It’s already October and it would be easy to ask where has the year gone?
But we’re pretty excited because this month, the world is celebrating National Cybersecurity Awareness Month.
We are hearing almost every day in the news about the latest breach or hack (not to mention the foreign prince who wants to marry me). So it’s time to brush up on some good practices around passwords, data protection and your online identity.
‘Too hard basket’ you say? Not now we’ve found the perfect place to start with some easy basics: Australia’s Stay Smart Online website.
Tips to protect yourself online
This isn’t just for your desktop, don’t forget you need to protect all your devices: laptop, mobile, tablet.
- Use different, strong, hard-to-guess passphrases on all your devices.
- Don’t arbitrarily mix letters, numbers and symbols to make a password. Instead, create passwords that are more memorable.
- Don’t use your street address or numeric sequences such as 1234567.
Protect your stuff
- Griffith students get free anti-virus software, so download or update it now!
- Install adequate firewalls.
- Set a password or pin; make sure they are different.
- Install reputable anti theft/loss protection—your device’s retailer or service provider can provide recommendations.
- Use your device’s automatic update feature to install new applications and operating system updates as soon as they are available.
- When you get rid of a computer or device, make sure you have removed all your personal data and try to clean the hard drive.
Be cautious with emails
- Be suspicious of emails from people you don’t know or that look unusual—it may be spam email with malicious software attached.
- Don’t share your email address online unless you need to and consider setting up a separate email address just to use for online forms or shopping.
- As much as possible, have separate email accounts for personal and business use.
- Use a spam filter to catch dangerous messages before they get to your inbox.
- Delete spam messages without opening them and never reply to them.
- Do not open any attachments if the source of the message is unknown or suspicious—do not enable macros on documents from an untrustworthy sender.
- Protect your wireless connection with a strong password.
- Make sure remote management on your modem or router is disabled.
- If you are using public wifi, make sure your computer has its firewall enabled, your software is up-to-date and you have a good anti-virus program installed.
- Don’t use public wifi for sending sensitive emails, accessing your online banking or using your credit card while connected (and make sure your apps with this information are closed).
You can also visit Griffith University’s Cybersecurity website for more info and tips.
As a uni student, your computer possibly contains 1353 words of your essay due next week (eeek!) and three gazillion gigabytes worth of photos from your entire life (well, this semester anyway).
With great love comes great responsibility. You need to take care of your computer so it doesn’t catch a virus.
According to PC Mag: ‘The effect of the virus may be a simple prank that pops up a message on screen out of the blue, or it may destroy programs and data right away or on a certain date. For example, the famous Michelangelo virus contaminated the machine on Michelangelo’s birthday’ (PC Mag Encyclopedia).
The sad face emoji isn’t sad enough to express how crummy it would be to lose all the data on your computer.
So, what can you do to protect against these viruses? Well, most importantly, ensure you have anti-virus software installed on your computer!
As a Griffith student, you can download Symantec Endpoint Protection through our Software Download Service for free. Yes, it’s free! So there’s no excuse not to do it.
Just follow our instructions to access the Software Download Service, select the Symantec Endpoint Protection folder and your operating system, and run the executable file.
If you want further protection, you could also download Norton 360 or Norton Internet Security. While these incur a fee, Griffith Students get 50% off, and we reckon that’s an alright saving! You can find out more about Norton Student Savings here.
Once you’ve gotten your anti-virus software sorted, there are a few more things to you can to do protect against computer viruses, so check out our post on how to secure your virtual world, and keep yourself protected online.
Where would we be without modern technology?
Probably getting lost a lot more frequently (no Google Maps to save us), not nearly as connected socially, likely going outside more often, and we’d have a lower chance of developing arthritis in our hands from excessive texting.
Modern technology helps us stay connected and on top of things. But just as fast as technology is evolving, hackers and cyber security threats are evolving too.
Now, we don’t suggest you put on a tin-foil hat and revert to using an old Nokia block phone. But you do need to be mindful of information security threats.
WhatsApp is a useful app; it allows us to easily stay in contact with friends around the globe. You know what’s not so great though? When things go wrong and a phising scam steals your bank details and personal information.
A new scam sent by an unofficial ‘The WhatsApp Team’ claiming ‘your subscription will be ending soon’ is currently in circulation.
The fake message warns that in order to continue to use the service, you need to update your payment information. The email includes a link for victims to sign in to a customer portal and update their details.
Warning: it’s a trap! If you follow this link, your personal and financial details can be exploited by cyber criminals.
So, if you receive this message – ignore and delete!
And stay safe: online, in bed, on the roads, in general.
Find more information at the Stay Smart Online page.
You shop online using PayPal with complete confidence, don’t click on funny looking attachments, and are pretty certain that no, that Nigerian prince does not want to marry you.
You may think, ‘yeah, cyber hacks happen, but I’m careful, so they won’t happen to me.’ But, we ask you, please: be vigilant like Batman. Make your cyber world Batman’s Gotham City.
Recently, a cybersecurity researcher discovered a ‘spambot’ (tool for sending spam), comprising of an open and accessible server in the Netherlands which contains 711 million credentials including email addresses, some with passwords, collected from various data breaches.
Obviously you want to be like Batman (who wouldn’t?), so of course, you should be vigilant and check that your email address isn’t on this list.
It’s easy too – just visit Have I been Pwned and type in your email to check.
We’re also quite aware that it’s the 21st century, and most people have more than one email (personal, uni, your old hotmail from high school with a username you’d like to forget). Again, be vigilant – check them all!
Griffith is being vigilant too. Our Cybersecurity team has investigated and no Griffith University system has been compromised in this attack. However, a number of Griffith University email addresses were found on the Spambot list.
What does this mean? Basically, your Griffith account should be safe, unless you are in the habit of using the same password for Griffith systems as you use for external sites such as LinkedIn, Facebook, web forums etc, or are in the habit of reusing the same password or a small group of passwords in rotation over and over again.
If this is the case and you do use the same password at Griffith as you do for other non-Griffith systems, please change your Griffith password immediately.
For more information on how to stay safe online, check out our Cyber Security webpage.
Having different passwords for different sites is one way to keep your personal and financial information safe online.
But there are so many sites that require you to login with a password. How do you keep track of all them? Well, one easy way to remember all your passwords is to create a master password.
The master password should be a combination of letters and numbers e.g. mpie2r (my password is easy to remember).
You then modify the master password for each site. So, your password for Pinterest might be mpie2rpin while your password for Tumblr might be mpie2rtum.
Having a strong password is another way to keep your information secure. You may choose an obvious password like ‘password’ or ‘123456’ because it’s easier to remember and you don’t think you’ll be hacked.
But it could happen. Spend a few extra minutes creating a secure password that will deter hackers. The safety of your personal and financial information is well worth the effort.
Another way to maintain your security online is to avoid opening spam and clicking on random links. Some spam is incredibly well disguised but chances are:
- You haven’t won $1000000 in a lottery fund
- That Nigerian prince who wants your bank details is not a prince
- Your bank won’t request your password or account details online
When you lend your mobile device, did you know you’re also sharing your internet account, email and Facebook?
And do really want to give your study buddy access to your Facebook account? They’ll just post cringe-worthy selfies from your camera roll or startling revelations about your embarrassing celebrity crush (which is obvs completely false).
Or even worse. They could use up all your internet data to watch cats being funny on YouTube. Which is fine, but only if you got to see the furry feline shenanigans as well.
How does this happen? Well, you’re connected to the Griffith Wi-Fi on your mobile device, right? You’ll notice that once you’ve signed in, you are never asked to sign in again. You will be logged in and out of Internet access automatically as part of the Griffith Single Sign-on feature.
This means that when you share your mobile phone, tablet or laptop with your classmate, all their internet use will be billed and logged against you!
And don’t forget, you’re probably logged into all your social media and email accounts as well.
Which means they can not only post to your Facebook (as you), but also to Snapchat, Instagram and Twitter. And just for kicks, they could swipe right for all of Tinder.
Now, your friends and classmates are probably too responsible to be irresponsible with your digital life. They would never prank post on your social media, use all your internet data, or mess with your email.
But if they do. Just remember, we told you so.
There has recently been a spate of fake library system notices sent to Griffith University staff and students which attempt to steal your username and password and potentially other personal information.
While there are a few variations of the email, most have the Subject: ‘Library Notifications’ and have a falsified From: address of ‘email@example.com’.
The body of the email contains a claim that your library account access will expire soon due to ‘security precautions established to protect the University Libraries System’. It will tell you that you need to ‘renew your library account on a regular basis’ and to click on the given link.
Clicking on the link takes you to a malicious website, crafted to look exactly like Griffith’s Single Sign-On (SSO) Login page. This site is able to steal any username and passwords entered.
If you believe that you may have entered your login details on the fake login page, please change your Griffith password immediately.
Here are some tips on spotting bogus emails:
- Does the address of the sender seem real? Quite often phishing emails have a real looking name but the email address itself is a free email service rather than a Griffith address.
- Is the email full of errors? While we all make the occasional spelling and grammatical errors, bogus emails tend to have a lot of errors in only a few sentences.
- Does the email demand you click on a link and login to something immediately, otherwise you’ll lose access? They’re deliberately worded to make you curious or worried so you click on the link without thinking twice.
- Is the email from a completely unexpected source? If you’ve not entered a lottery or competition, you cannot have won.
Please forward any suspicious emails to the Information Security team.