead of      http://
• a locked padlock or key in the browser website address bar

Avoid sending or receiving valuable information when connected to public wi-fi networks

Where to get help

Find out more:

• Australian Communications and Media Authority (ACMA), mobile phone security
• The Office of the Privacy Commissioner, privacy and security of your mobile phone

Information from Department of Communications - Stay Smart Online

Phishing is an attempt to use a fake lure or bait to catch your username, password, credit card or banking details.

If you receive an email or an instant message from a bank, PayPal, eBay, WhatsApp, UNE, a government department  or someone you don’t know, asking you to login to a website or reply with personal details, be very careful. Most of these services will never ask you to confirm your information by email. If you are unsure, the best approach is to delete the message, go directly to the official website of the organisation and login from there rather than clicking any links in suspicious messages.

Spear Phishing is a more advanced, targeted attack. Spear Phishing emails might appear to be from a friend, colleague or a business you know. They might use your name or reference something you’ve recently done or a recent online purchase you’ve made. Spear Phishing attacks are personalised and well researched. They may use details you put online on Facebook, Twitter, Instagram or other social media sources to make it look like they know you and make you more likely to fall for their bait.  Recent spear phishing attacks at UNE have attempted to subvert normal business processes and trick the recipient into entering fraudulent transactions. Messages may appear to come from your supervisor, your lecturer or UNE administration, requesting that you perform some action. Sometimes, these requests can appear to be fairly harmless, but are in fact just one part of a much more complex and clever plan which includes multiple parts, often involving a number of victims.

How to spot a phishing message:

• wrong “From:” address - this might be similar to, but slightly different to what you’d expect, make sure you look closely
• use of hidden “Reply-To” headers, which alter the reply address. When you reply to the message, the address will be different to the from address shown in the original
• spelling errors, poor grammar and poor quality logos & graphics
• urgent calls to action - they might say “your account will be closed” or “urgent action required”
• requests for you to perform an unusual or non-standard action or business process or not follow normal procedures
• generic greetings - such as “Dear UNE User”, "Dear Member” or “Attention Customer”
• fake web links - they may have created a very convincing clone of the login page for the service they’re mimicking. Carefully check the address of any web page where you login

Useful links:

• https://staysmartonline.gov.au
• http://www.scamwatch.gov.au
• http://www.antiphishing.org

To retrieve messages headers from suspicious emails, follow the steps below:

Exchange:

Double click on the message to open it

Click on File at top left of window

Click on the Info icon

Select Properties

A new window will open – at the bottom of that window, you’ll see “Internet Headers”.  Select and copy the header information contained in the adjacent box and paste into a new email and send to

it-security@une.edu.au

Outlook Web Application:

Click on the message

On the top right hand side you’ll see three dots  …

Click on the three dots and select View message details

A new window will open

Select and copy the header information and paste into a new email and send to it-security@une.edu.au

AOL, Yahoo!, Gmail and more...

http://www.isipp.com/resources/email-headers/

What’s with all these annoying software updates?

They have a tendency to appear at the most inconvenient times, asking you to reboot just when you’ve got important things to do, but putting it off could be risky. Computer programs, applications and operating systems are all written by people, and people make mistakes.  Security holes & vulnerabilities, coding mistakes, software & hardware incompatibilities and other errors are frequently discovered after a program has been released to the public. In order to fix the program and make it safe for general use, the manufacturer might release a software update or ‘patch’.

Manually installing these updates at our leisure is not really good enough these days. We need to act much faster. In the days of Windows XP and Vista, automatic updates got a bad rap as they might reboot your machine at odd times of day and potentially cause system instability or application crashes. These days things generally seem to behave much better.

There are three main reasons to stay on top of your software updates:

1. To close security holes before the bad-guys exploit them
2. To fix coding errors and design mistakes
3. To enable new features

We highly recommend enabling automatic updates for your operating system. If you have a work PC connected to the UNE domain, this should happen automatically. For your home machine or personal PC, here’s how:

OSX: System Preferences -> App Store -> Automatically check for updates

Windows 7: Control Panel -> System and Security -> Turn automatic updating on or off

Windows 8+: Settings -> Change PC settings -> Update and recovery -> Choose how updates get installed

Don’t be scared of updates… be scared of unpatched PCs…

Keeping your online accounts secure and your privacy settings up to date might not be high on your list of priorities, but it really should be. Most of our online accounts like email, gaming and social media are really important to us and they can hold sensitive information like date of birth, passport copies, photos, bills and rental agreements.

You need to make sure you never lose access to those accounts. Here’s how:

• Do a privacy check up
• Set strong passwords and change them regularly
• Don’t share or reuse your passwords
• Keep your apps and software up to date
• Enable two-factor authentication - See www.authy.com for guides on how to enable this feature for popular online accounts.

Your password is the key to your online world!

You might think that you can trust someone else with your passwords, but how well do you really know that person?

Can you really be sure they won’t give your passwords to someone else because they trust that other person?

What happens if you have a falling out with someone you’ve given your passwords to – could they decide to be vindictive and access your accounts?

For incidents while on campus relating to UNE IT accounts and systems or dodgy emails and IT account compromises, contact the IT Support team.

For e-safety incidents like cyber bullying, online hate; or loss of devices like laptops or phones contact the UNE Campus Safety Centre, call 02 6773 2099.

For incidents while off campus or not relating to any UNE IT accounts and systems, contact the Armidale Police station at 96-98 Faulkner Street, Armidale or call 02 6771 0699

Public Wi-Fi is not SECURE
UNE provides secure WiFi - always use it when you’re on campus. When you’re off campus, be careful about the WiFi connections you use.  Always use a VPN and be aware of who can see your screen in coffee shops, airports and other public places.

Watch where you SURF
What you browse can compromise your device and get data stolen. Regularly update your web browsers and avoid installing unnecessary plugins. Bookmark your important or regularly used websites like email, myLearn, banking etc. Install the free UNE antivirus and regularly update it. Don’t save your passwords for on-line accounts in your browser!

BE UNIQUE. Passwords are easier to hack than you think!

• Make your information secure by creating a password that’s complex to all yet memorable to you!
• Don’t forget to use special character in your password eg ! @ # $ , & *
• Don’t reuse or share your passwords.

Beware what you SHARE
What you share can make you a target. Avoid sharing too much personal information on social media. Your information is valuable to cyber criminals.

Always CHECK before you CLICK
Don’t help others to steal your information. Targeted emails from hackers will look legitimate at first glance. Make sure the email is genuine before you click any links.

Attackers will take your human nature and turn it AGAINST YOU
Don’t be tricked into giving away personal and UNE information over the phone. Don’t answer any questions until you can independently verify who you are talking to.

Don’t leave your devices unattended and always lock your screen
Unlocked computers will allow someone to access information and files, send email from your account, access your personal information and install malware. Unattended devices can easily be stolen – don’t help thieves. When in a public place, keep your devices with you at all times.

#StopAndThinkBeforeYouAct