Advice from the Chief Information Security Officer

4 June 2019

Dear ANU Community,  

Earlier today you will have received an important message from our Vice Chancellor notifying you we have been victims of a data breach. One of the implications of this message is how we can protect ourselves from further malicious activity. Although we have an ever-increasing range of safeguards to protect us from cyber-threats, we all play a role in keeping our systems safe.  

Below are a range of steps you can take to help stay safe. 

Passwords 

Passwords are the most commonly used form of online credentials so they remain a key target. These simple precautions can help you secure your passwords and identity: 

  • If you have not reset your ANU password since November 2018, it is highly advised that you do so immediately. Accounts whose passwords have not been reset since November 2018 will automatically require a password change on 12 June 2019.   

  • If you tend to reuse your ANU password, or very similar passwords, on other services (within or external to ANU) it is highly recommended that you reset these as soon as possible and use more distinct passwords for each service.    

  • Where available two factor authentication (phone app, token) should be used for any online services you are registered with.  

  • Use strong but memorable passwords. There are many secure password generators online and also consider the use of a password manager.  
     

Emails 

Phishing and scam emails are still the most common way to steal personal information or gain unauthorised access.  

  • Make sure emails are from a trusted source. Some email clients don't automatically show the full email address so take the time to expand and validate email addresses. 

  • Do not click on links or open attachments from unknown senders or emails which purport to be from someone you know but seem out of character.  

  • If the email appears to be from a known sender but seems unusual or asks you to do something you would not normally do, find a way to validate this information with the sender.  

  • Never give any sensitive or personal details over email no matter how legitimate or authoritative the source may seem.  

  • Don't click on email attachments with unusual file extensions or names unless you are expecting the email. 

  • If you can't tell whether an email is legitimate, or you think your account has been compromised, please contact it.security@anu.edu.au 

When Travelling 

  • Maintain a watchful eye on your devices and keep them close to you. If you can avoid it, don't leave your device in a hotel room or room safe. 

  • When using public Wi-Fi (at home or abroad) always make sure you use a Virtual Private Network (VPN) service. Hotel and airport lounge Wi-Fi are not secure.  

  • Consider using disk encryption. This one of the most useful data loss prevention measures.  

  • Do not accept USB devices from promotions or untrusted sources. Recommend to your friends and colleagues to use secure cloud based file transfers where possible.  
     

General device maintenance and configuration
Just like our vehicles require regular maintenance to stay road-worthy so to do our digital devices, so that they remain able to resist increasingly sophisticated attacks.  

  • Use a current and supported operating system. Older systems are more vulnerable particularly if security patches are no longer being released for them.

  • Ensure all operating systems and applications on your device are fully updated to the most recent patch level and are still being supported by the vendor.  

  • It is highly recommended that you use a security product on your device and that you keep it up to date.  

  • Some operating systems give you a local administrator account by default, consider making a second account on your device with less privileges for everyday use.

  • Microsoft Office macros can be very useful but are also a very common method of enabling malware. Strongly consider turning off macros unless you have a specific need. 

  • Don't download and run software from untrusted or unknown sources; and always make sure you scan any downloads with a reputable security product.  

  • Always make sure your important information is backed up regularly and consider having a mix of backup solutions e.g. cloud and removable disk. 
      

Helping your friends and colleagues 
Criminals may use your identity to trick your friends and colleagues. If you think your contact list has been compromised, let your friends and colleagues know so they can take steps to protect themselves.  

ANU ITS maintain a website with up-to-date security information. You can access that website through our homepage, and I recommend bookmarking it and checking back regularly.  

For any matters relating to the data breach please contact  1800 275 268 and for any general IT security matters please call the IT Help Desk on 6125 4321.

 
Suthagar Seevaratnam 

Chief Information Security Officer 

Other stories you might like to read

21
Mar
Vaping increasing among young Aussies, as risks confirmed »
21
Mar
Climate change worsening, but we have the means to act »
Image
02
Feb
2023 State of the University: Vice-Chancellor's Address »
Page owner: ANU Communications & Engagement