IT@ND: Cyber Security
IT@ND: Cyber Security Services
The Information Technology Office at Notre Dame provides a range of security services to help protect University data and computer systems for all members of our community.
What is Cyber Security?
Cyber Security is the protection of our systems from possible theft or damage to virtual or physical systems, software and soft data as well as disruption or misdirection of the services they provide to staff and students.
Why we need Cyber Security?
The University supports a wide range of applications and systems that house research data, intellectual property, and personal/confidential information. These systems require protection from cyber attacks designed to acquire, disrupt or destroy this data.
What do we do for you?
Notre Dame is serious about security and has many practices in place to ensure the protection of your data on campus and online.
- User accounts are set to lockout after several incorrect logins with a lockout period before access is restored.
- All wireless traffic passes through an internet filter and is subject to monitoring to ensure a secured connection and appropriate use of our network.
- SPAM filtering on all emails to minimise attacks on our network.
- Antivirus and malware software is installed on all university computers and laptops to prevent unwanted attacks and intrusions from outside sources.
- Completion of routine maintenance on all IT systems to keep them updated with the latest security and operating system patches.
- Use of a Virtual Private Network (VPN) for staff who work away from campus or frequently travel abroad.
IT@ND: Staying secure online with IT
How can we protect ourselves from malicious and unwanted activity?
Although we have an ever-increasing range of safeguards to protect ourselves from cyber-threats, we all play a role in keeping our systems safe.
Learn more about staying secure online with IT@ND by clicking on the topics below.
One of the most important precautions you can take in protecting you and your information is setting a strong password to your account.
Email Security and safe practices
Emails are still the most common way to steal personal information or gain unauthorised access to an account. Learn more about safe email usage to keep your messages private.
Device and Data Security
Data is stored (HDDs, USB and mobiles) and shared on multiple devices. Learn how to keep your data and mobile devices secure.
Stay secure abroad
Keep yourself secure when accessing university systems away from campus. What can you do before and after you return from travels?
Antivirus and Malware protection
What is malware and how do you avoid becoming a victim? Learn what steps you can take to identify and protect your devices and University information.
Soft Copy security
Security can be breached when 'hard' copies of data are printed from your screen or removed from a printer.
Security at home
Security doesn't stop at the office. Keep your home network secure and stop unwanted access to your personal devices.
Stay secure in an online world. See what secure practices you should use when working off-campus.
IT@ND: Ask us about security
Got a Question about Security?
See if we already have the answer below, if not send us your question to ITFAQ@nd.edu.au
What is this Email? Is it SPAM?
Unauthorised access to an email account is the most common way to steal personal information. SPAM filters are used on all incoming emails to remove possible threats to your account. Postmaster emails are sent regularly for staff to determine safe senders in their contacts.
Please be aware IT does not send emails relating to password expiry, reset options or confirmation. Sign-in notifies you when your account is due to expire on a University computer.
Make sure emails are from a trusted source and take time to validate the sender. You may need to fully expand the email as some email clients don't automatically show the full email address and recipients.
Trust your gut if it looks Phishy. Don’t Take the Bait. Delete it.
Tips to help you recognise them:
- Request personal information or money
- Encourages you to click on a link or attachment
- A sense of urgency, such as “urgent action required!”
- The message contains poor grammar and spelling
- There are no contact details, or the signature is generic
- Sent from a person or company you haven’t contacted before
- The sender's name does not match their sending address
- If the email looks to be from a known sender but seems unusual or asks you to do something you would not normally do
Why should I keep my Staff Card secure?
Your Staff ID card allows access to buildings outside of regular business hours and staff printer access on all SafeQ-enabled devices. An ID card is printed for all current staff. A sticker is added to the back of the card to show current contracted staff.
If you have lost your card, please contact IT to remove the lost card from your account. After your card is removed from the system, visit Student Administration to have your card reprinted. Register your new card to enable access to campus buildings and printers. Note: Please discard any found cards if a new ID has been printed. The system automatically uses the newest card for access to university facilities.
How can I keep my account safe off-campus?
If you’re a frequent traveller or work from home, it is important to be aware of your surroundings and network connection.
Use a Virtual Private Network (VPN) when using public Wi-Fi (at home or abroad). It is important to note that although complimentary, hotel and airport lounge Wi-Fi are not secure.
After returning from travel abroad, monitor your account for unusual activity and run a virus or malware scan on your device. If you suspect your account has been compromised, please contact your IT service desk.
What do I do if I click on a link?
If ever in doubt about an email you have received, please contact IT so they can verify its authenticity. If you think your email account or contact list is compromised, let your colleagues know to prevent further attacks or compromises to accounts
Send the following details to your IT Service Desk
- Sender name or address
- Email details
- Time opened
As a security precaution, IT disable your account until contact is made and your details updated. Please be aware IT does not send emails relating to password expiry, reset options or confirmations.
I think my account is compromised?
Please contact the IT Service Desk if you feel you may have a compromised account or witnessed a Cyber Security incident. Reset your password as soon as possible. Please make IT aware of the following information when logging your incident request:
- Time of compromise
- Location (on or off campus)
- Date of incident
- Type of data involved
- Any known impact
- Link or email information (phishing or SPAM)
What is this email from Postmaster?
Mimecast SPAM filtering applies to all emails sent from external contacts to prevent phishing attacks on our system. Email attachments and URLs are scanned, and any threat found is quarantined. Mimecast identifies these quarantined emails as suspicious and requires further action before being delivered to your inbox.
Quarantined emails show in your inbox under Postmaster.
Log into your Mimecast personal portal to review, release, permit or block any emails held by our SPAM filter.
Password Security - It doesn't phrase me!
Why do we struggle to remember our password? We have been successfully trained to create passwords hard for humans to remember, but easy for computers to guess. Creating a strong and secure passphrase is the first line of defence in preventing unwanted access to university systems and data.
Almost 50% of people use passwords that are 5 years old. Passwords are easily compromised, leaving your account vulnerable to hackers and fraudulent use of your personal information. Set a passphrase to improve the security strength of your account.
NotreDame Common word Under 1 second
N0treDame19 Added numbersUnder 3 minutes
N0tr3Dame123 Numbers, capital and substitution 1 week
N3wY0rk!2020$$ Numbers, capital, symbols and substitution Over a year
Bigjetplane2NYC$$ Passphrase, random words, uncommon 35.64 billion years
A passphrase is created with the idea of making a hacker guess as many incorrect combinations as possible. Creating a phrase with multiple words that you can picture in your head, so it’s difficult to guess but easy to remember.
Don’t set off the Dominos
Using the same password on multiple accounts can create a domino effect that allows hackers to take down multiple accounts by cracking one password.
Despite worries about online security, many people still use common or repeated passwords to secure multiple accounts. Duplicate passwords guard 73% of online accounts, with 54% of people using 5 or fewer passwords across their entire online life. Set a unique passphrase for each of your accounts to stop the dominoes from falling.
Protect yourself with more than just a password, set a passphrase today!
What are gift card scams?
This type of phishing email scam aims to lure the recipient into the purchase of Gift Cards – e.g. iTunes, Google Play, Amazon, etc. Typically these emails begins with a short conversational message such as “Are you there?”, or “Can you help me?”. The email appears to be from a Notre Dame colleague, but is actually sent from an external scammer’s email account. If the recipient responds, the scammer will reply and the conversation quickly turns into a request to purchase some form of gift card. Any time an unsolicited email conversation turns into a request to purchase something like a Gift Card, it is very likely to be this scam. If this happens, please discontinue the conversation and immediately notify the IT Service Desk.
You can also identify these types of scams by carefully examining the sender’s email address. If it differs from the sender’s normal address, for example: firstname.lastname@example.org, again please notify the IT Service Desk.
How can I recognise phishing or SPAM emails?
Emails from imposters are often difficult to spot, as they will try match as close as possible the email address of the person they are impersonating, for example: email@example.com
How can you recognise a Phishing or Spam type email?
Here are some simple tips to help you recognise them:
- They will request personal information, money or vouchers;
- Encourage you to click on a link or attachment you do not recognise;
- Purvey a sense of urgency, such as “urgent action required”;
- The message contains poor grammar and/or spelling;
- There are no contact details or the signature is generic;
- It is sent from a person or company you haven’t been in contact with before; and
- The senders name does not match their sending email address.
What else can you do to help?
- Never share your Notre Dame User Name and Password;
- Do not use your Notre Dame credentials for registration of personal social media and/or other personal online accounts;
- Regularly change your University password;
- Don’t use the same password for University and personal online accounts; and
- Always use a strong password, or consider a passphrase (if you are not sure what a passphrase is speak to my team).
Report an incident to IT@ND
Reporting incidents goes a long way to protect university data and reduce the potential for damage to the universities staff and students.
All those who access systems of the university are required to report any cybersecurity or suspicious behaviour to IT.
What is a Cyber Security incident?
A cyber security incident is a single or series of events where unauthorised attempts are made to access our university systems and stored data.
- Violation of an Information Management policy
- Unauthorised access to a physical machine or online account
- Loss of confidential data or compromise of data integrity
- Physical damage or theft of IT systems
- Misuse of service, systems or information
- Malware or virus on university device
Identifying a Cyber Security incident?
What a cyber security incident may look like?
- Lost or stolen devices, systems or data
- Malware, virus, pop-ups or adware on your device
- Sharing passwords to university accounts and systems
- Unexpected program or notification showing on your device or web browser
- Sharing confidential and unauthorised data outside of the university
- SPAM or Phishing emails to your university account
IT@ND: IT Security Policies, Guidelines and Standards
All users and administrators of University IT services need to be aware of specific IT security policies, guidelines and standards. As a condition of use of the university system, all users are required to comply with these regulations.
- Policy: Email and Internet Usage
- Policy: Privacy
- Policy: Data Breach
- Policy: Information Security
- Policy: Use of Social Media
We all play a role in keeping our systems safe; Security is everyone's responsibility. By following these guidelines, we are working together to ensure our university is protected against cyber threats.
What secure practices can I use now?
- Change your default password to a strong and memorable password or passphrase
- Lock your computer with Windows key + L when leaving your area unattended
- Use University IT systems for teaching, learning, and research purposes only
- Separate similar passwords from your University and personal accounts
- Don’t share or leave a copy of your login details for other staff to use
- Don’t plug in your USB device if you suspect it may be infected
- If you think your email account or contact list is compromised, let your colleagues know to prevent further attacks or compromises to accounts
What might I be doing that is unsecured?
- Keeping the same password each time, adding the next number up or character to the end
- Sharing personal information or passwords when going on leave or for other staff to use
- Using your University email for registration of social media or any other personal accounts
- Connecting your university laptop to public and insecure networks off campus
Fremantle08 9433 0999
8am – 5pm AWST
Sydney02 8204 4444
8am – 5pm AEST
Broome08 9192 0632
8am – 4:30pm AWST