51³Ô¹Ïapp

Cyber security programs

Discover the deliverables of both the Resilience and Enablement programs.

Personalise
Data Center Programmer Using Digital Laptop Computer

In response to an ever-evolving cyber threat landscape, UNSW IT Cyber Security identified the need for a program of work to conduct an extensive capability uplift in the way that the University protects the systems and data of staff, students, academics, and researchers.ÌýThe program engages with University stakeholders directly to help foster a cyber-aware culture to prepare the University to respond to cybersecurity threats.

A Resilience Program operated between late 2021 and early 2024, delivering an uplift across technology, controls, and processes that improved the cyber resilience of the University. Please refer to the Resilience Program section below for a summary.

Aligned to the UNSW IT Cyber Security Strategy, from 2024 the program will focus on enabling the University to strengthen processes, comply with cyber policies and standards, and implement further improvements in cyber technology and controls.ÌýPlease refer to the Enablement Program section below for more information.

We welcome feedback by emailÌýor join ourÌýÌýto stay in touch.Ìý

  • The governance of the Cyber Security Program is overseen by the UNSW IT Portfolio Steering Committee - Cyber, Data & Innovation. Our Sponsor is the UNSW IT Chief Information Officer (CIO), and our Business Sponsor is the Director of Cyber Security and Chief Information Security Officer (CISO).Ìý Refer to the .

  • The Organisational Change Management sets the approach and principles for managing change. The Program OCM team works with:

    • across the University where leader-led support is required, and to supplement the IT Partner engagement channel.
    • The to ensure impacts and support are understood by the partners and the key areas that they represent.
    • The to ensure support is informed and capable for each project implemented.

    Our Program OCM Team also utilises the EPMO's to provide early awareness for Faculty Executive Directors, Faculty Operations Managers, Divisional Operations Managers, and other key executives.ÌýÌý

    If you have any questions, reach out to your respective IT Partner or email the cyber security program.

    Ìý

Enablement Program

Starting in Q2 2024 the Cyber Security Enablement Program will commence work to strengthen cyber processes and implement further technology improvements.

The Program will assist Business Owners to remediate gaps where a UNSW IT Service exists. It will also introduce cyber technologies, improved controls, and enhance processes to better protect the University data and information systems.

Refer to the;

  • Overview and TimelineÌýsection for the approved planned initiatives timeline and overview, or the
  • Enablement ProjectsÌýsection for inflight project information.

Enablement Program logo

Enablement projects

The following inflight projects have an end-user impact. Please refer to the Overview and Timeline section for a high-level view of all projects and impacts.

  • For a high-level overview of all Enablement Program projects, timelines, and high level impacts refer to:


  • 2024

    • May - (from Resilience to Enablement)
  • Per the Cyber Data Loss Prevention Strategy and Roadmap, the Program will design, build, and implement foundational Data Loss Prevention (DLP) policy controls and a DLP operating model to provide coverage for UNSW's Microsoft 365 Cloud Platform. This will uplift and improve the University's overall data security posture for in-scope business domains.

    The project will identify the in-scope business domains and engage with key stakeholders.Ìý

    If you would like to learn more, please contact ourÌýProgram.

    Ìý

  • In line with the Email Security Strategy and Roadmap, the program will procure and implement a strategic email security solution to serve as UNSW’s email security platform incorporating a Security Email Gateway, integrated cloud email security, and email data protection functionalities. The solution will:

    • Mitigate risks associated with business email compromise.
    • Implement behavioural protection measures.
    • Prevent account takeovers.
    • Safeguard against supply chain compromises.Ìý

    The Program is currently finalising requirements and selection criteria for shortlisted vendors against UNSW’s comprehensive set of email security solutions’ service and functional requirements.Ìý

    Once the procurement of a technology and supplier is finalised, the program will stand up a project team to plan the implementation and operationalisation of the service with a change and communications approach developed to embed the service.

    If you would like to learn more, please contact our Program.

  • A centralised Web Application Firewall (WAF) service will be implemented to manage and protect UNSW’s internet-facing web applications and services from a wide range of cyber threats. WAF acts as a protective barrier between web applications/services and the internet: mitigating vulnerabilities, preventing attacks and cross-site scripting as well as providing a defense against bot traffic and zero-day exploits.Ìý Additionally, WAF onboarded web applications gain content delivery network benefits.

    The Program will deliver WAF in two phases:Ìý

    1. Procurement and implementation of the core platform with service operationalisation (processes) and rollout approach being developed.Ìý
    2. Onboarding (rollout) of agreed UNSW internet-facing web applications and services to the WAF service.

    If you would like to learn more, please contact our Program.

  • The Cyber Security Enablement Program is conducting a current state exercise to identify and document current processes where validation of identities occurs. The result will be a clear understanding of where and how identity validation occurs so that a future centralised identity validation process can be proposed.Ìý

    Workshops are being held during August with a small number of key stakeholders aware of processes in their area where occurs.

    If you would like to learn more, please contact our Program

  • Privileged Access Management (PAM) is designed to protect, control, and manage privileged accounts and credentials within UNSW. It offers a secure, centralised vault to store sensitive information, such as passwords for non-human privileged access accounts, while ensuring that access to these is granted only to authorised personnel. With advanced features like access control, auditing, and automated password rotation, PAM enables UNSW to maintain a strong security posture, reduce the risk of data breaches, and comply with University cyber security policies and requirements.

    In Q1 2024, the Program undertook a current state reassessment of PAM licensing and utilisation resulting in a new PAM licensing model, enhanced (existing) operating model, and strategy.Ìý

    Starting in June 2024, the Program will extend the PAM service to and:

    • Engage with Business Owners, Service Owners, and their SMEs (subject matter experts) to provide an overview and commence the onboarding of their .
    • Identify holders of as part of the onboarding process.

    Refer to PAM for information and support materials.Ìý

    If you would like to learn more, please contact the PAM project team

  • With the establishment of a Policy Framework and the completion of a Gap Assessment against the Framework's policies and standards, Business Owners were provided with Cyber Security Compliance Reports.Ìý

    The Program will work with Business Owners, Service Owners and their SMEs to plan and execute one or more remediation activities as per the UNSW IT offered services:

    • Endpoint Detection & Response
    • Security Event Logging
    • Vulnerability Scanning
    • Penetration Testing
    • Single Sign On & Multi-Factor Authentication
    • Vendor Regulatory Compliance
    • Software Asset Management

    If you would like to learn more, please contact our Program.

Resilience Program

The Program commenced in 2022, and for the next two years focused on improving the University's resilience to the threats posed by cybercrime groups and nation-states.Ìý

Since its inception in late 2021 the Program, and the broader Cyber Security team, have successfully implemented a diverse range of technologies, and operational capabilities designed to protect our information resources and respond to these threats; including multi-factor authentication, endpoint detection and response, hybrid security operations centre (SOC) and the establishment of the Cyber Security Policy Framework. These, and other enhancements, have enabled the University to avoid significant cybersecurity incidents and data breaches during a period of unprecedented threats.

While the Program's success resulted in improvements to our digital attack surface score, and the ability to secure and retain our cyber security insurance cover, the overall success is best reflected by the increased (average) cyber security control maturity for our University rising from 1.9 to 2.6 by the end of 2023.

  • For a high-level overview of all program projects, timelines, and high-level impacts refer to:

    Otherwise, refer to the below Resilience projects that have an end-user impact.

  • 2024
    • May -ÌýÌý(introduction of CyberPolicyHub)
    • February -Ìý
    • January -Ìý
    2023
    • NovemberÌý-ÌýÌý
    • October -ÌýÌý
    • JulyÌý-Ìý
    • May - VC Message:ÌýÌý
    • April -ÌýÌý
    • February -Ìý
    2021-22Ìý
    • VC Message:ÌýÌý
    • Ìý
    • VC Message:Ìý
  • The following completed projects had an end-user impact. Please refer to the overviewÌýfor a timeline of all delivered Resilience projects andÌýhigh-level impacts.

    • In 2022 an external assessment was undertaken that identified UNSW websites (IP addresses and domains) with vulnerabilities. Depending on the nature and severity of the vulnerability, remediation can happen in a few different ways. It may involve patching or updating software, configuring firewalls or other security controls, restricting access to certain assets, or decommissioning obsolete systems or applications.Ìý

      The Program is working on identifying high-priority UNSW website owners and technical teams to provide recommendations for remediation activities to close out vulnerabilities and reduce the likelihood of them being exploited. This project is expected to close by end of May.

      If you would like to learn more or are a UNSW website owner, please contact ourÌýProgram.

      Ìý

    • ISO (International Organisation for Standardisation) 27001 is a globally recognised standard whose focus is to protect the confidentiality, integrity, and availability of information in an organisation.Ìý

      By Q2 2024, the Program will facilitate the compliance and certification of UNSW's Information Security Management System (ISMS) againstÌý. With the Cyber Strategy & Governance team, the Program will undertake a gap analysis, risk assessment, documentation, and audit accreditation with involvement from other key areas of the University.

      ISO 27001 badge

      By Q2 2024, the Program will facilitate the compliance and certification of UNSW's Information Security Management System (ISMS) againstÌý. With the Cyber Strategy & Governance team, the Program will undertake a gap analysis, risk assessment, documentation, and audit accreditation with involvement from other key areas of the University.

      What are the benefits of ISO27001 certification?

      Achieving the globally recognised certification for information security will allow the University to demonstrate to third parties that it has a mature information security governance and risk management practice.
      ISO27001 Audit

      To achieve certification, the University must undergo an audit performed by an independent body. The independent body provides a certificate if ISMS meets specific requirements under ISO27001. As part of the ISO27001 audit, those within the ISMS must understand the ISO27001 objectives, what the ISMS is, and their role within it.Ìý

      For more information, please visit theÌýÌýwebpage andÌýÌýsection.Ìý

      Ìý

    • With the Cyber Security Policy Framework established, theÌýProgram extended theÌýÌýfunctionality to include a searchable policy directory namedÌýCyberPolicyHub.Ìý

      CyberPolicyHub will be a central directory of the Cyber Security Policies, Standards, and Guidelines designed to support Business Owners, Information Service Owners, and Technical SMEs (subject matter experts) to understand their cyber security obligations for their UNSW information resources.Ìý

      Within theÌýÌýyou can search for relevant cyber security clauses using your role, asset type, and relevant topics.Ìý

      To learn more, please refer to theÌýÌýwebpage for services provided.

      Ìý

    • Together with Business Owners, the Program has continued to identify and migrate applications to the Azure SSO (Single Sign-On) platform for single sign-on functionality. SSO applications enable Multi-Factor Authentication (MFA), via a seamless login, and provide an extra level of protection.

      Since 2021, the Program has:

      • WorkedÌýwith IT and Business Owners to build an Azure Application Proxy capability for critical legacy applications: SIMS, and NS Financials.
      • EngagedÌýwith Business Owners to discuss the suitability of their targeted medium to high cyber risk-rated applications being onboarded to SSO, especially if their application has had a gap identified against the Cyber Security Framework.


      From 2022 to April 2024, 243 applications have been onboarded to SSO. This work will continue, and form part of the new Cyber Security Enablement Program deliverables.

      Refer to theÌýÌýwebpage for more information or toÌýÌýto the Azure SSO platform.

      If you would like to learn more, please contact ourÌýProgram.Ìý

      Ìý

    • Together with Business Owners, the Program has continued to identify and migrate applications to the Azure SSO (Single Sign-On) platform for single sign-on functionality. SSO applications enable Multi-Factor Authentication (MFA), via a seamless login, and provide an extra level of protection.

      Since 2021, the Program has:

      • WorkedÌýwith IT and Business Owners to build an Azure Application Proxy capability for critical legacy applications: SIMS, and NS Financials.
      • EngagedÌýwith Business Owners to discuss the suitability of their targeted medium to high cyber risk-rated applications being onboarded to SSO, especially if their application has had a gap identified against the Cyber Security Framework.


      From 2022 to April 2024, 243 applications have been onboarded to SSO. This work will continue, and form part of the new Cyber Security Enablement Program deliverables.

      Refer to theÌýÌýwebpage for more information or toÌýÌýto the Azure SSO platform.

      If you would like to learn more, please contact ourÌýProgram.Ìý

      Ìý

    • In 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University.

      The Program is continuing to work with Business Owners and senior leaders across the University to manage risks through the UNSW Risk Management Framework as part of the Policy Framework implementation.

      Compliance Reports were issued to senior leaders (such as DVCs, VPs, and Deans), Business Owners, Information Service Owners, and technical SME (subject matter experts). The reports outline compliance gaps against the minimum defensible controls outlined in the Cyber Security Policy Framework.Ìý

      Remediation work to address these gaps will begin as part of the new Cyber Security Enablement Program of work. It will involve Business Owners in the planning and prioritisation of the work required.

      Refer to the Cyber Security Policies and Standards webpage for more information about the Framework implementation.

      If you have any questions, please contact our Program

    • From February to March 2024 the Microsoft (MS) 365 strengthening project implemented security controls to improve the University MS Teams, OneDrive, and SharePoint collaboration platforms. Strengthening critical controls of our core collaboration tools minimises the potential for accounts to be compromised, inadvertent sharing of sensitive and highly sensitive data, and the potential of reputational damage to the University.

      Summary of the changes implemented:

      1. Private cloud storage services will no longer connect with UNSW Teams:ÌýThird-party cloud storage services (i.e. DropBox, Google Drive, Egnyte, or Box) do not have the same security level as UNSW and might be exposed to inadvertent or intentional data breaches. Refer to storage guidelines for staff and storage guidelines for students.
      2. The GIF setting is upgraded to strict in UNSW Teams:ÌýThis setting prevents users from sharing inappropriate/adult GIF (short looped video clips) content in UNSW Teams chat windows.
      3. UNSW Teams app no longer downloads for Skype:ÌýThe UNSW Teams app will no longer automatically download in the background of Skype for Business.
      4. External guests, invited to UNSW Teams meetings, will wait in the Teams lobby:ÌýThe meeting organiser, or another internal UNSW user (staff or students using their zID), can allow guests in as the default setting only allows UNSW users to join a Teams meeting before the organiser.
      5. UNSW SharePoint blocks the use of legacy authentication applications:ÌýLegacy authentication, or basic authentication using username and password only, is not allowed in SharePoint. Only applications that use modern authentication are allowed.
      6. External users cannot share links:ÌýSharing links from UNSW Teams, SharePoint, and OneDrive with other external users is no longer allowed. Only UNSW users (staff and students using their zID) can share file links with external users.
      7. Only allow users from UNSW-accepted domains can send email to a Teams channel:ÌýAdditional domains that require a channel email communication must request a Security Service Risk Assessment Service to .Ìý
      8. Anonymous users cannot interact with a UNSW Teams application during a meeting:ÌýThe ability for anonymous users to interact with a Teams application (e.g., Whiteboard, Forms, Poll Everywhere, Channel Calendar, Task Planner, To Do, etc.) in meetings has been blocked.
      9. Only UNSW users and invited guests can present during a UNSW Teams meeting:ÌýThe default setting only allows UNSW users (staff and students using their zID) and (invited) guests to present during a Teams meeting as the sharing option is disabled. Meeting organisers can change the default setting if required. Refer to the guide: .ÌýÌý
      10. Only UNSW users can bypass the lobby:ÌýThe default setting allows only UNSW users (staff and students using their zID) to bypass the lobby and join the Teams meeting. Meeting organisers can change the default setting if required. Refer to the guide:
      11. A 30-day session applies to non-UNSW guests for access to Teams Files:ÌýA session expiry will be enforced for non-UNSW (external) guests who access UNSW Teams Files (or folders). Non-UNSW guests will be prompted to enter an OTP (one-time passcode) to re-authenticate their identity every 30 days. Refer to the FAQ: ?ÌýÌý
      12. External guests have a 365-day guest link expiration limit set for shared files/folders from MS Teams, SharePoint, and OneDrive:ÌýFrom 26 March 2024, any new links to MS Teams, SharePoint, and OneDrive shared with external guests will automatically expire after 365 days. The link owners will receive Guest Expiration email notifications approximately 2-3 weeks before the access expires. Link owners can further manage guest access by extending or removing the access. Refer to the FAQ: ?ÌýÌý

      Refer to the full list of for more information about these changes or contact the IT Service Centre for technical assistance.

    • In early 2024 the Program completed a current state assessment of UNSW's Data Loss Prevention (DLP) capability, including a review of findings from the previous DLP pilot conducted in 2021. The Program, who engaged with key stakeholders, produced a Cyber Data Loss Prevention Strategy and Roadmap for UNSW.Ìý

      If you would like to learn more, please contact our Program

    • Cyber security is everyone's responsibility and by understanding a few simple steps and guidelines, we can help protect ourselves and the University from cyber security threats and keep data and information safe.

      In mid-November 2023, the University introduced a new Cyber Security Awareness eLearning module mandatory for all staff. The module will help staff improve their awareness of cyber security threats and develop good cyber-savvy behaviours to protect themselves and the University. Staff will receive a direct email asking them to access and complete the module on an annual basis.

      Refer to Cyber Security training and awareness webpage to access all information regarding the training as well as other cyber awareness advice.Ìý

      If you have questions, please contact the Cyber Security Awareness team.

    • In 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University.

      In 2023 the Program worked with Business Owners and Technical Owners to:

      • outline their accountabilities,
      • identify (and cyber risk assess) their UNSW Information Resources (into an Asset Inventory), and
      • perform a Cyber Security baseline Gap Assessment against the new Policy Framework to identify and manage risks through the UNSW Risk Management Framework.Ìý

      All Gap Assessments were completed by Business Owners using the MyCyberHub tool. Compliance reports have been issued to senior leaders (such as DVCs, VPs and Deans) for resources in their area with Business Owners receiving individual reports for each of their information resources.Ìý

      Refer to the Cyber Security Policies and Standards webpage for more information about the Policy Framework.Ìý

    • Multi-Factor Authentication (MFA) is a requirement at UNSW for all staff (including casuals and affiliates) and current students.Ìý

      Currently, students and staff who access Physical Containment (PC 2/3) laboratories are not protected by MFA when working on campus. This is due to those labs not allowing mobile phones or YubiKeys in the containment area. As a result MFA only applies to them when working remotely (off-campus) and accessing UNSW single sign-on (SSO) applications.

      From November 2023, MFA coverage for these staff and students has been improved by extending MFA controls to apply when they are on campus. Once the Campus Wi-Fi Upgrade is complete, staff/students will be MFA-exempt only when working from within a PC 2/3 rated lab.

      Important: Lab Managers are requested to advise the IT Service Centre of any changed conditions for their PC 2/3 labs so that the appropriate IT Lab Support Team can assist in enabling MFA controls.Ìý

      Visit the Cyber Security MFA page for information and support materials.

    • If you have set up rules in Outlook to automatically forward UNSW email to an external mailbox you are potentially exposing that email, and any data it includes, to security risks.Ìý

      The University takes great steps to protect our email systems by implementing cyber security controls such as anti-phishing and anti-malware. By setting up rules to automatically forward emails to an external mailbox that doesn't have the same level of security as the University, you expose that data to potential compromise, and the University to liability for any associated privacy or security breach.

      Staff are encouraged to directly check their staff email inbox regularly for important University updates.

      Instead of using auto-forwarding, it is recommended that you:

      • Set up your device (computer, tablet, phone) to remotely access University email through a supported email application (Outlook), or
      • Access your UNSW email via Outlook Web Access (OWA) using a browser on your device.

      Support

    • In 2023 Endpoint Security Policies were deployed to UNSW IT-managed endpoints (Windows and Mac OS devices). An endpoint is any physical device that can be connected to the UNSW network, such as computers, laptops (smartphones, tablets), and servers.

      These policies have improved the security of staff using UNSW IT-managed computers to access the university network. The policies are aligned with the Cyber Security Policy Framework, which aims to reduce the cyber security risk exposure across the University.Ìý Ìý

      Support:

      • Refer to the to understand the changes implemented.
      • For technical assistance, please contact the IT Service Centre.

      Laptop with internet connection

      Important: Connect your UNSW IT-owned computer to the UNSW network or internet, on a regular basis to ensure the latest security updates are installed and you are protected. Good practice would be to restart your computer weekly.Ìý

    • In September 2023, the University migrated the on-premises Cisco Email Security Appliance (ESA) to the new Cisco Cloud Email Security solution. The new solution provides an advanced and layered defence to stop a broad array of sophisticated email-based threats.Ìý

      Application administrators are to configure their platform to use (TLS) protocol for outbound email traffic.Ìý

      Refer to the or report technical issues via the IT Service Centre.

    • The Program is continuing to harden the University's network firewall rules. Firewall policies will be audited, reviewed, and hardened to address all agreed critical to medium vulnerabilities and to align with the Cyber Security Standard - Network Security.

      Non-production firewall rule change

      On 21 August 2023, changes were made that block all unidentified traffic in non-production (test) environments. This improves our cyber security posture and ensures that only safe and legitimate network traffic is allowed.Ìý

      New requests, or technical issues, will need to follow existing processes via the IT Service Centre.

    • In November 2023 a SIEM onboarding request service was established.

      Security Information and Event Management (SIEM) is a solution that helps the University detect, analyse, and respond to security threats before they harm operations. Once onboarded to the SIEM, the Security Operations Centre (SOC) will provide 24x7 real-time monitoring, threat detection, and security incident response services for your platforms, applications, or services.Ìý

      Please refer to the Cyber Security Operations services webpage to make a request and learn more

    • EDR Service for UNSW IT-managed endpoints.

      In early 2023, a state-of-the-art endpoint detection and response (EDR Service) software, CrowdStrike, was implemented on all UNSW IT-managed endpoints which include servers, desktops, and laptops.Ìý

      With CrowdStrike, UNSW can provide more advanced threat detection, monitoring, and endpoint remediation capabilities to enhance the protection of our systems.

      EDR Crowdstrike Falcon Notification message.

      If a potential threat is detected, staff may be presented with a pop-up Falcon Notification, indicating that CrowdStrike has protected your device and generally there is no further action required. If a potential or actual threat is detected, an alert is raised for UNSW IT Cyber Security Operations to manage.

      For UNSW IT-managed endpoints, CrowdStrike installs occur automatically when connected to the UNSW network or internet.ÌýÌý

      EDR Service for UNSW-owned endpoints

      From September 2023, the EDR Service was made available for installation on UNSW-owned endpoints that are not managed by UNSW IT. Please refer to Cyber Security Operations to make a request for the EDR Service and understand the conditions that apply.

    • Microsoft Defender for Endpoint provides antivirus and firewall protection to UNSW-managed computers (laptops and desktops). Microsoft Defender helps the University to prevent, detect, investigate, and respond to advanced threats, improving security and reducing cyber risk.

      Microsoft Defender for Endpoint replaced Symantec Endpoint Protection (SEP) and is licensed for enterprise-wide use.Ìý

      Learn more:

      For further assistance please contact the IT Service Centre.

    • In 2023 the Program conducted a current state assessment of the University's legacy Cisco Email Security solution and developed an Email Security Strategy and Roadmap. The strategy proposes a refresh of UNSW's current solution to incorporate advanced capabilities which include Business Email Compromise and Behavioural Protection, Account Takeover Prevention, and Supply Chain Compromise Protection. These capabilities will leverage Natural Language Understanding (NLU) techniques in conjunction with AI/ML technologies

      If you would like to learn more, please contact our Program

    • Zero Trust is a maturity approach that prioritises data security controls, requiring all requests (regardless of origin) to be authorised, authenticated, and continuously validated against data controls.

      In mid-2023 the Program facilitated workshops with key UNSW IT senior leaders, subject matter experts, and Service Owners to understand the current UNSW environment.

      In September 2023, a Zero Trust Strategy was finalised and endorsed. It will be used to inform the development of potential future Cyber Security initiatives.

      If you would like to learn more, please contact our Program.Ìý

    • Identity and Access Management (IAM) is critical to managing our cyber security risk exposure, but just as importantly it is a key enabler of the University's strategy in education and research. An updated IAM Strategy and Roadmap will prioritise and inform UNSW of what it needs to focus on going forward.Ìý

      In late 2022 workshops were held with key stakeholders across the University to understand stakeholder perspectives on business technology priorities for improvements to our identity and access management infrastructure. A draft UNSW IAM Strategy (and Roadmap) summary was produced and socialised with key stakeholders.

      In 2023 the strategy was finalised and includes a prioritised roadmap for UNSW.

      If you would like to learn more, please contact our Program.

    • In 2022, UNSW continued to improve the resilience of our Microsoft 365 platform though the implementation of additional technical controls to SharePoint, Teams, and Outlook in line with the University Cyber Security and Acceptable Use policies.

      Strengthening critical controls of our core collaboration tools will minimise the potential for accounts to be compromised and for potential reputational damage.Ìý

      Anti-phishing

      Phishing is an email attack that tries to steal sensitive information in messages that appear to be from legitimate or trusted senders. With the growing complexity of attacks, it's even difficult for trained users to identify sophisticated phishing messages. UNSW has implemented advanced anti-phishing controls that will assist users in identifying sophisticated phishing attacks and protect the University, including:

      • First Contact Safety Tip.
      • User Impersonation Unusual Characters Tip.
      • Show (?) for Unauthenticated Senders for Spoof.

      Safe Attachments

      Safe Attachments is a feature that provides an additional layer of protection for email attachments that have already been scanned by anti-malware protection by removing attached files that are found to have malicious software. Safe Attachments controls help detect and block new and existing files that are identified as malicious in document libraries in SharePoint, Teams, and Outlook.

      Safe Links

      Safe Links is a feature that provides URL scanning of inbound email messages and time-of-click verification of URLs and links in email messages and other locations. Safe Links scanning occurs in addition to the regular anti-spam and anti-malware in inbound email messages in Exchange Online Protection (EOP). Safe Links scanning can help protect the organisation from malicious links that are used in phishing and other attacks.

      Important: The above improvements are necessary to protect the confidentiality of the University’s information, and the privacy of our students and staff information and to reduce the risk of financial loss associated with business email fraud.

      Refer to the to understand these changes more clearly.Ìý

      Contact the IT Service Centre for assistance with SharePoint, Teams, or Outlook.Ìý

    • In 2022, UNSW implemented changes to Microsoft 365 (Office) services, to prevent the use of insecure login methods (legacy authentication), typically associated with the use of older email software and some applications. All students and staff were required to update their email client software to a version that supports modern authentication.Ìý

      To access UNSW email on any of your devices, please see for guidance on recommended University applications or use on the web. Contact the IT Service Centre for further assistance.

      Important: Non-Azure Active Directory applications that utilise legacy authentication protocols, such as PIMS, SIMS, NSF, etc, are not impacted.

    • In December 2022, all UNSW Cyber Security Policies and Standards were updated to uplift the maturity of cyber security at our University. The CyberSecurity Policy, Acceptable Use of UNSw Information Resources Policy, and two University-wide Cyber Security Standards were approved by the UNSW Management Board.

      The remaining Cyber Security Standards, which apply to staff with technology management or operational responsibilities, were approved by the UNSW IT Chief Information Officer (CIO).

      ÌýAccess all policies, standards, and guidelines.Ìý

    • In 2022 the UAR process was introduced for an annual review to be undertaken to evaluate and manage user accounts and access rights associated with IT services and assets. Business Owners of targeted applications are involved in the entire process. Managers/Supervisors, or anyone with staff reporting to them, are involved in the review phase only.ÌýÌý

      Refer to the Cyber Security UAR webpage for all details and support materials relating to a current, future, or past UARs.

    • In 2022, MFA became an ongoing requirement at UNSW for all staff (including casuals and affiliates) and current students. All new students and staff are prompted to set up MFA as part of their onboarding activity.ÌýÌý

      Visit the Cyber Security MFA webpage for all information and support materials.

      For technical assistance contact the IT Service Centre.

Reporting cyber incidents

It is important to report any cyber security incidents as quickly as possible so that UNSW IT’s Cyber Security team can address any issues and mitigate risk exposure.

What should I report?

  • Suspecting your computer or account has been compromised.
  • Having evidence on how technology or University data may be vulnerable.
  • Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
  • Losing a University asset containing sensitive information.

Report a cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or using the link below.

Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect ourselves and our University from cyber security threats and keep data safe. Go to Cyber Security Training and AwarenessÌýfor more information.
Ìý

"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."Ìý

Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney