Cyber Security Tips
Use a Strong Password
Picking a good password is important, however in accordance with University Password Policy all passwords must be over 8 characters, contain a mixture of upper case, lower case
and symbols, must not be re-used, and should not be a word listed in a dictionary.
The recommendation from the Cyber Aware campaign is to use three random words. These can be any three words in any order, and numbers or special characters can still be used, for example 7blueElevat0rRis!ng33, but don't use words or phrases which are easy for other people to guess e.g. TheLionKing.
For more information visit our dedicated page on Password security
Multi-Factor Authentication
As well as having a strong password, all students will be required to set up multi-factor authentication on their account. This method provides two layers of security so if a hacker can accurately guess your password, there is still an additional security measure in place to ensure that your account is not breached.
From September 2023, all new and continuing students will be required to register for MFA to ensure accounts are more secure.
You will be prompted to register when you first access one of the protected university systems (Outlook, Office 365, Blackboard, Beacon etc.) and you will have up to 14 days to register. After 14 days, you will no longer be able to access your account without setting up MFA.
Details on how to set up MFA, as well as a number of common FAQ's, can be found on our MFA Registration Guide.
Students are encouraged to enter a phone number as one of the methods of authentication as this will provide an additional level of security and typically people tend to keep their phone number longer than they keep a device.
Once set up you will be able to change your authentication method at any time by visiting the My Security Info page
Reset Your Password
If you think your account may have been compromised, you should reset your password straight away!
If you forget your password, you can reset it by following the process below:
- Go to the self-service password reset page
- Here you will first be prompted to enter your username and prove that you aren’t a robot. You will be able to choose a registered contact method for verification.
- A unique verification code will then be sent to your chosen contact method
- Once the verification code is correctly entered, you can proceed to choose a new password and get back into your account
Beware of Phishing Scams
Phishing attacks are some of the greatest cybersecurity threats as they are very easy to fall for. In a phishing attack, a hacker will pose as someone that the recipient may be familiar with to trick them into opening a malicious link, divulging important credentials, or opening software that infects the recipient’s system with a virus. The best way to be on the lookout for phishing scams is by avoiding emails from unfamiliar senders, look for grammatical errors or any inconsistencies in the email that looks suspicious, and hover over any link you receive to verify what the destination is.
If you receive an IT related email you are unsure of, contact Digital Services.
Clicking Without Thinking is Reckless
Just because you can click, doesn’t mean you should. Malicious links can do damage in several different ways, so be sure to inspect links and ensure they’re from trusted senders before clicking. If you are unsure of a link, don’t click on it.
Keep Up to Date with Updates
Keep your devices up to date. Software patches can be issued when security flaws are discovered. You may find these notifications annoying, but you can consider them the lesser of two evils when weighing up rebooting your device versus putting yourself at risk for malware and other types of computer infection.
Secure Your Devices
Security doesn’t end at your desktop. It’s important to get into the habit of securing your presence through your mobile device as well. Use strong passwords and biometric features, ensure you turn off your Bluetooth, don’t automatically connect to any public Wi-Fi, and download with caution.
Back-Up Your Data
There’s no excuse not to have a backup of important data. Remember, malicious threats and hackers don’t always want to steal your data, but sometimes the end-goal is to encrypt or erase it. Back it up to have an ultimate recovery tool.
Protecting Your Account
The University uses identity protection tools to establish your typical IT usage to block unexpected behaviour. Types of activities that could be blocked include:
- Logons from unusual locations, such as overseas
- Logons from multiple locations at the same time
- Unusual usage of proxies to mask your location
- Access from machines known to have viruses/malware
In some instances above, MFA verification will be required to confirm a genuine login attempt.