Cybersecurity alerts
In today’s digital world, we’re constantly connected—sharing information, collaborating, and communicating online. This interconnectedness brings incredible opportunities. However, there are inherent risks posed by criminals looking to benefit financially from cybercrime. This means it is essential for everyone to know the risks, protect themselves, and understand that cybersecurity is a shared responsibility.
A single cyber security scam/attack can have far-reaching impacts on your personal data, your studies and even the University.
The best defense starts with each of us. By staying vigilant and taking simple steps to secure our devices, we help protect not only ourselves but also our entire digital community. Together, we can create a safer online environment for everyone.
Ways to stay cyber-safe
Personal security
Always make sure you’re using strong passwords.
Because you have dozens, if not hundreds of different accounts for services you use every day, chances are you’re re-using the same password because it’s easier to remember.
Make sure you’re using a strong passphrase that’s at least 15 characters long and has two or three words with a combination of numbers and symbols (e.g. keyboardheadphones25364). This will ensure your passphrase can’t be easily cracked.
Another good practice is to use a password manager, such as LastPass, KeePass, Keeper or DashLane. These automatically generate and save secure passwords for any new accounts you create.
Always remember that any data posted on the internet is on there forever.
Hackers often rely on their victims to overshare information on social networks and forums, such as their email address, place of employment/study and job position. This information can not only make you a target for hackers, but it is also leveraged by hackers to conduct spear phishing attacks.
Email security
Phishing and Spear Phishing emails are the most common cause of users and companies being hacked.
“Phishing” is where a victim is tricked into downloading malware, ransomware or providing sensitive information to hackers. Hackers often perform phishing attacks via email, telephone or SMS messages.
A phishing email is a generic email sent to thousands of users at once in the hope that at least one target will fall victim. Think of someone casting a big net into the ocean to catch fish.
A “Spear phishing” email is specifically targeted at an individual and is often personalised to increase the chance of the target falling victim. Think of someone chasing a fish with a spear gun.
When checking your emails, always stop and think:
- Do I know the sender?
- Am I expecting an email like this from the sender?
- Does my recent activity warrant an email like this?
Software and device security
Always keep your devices with you when possible. Otherwise, always lock them when they’re not in use. If you are travelling, do not leave devices unattended in hotel rooms. Always lock them in the safe provided or carry them with you.
Always back up your data to an external hard drive or cloud storage service such as your La Trobe OneDrive account. For personal data, we suggest you use a Google Drive, iCloud, or personal OneDrive account.
Over time, bugs and glitches affecting computer programs and mobile apps get disclosed – some of which can allow a hacker to completely take over your machine.
Fortunately, these vulnerabilities are often patched quickly, but the onus is on you to keep your programs up to date.
Always keep your Windows/MacOS/iOS/Android and any programs up to date. Always download new versions when prompted. Most devices allow you to enable updates to be downloaded and applied automatically in the system settings. Enabling this allows you to remain on the most recent and secure version of software without having to perform any manual actions.
Most of the time, a hacker wanting to infect you with a virus or ransomware will rely on you to run an executable file they send to you. These can be identified as having file extensions such as .exe or .msi.
Never run executables from sources you don’t trust. Always verify the file and where it came from.
Hackers can send Microsoft Word or Excel documents that have what’s called “macros” embedded in them. Macros are often used to automate things such as calculations, however they can also be used by hackers to download and run viruses and ransomware.
Macro-enabled documents can be identified by having the “.docm”, “.xlsm” or “.pptm” file extension.
Never open a Microsoft Office document that has macros unless you are expecting to receive it and can verify the sender’s identity.
Hackers’ attacks aren’t limited to the Internet. Infected USB storage devices are often used by hackers to spread viruses and ransomware. There are also USB devices that can steal your passwords or even overload and physically destroy any device it’s plugged into.
Never plug in a USB device that you find or are given by someone you don’t trust.
Additional resources
Find out more about staying secure online with the following resources:
- eSafety Commissioner - Australia's independent regulator for online safety who provide advice and resources on keeping you safe online.
- ScamWatch - led by the National Anti-Scam Centre, Scamwatch shows you scam waning signs and provide advice to stay protected.
- Scam Spotter - an initiative from FightCybercrime and Google, the site helps you prepare to spot a scam.
- Cyber.gov.au - the role of the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is to make Australian a secure place to connect online as the leaders of the Australian Government's efforts to improve cyber security. Here you can access support to report and recover from cyberthreats
- IDCARE - an independent not-for-profit that provides support if you have been impacted by scams, identity theft or cyber security threats.