What you can do

Here are some things you can do to help yourself and your online security...

Computers

The internet is part of everyday life, at home, work and school. It's important to be safe when online and to secure your computers and servers properly, otherwise you may be putting your home finances or business at risk.

If malicious software infects your computer equipment it can corrupt your files and can allow others to access your confidential business information.

You can help reduce the risks by having up-to-date security software installed and activated, securing your internet connections and services and understanding and managing the emails and files you receive or download.

Backing-up your data can also help you recover your information if a virus destroys your files, or if your computer is stolen or damaged.

Find out how to safely:

  • Use online telephoning (VoIP)

    • VoIP threats
    • Minimising security threats
  • Back-up your data

    • Comparison of back-up options
    • Frequency and types of back-ups
    • The benefit of multiple back-ups
    • Disaster recovery and back-ups
    • Develop a back-up strategy
  • Share files

    • Sending and receiving files via email
    • Sending and receiving files via portable storage devices
    • Peer-to-peer file-sharing networks
  • Update software

    • Updates for Windows
    • Updates for Apple
    • Updating anti-virus and plugins
    • Updating security software
    • Anti-virus features
  • Secure your internet connection

    • Secure your wireless network
    • Protect your web browser
    • Cookies and security
    • Access security settings on your browser
  • Secure your computers

    • Secure your servers
    • Secure your equipment
    • Firewalls
    • Remotely accessing your network
    • Secure your network
    • Secure your remote access
  • Information provided by Department of Communications - Stay Smart Online

    Social Media

    Online forums, messaging, and social media sites are great for socialising with friends and family, sharing photos and videos, and expressing yourself and being creative.

    Unfortunately there are people who use social media to:

    • embarrass, harass or attack others
    • steal personal information and identities.

    To get the most out of social media you sometimes need to provide personal information. However, it's important to be careful about what information you put online and who you allow to see it.

    Remember: social media sites allow you to control the types of information you share online and how you interact with others.

    Using social media safely

    Here are some steps to help protect you when using social network sites.

    • Read and understand social networking privacy settings, be aware of what you share and who you are sharing it with.
    • Ensure you read and understand any terms and conditions before accepting and agreeing to them.
    • Protect your accounts with strong passwords.
    • Think before you post—people other than your friends and family may see what you post online.
    • Think before you click—remember that it can be difficult or impossible to remove posted photos or information after the event.
    • Be careful posting information that could compromise your or others the security, such as:
      • date of birth
      • address
      • information about your daily routine
      • holiday plans
      • your children's schools.
    • Consider turning off geolocation features in social networking apps.
    • Don't post inappropriate photos of you or your family and friends, and always seek permission before posting a picture of someone else.
    • Never click on suspicious links, even if they are from your friends, as their social media account may have been hacked.
    • Be wary of strangers as people are not always who they say they are.
    • Never access social networking by clicking a link in an email or other website.
    • Don't use social networking sites that do not offer any privacy settings or that enable users to contact each other anonymously.

    Check the site's privacy policy

    Read the website's privacy policy before you sign up.

    Legitimate social networking sites will have a privacy statement that tells you how they collect and use your information and when and how they might disclose this information either through the website or to third parties.

    • Some sites may share your information, such as email addresses or user preferences, with third party businesses, that may send you spam.
    • Locate the sites' policies for handling referrals to make sure that you do not accidentally sign your friends up for spam.
    • Privacy policies can change. In many cases by continuing to access or use the services after those changes become effective, you agree to be bound by the revised privacy policy. You should regularly review privacy policies and review how much information you reveal in your profile.
    • If you use applications or sign up for games inside the website, remember to read the individual privacy policy. Do not assume that they will have the same policy as the parent website.

    Some online games' privacy policies specifically state that they can use your and your friends' information in whatever way they like if linked to your social media accounts.

    Be careful how much personal information you share online

    Once information is online, it is difficult to remove it completely. Even if you remove information from your profile, saved or cached versions may still exist on other computers.

    • Adjust your privacy settings to control the amount and type of information you share, and who can see what parts.
    • The photos, comments and messages that you share could be seen by anyone, and are not always removable if you change your mind.
    • Do not post information that would make you or your family vulnerable (for example your date of birth, address, information about your daily routine or holiday plans). This information can be used by criminals to commit identity theft, or to stalk and harass you.

    Be careful when sharing your opinion online

    Be careful about what you say about others online. Posting something rude, offensive or derogatory about another person or business in a public forum can have consequences. Once you post a comment it can be difficult to remove all record of it. Comments you make may be used as legal evidence.

    Many companies check to see if job applicants have online profiles. Be aware that the photos and information you share with your friends may not be what you want a prospective employer to see. 

    Be wary of strangers

    Remember people are not always who they say they are online.

    • If you are 'friends' with people you do not know, be careful about the amount of information that you reveal and take care if choosing to meet them in person.
    • Use your social networking site's privacy settings to limit their access to your information.

    Watch out for phishing emails

    Emails pretending to be friend requests from social networking sites try to direct people to fake versions of these websites. These fake websites may contain malicious software that could steal your personal information and infect your computer.

    Protect yourself from phishing emails

    • Before you click on a link in an email, hover over the link and check the destination URL address. Is it going where you expect it to?
    • Always type your social networking website address into your browser or access it through a trusted app on your phone.

    Protect your accounts with strong, unique passwords

    Your profile in social networking sites often include information that could be used to steal your identity (for example open a bank account or credit card in your name), such as your date of birth, your phone number and your work and study history.

    Never use the same password that you use for your email account. This reduces the chances of a hacker logging in to your account.

    Have a different password for each social networking site so that if one password is stolen, not all of your accounts will be at risk.

    Where to get help

    Issue Contact
    Fraudulent use of your identity
    • Your social networking service provider
    • Your local police
    • ACORN.
    Bullying or harassment
    Sexual exploitation or other criminal activity
    • your local Police
    • CrimeStoppers: 1800 333 000.
    Information about socialising online Easy guide to socialising online.

    Find out more:

    Information provided by Department of Communications - Stay Smart Online

    Mobile Devices

    Mobile devices like smartphones and tablets are basically small portable computers. Just like your computer at home they can be hacked, infected with a virus and, if unsecured, provide access to your personal information.

    Protect yourself and your mobile device

    Keep your mobile device with you at all times. Remember if your mobile device is unsecured and it is lost or stolen:

    • It could be used to access your money or to steal your identity using information on your device.
    • You may have lost irreplaceable data (if it is not backed up).
    • It may provide access to your social media accounts which could enable someone to pose as you, or steal your identity using your profile information (such as your date of birth and photo).
    • Someone may use your phone or its Subscriber Identity Module (SIM) card and rack up telephone charges to your account.

    Remember your smartphone or tablet is a mini-computer and you need to protect and secure it just as you would you home or laptop computer. Treat your smartphone like your wallet; keep it safe and with you at all times.

    Secure your mobile device

    • Turn on the security features of your device – all devices have them. Contact your manufacturer or service provider for instructions, or look them up online.
    • Set a password or Personal Identification Number (PIN) that must be entered to unlock the device and put PINs on your SIM card and voicemail.
    • Install reputable security software – your device's manufacturer can provide recommendations.
    • Update your device's operating system as soon as new updates are available. Set them to update automatically when connected to wi-fi to keep data costs to a minimum.
    • Leave your Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it. When connecting using Bluetooth, do it in private, uncrowded areas only.
    • Use encrypted wi-fi networks that require a password and ensure your device does not automatically connect to new networks.
    • Record the International Mobile Equipment Identifier (IMEI) of your handset, a 15 or 17 digit number usually printed on a label under the battery. If your device is lost or stolen, you can report this number to your provider and they can block the handset from being used.
    • Use remote tracking (via GPS) and enable the locking and/or wiping functions, if your device supports them.

    Secure your information

    • Back up your data regularly, either when you synchronise it with a computer or on a memory card.
    • Do not save passwords or PINs as contacts on your phone.
    • Avoid online banking over public wi-fi or in busy public areas. Passers-by could be watching what you are typing (known as shoulder-surfing).

    Using applications (apps) on mobile devices

    Many apps have the ability to collect and transmit data from your device about your personal information, location, contacts and messages. You can control the personal information accessed by an app by choosing permissions when you install it.

    Be careful of downloading hoax or malicious software that could contain a virus or malware. Always source your apps from reputable providers and check the feedback other users leave. If you are unsure why an app needs access to your contacts, calls, photos or location, see if there is a different app available that has the same functionality that you need.

    Be smart about how and where you use your mobile device

    • Stick with reputable sites and applications when downloading anything from the internet.
    • Do not download content, particularly applications, from unknown or unreliable sources. They could contain malicious software.
    • Turn GPS settings off when not in use as this can be used to track your location.
    • Log out of websites when you are finished.
    • Think before you click. Do not open anything unless you are expecting it and it is from a trusted source. It could contain malicious software or take you to a malicious website.
    • Change your settings so that your device asks permission to join any new wireless networks.

    Protect against malicious software (malware)

    Viruses, spyware, trojans and worms are all types of malware. Malware is software designed to be installed into a computer system to cause harm to the user or others.

    Malware can track your movements in the real world and steal information (including passwords) for the purposes of identity theft or crime.

    • Watch out for prompts or warnings asking if you want to allow software to install or run. If you don't know what it is, don't accept the prompt.
    • Avoid 'rooting' or 'jailbreaking' your device. Rooting or jailbreaking involves intentionally bypassing software restrictions in the device to get additional flexibility or functionality, but it also bypasses security restrictions and exposes your device to malware threats.
    • Only use legitimate app stores. Avoid 'side loading' from third party app stores, as these are more likely to harbour malware (even in seemingly legitimate apps).
    • Check app permissions. When an app is installed it has to ask the user for 'permission' to use specific types of functionality. Consider whether you want that app to have access to your information.
    • Keep a close watch on your billing information. Some malware makes money for scammers by sending SMSs from your device to premium-rate numbers. Contact your carrier immediately if you see any unexpected activity on your account.

    Symptoms of malicious software infections

    Your device may have been infected with malicious software if any of the following things have happened:

    • There is a sudden increase in your phone or data bill with no clear reason.
    • Your device has emails and messages in the sent folder that you did not send.
    • The user interface changed without you taking any action to change it.

    Contact your service provider for instructions on how to identify and remove malicious software.

    Using public wireless networks

    Public wi-fi 'hotspots' in places like cafés, airports, hotels and libraries are convenient but, unlike your home computer, use of public hotspots involves security compromises. It's easy for other users to intercept your data, so be careful about what information you send or receive while connected. Try and limit activity when connected to a public wi-fi network to web browsing and avoid banking or any other activities that involve user password access.

    Avoid using hotspots that are run by people you do not know or trust. Criminals can set up hotspots known as 'evil twins' and 'rogue hotspots' to steal users' information.

    Always try and use encrypted (password protected) networks.

    Choose networks with WPA2 and WPA encryption if they are available as they are more secure than other types of security encryption.

    Connect using the right network type

    When you connect to a wi-fi network many devices will prompt you to select or identify the network type ('home', 'work' or 'public'). Always select 'public' when you connect to a public wi-fi network as this will lock down the connection more securely.

    Use a virtual private network (VPN) if possible as they encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted.

    If you can't connect securely using a VPN, avoid:

    • online banking or shopping
    • sending confidential emails
    • entering passwords or credit card details unless you're using a secure website
    • using passwords, credit card details, emails, online documents or social networking.

    If making sensitive transactions, only use secure websites and look for:

    • https:// instead of http://
    • a locked padlock or key in the browser website address bar.

    Avoid sending or receiving valuable information when connected to public wi-fi networks

    Wi-fi Website Recommended activities
    Public and unsecured Unsecured Low risk activities:
    • web browsing
    • reading online news
    Public and unsecured Encrypted Moderate risk activities:
    • logging onto subscription websites.
    Public and secured with WPA Encrypted High risk activities:
    • email
    • online documents
    • social networking.
    Private and secure Unsecured or Encrypted Highest risk activities:
    • online banking
    • PayPal
    • using credit cards.

    Where to get help

    Issue Contact
    You believe you have been a victim of a virus or malware attack Your local computer repairer or computer supplier
    Your device has been lost or stolen
    • your phone or internet carrier
    • your local police station.
    You are looking for more information on securing your mobile device Your device manufacturer's website, Whirlpool or other discussion forums
    Information on recent threats Sign up to the free Stay Smart Online Alert Service

    Find out more:

    Information from Department of Communications - Stay Smart Online

    Phishing

    Phishing is an attempt to use a fake lure or bait to catch your username, password, credit card or banking details. 

    If you receive an email or an instant message from a bank, PayPal, eBay, WhatsApp, UNE, a government department  or someone you don’t know, asking you to login to a website or reply with personal details, be very careful. Most of these services will never ask you to confirm your information by email. If you are unsure, the best approach is to delete the message, go directly to the official website of the organisation and login from there rather than clicking any links in suspicious messages.

    Spear Phishing is a more advanced, targeted attack. Spear Phishing emails might appear to be from a friend, colleague or a business you know. They might use your name or reference something you’ve recently done or a recent online purchase you’ve made. Spear Phishing attacks are personalised and well researched. They may use details you put online on Facebook, Twitter, Instagram or other social media sources to make it look like they know you and make you more likely to fall for their bait.  Recent spear phishing attacks at UNE have attempted to subvert normal business processes and trick the recipient into entering fraudulent transactions. Messages may appear to come from your supervisor, your lecturer or UNE administration, requesting that you perform some action. Sometimes, these requests can appear to be fairly harmless, but are in fact just one part of a much more complex and clever plan which includes multiple parts, often involving a number of victims. 

    How to spot a phishing message:

    • wrong “From:” address - this might be similar to, but slightly different to what you’d expect, make sure you look closely
    • use of hidden “Reply-To” headers, which alter the reply address. When you reply to the message, the address will be different to the from address shown in the original
    • spelling errors, poor grammar and poor quality logos & graphics
    • urgent calls to action - they might say “your account will be closed” or “urgent action required”
    • requests for you to perform an unusual or non-standard action or business process or not follow normal procedures
    • generic greetings - such as “Dear UNE User”, "Dear Member” or “Attention Customer”
    • fake web links - they may have created a very convincing clone of the login page for the service they’re mimicking. Carefully check the address of any web page where you login

    If you think you’ve received a phishing email please report it by forwarding the message to servicedesk@une.edu.au

    Useful inks:

    https://staysmartonline.gov.au

    http://www.scamwatch.gov.au/

    http://www.antiphishing.org/

    Collecting Email Headers

    To retrieve messages headers from suspicious emails, follow the steps below:

    Exchange:

    Double click on the message to open it

    Click on File at top left of window

    Click on the Info icon

    Select Properties

    A new window will open – at the bottom of that window, you’ll see “Internet Headers”.  Select and copy the header information contained in the adjacent box and paste into a new email and send to

    it-security@une.edu.au

    Outlook Web Application:

    Click on the message

    On the top right hand side you’ll see three dots  …

    Click on the three dots and select View message details

    A new window will open

    Select and copy the header information and paste into a new email and send to it-security@une.edu.au

    AOL, Yahoo!, Gmail and more...

    http://www.isipp.com/resources/email-headers/

    Software Updates

    What’s with all these annoying software updates?

    They have a tendency to appear at the most inconvenient times, asking you to reboot just when you’ve got important things to do, but putting it off could be risky. Computer programs, applications and operating systems are all written by people, and people make mistakes.  Security holes & vulnerabilities, coding mistakes, software & hardware incompatibilities and other errors are frequently discovered after a program has been released to the public. In order to fix the program and make it safe for general use, the manufacturer might release a software update or ‘patch’.

    Manually installing these updates at our leisure is not really good enough these days. We need to act much faster. In the days of Windows XP and Vista, automatic updates got a bad rap as they might reboot your machine at odd times of day and potentially cause system instability or application crashes. These days things generally seem to behave much better.

    There are three main reasons to stay on top of your software updates:

    1. To close security holes before the bad-guys exploit them
    2. To fix coding errors and design mistakes
    3. To enable new features

    We highly recommend enabling automatic updates for your operating system. If you have a work PC connected to the UNE domain, this should happen automatically. For your home machine or personal PC, here’s how:

    OSX: System Preferences -> App Store -> Automatically check for updates

    Windows 7: Control Panel -> System and Security -> Turn automatic updating on or off

    Windows 8+: Settings -> Change PC settings -> Update and recovery -> Choose how updates get installed

    Don’t be scared of updates… be scared of unpatched PCs…

    Request IT HelpTeam Viewer Remote SupportAtomic Learning