Office of Chief Information Security Officer

If you’re using your own device to access University services, please make sure you’re practicing good device hygiene, to ensure our data is kept as securely as possible.

When accessing University data or digital services, ensure the device(s) used are secure: install system updates as they’re made available by the device’s manufacturer, and have functioning antiviral software. With these, you are much less vulnerable to viruses and we are all more secure.

Setting a pin, password, fingerprint or facial recognition is often the first and easiest steps in preventing unwanted access to your devices.

You should be turning Bluetooth and WiFi off when they are not in use as they can provide attackers an avenue to access your devices

In the event you lose a device, or it gets stolen, services like Find my iPhone or Find My Device can allow you to lock or wipe your device remotely

Free public WiFi Hotspots often provide little in terms of security. Therefore, you should not access sensitive data (like mobile banking) when using them. If you’re creating a hotspot with your phone, make it secured with a strong, unique password

If you need to safely connect a device to the ‘Western WiFi’ Network, instructions can be found in KB0014236 (opens in a window).

Passwords are the keys to your digital kingdom! It is vitally important they are strong and secure.

• Make different passwords for different accounts
• Don't share your password with anyone
• Consider changing your passwords regularly, at least once annually
• When you have the option to, switch on Multifactor Authentication
• If you struggle to remember multiple passwords, consider using password management software.

Looking for advice on managing the password to your Western Account? ITDS maintains a Western Sydney University Password Management (opens in a new window) knowledge article.

Not sure how secure your password is? Test it out at 'how secure is my password' (opens in a new window) - a free online password tester (external resource - you will be leaving the University's IT environment).

Check out our guide to avoid getting caught! (opens in a new window)

Have a look at our short video on recognising phishing emails! (opens in a new window)

Scammers have been using the COVID-19 epidemic as bait in phishing scams, not just emails but in text messages and social media. Now, more than ever, maintaining healthy scepticism is vitally important. If you receive a suspicious message, report it to the IT Service Desk.

Here's some updates and advice on COVID-19-themed phishing from official sources:

• An alert from SCAMWatch (opens in a new window)
• An alert and some examples of COVID-19 phishing scams from the ACSC (opens in a new window)

For more information on these organisations, see External Resources section below.

The Australian Cyber Security Centre (ACSC)(opens in a new window) is operated by the Commonwealth government and provides advice, education and resources on Cyber Security for individuals, businesses, and large organisations alike. It contains content on creating better passwords, protecting yourself from phishing and similar email scams, protecting yourself from identity theft, and more.
The ACSC even has a small number of videos on their YouTube channel (opens in a new window).

SCAMWatch (opens in a new window) is the Australian Competition and Consumer Commission (or ACCC)'s online information and reporting website for scams of all varieties - its scope is wider than only scams committed using the internet. You can also use it to see stats around the amount of scamming happening, the kinds of scams happening, and how to protect yourself.
We would particularly draw your attention to the Little Black Book of Scams (opens in a new window), a document published by the ACCC through their website. The book identifies several common scams, how to recognise them, and how to avoid them.

The Australian eSafety Commissioner (opens in a new window) is a Commonwealth government agency created with the goal of improve the safety of Australian citizens online, and provides awareness and education materials on safely navigating online spaces. The eSafety Commissioner's website includes resources developed specifically for educators (opens in a new window), parents (opens in a new window), seniors (opens in a new window), and many more. A highly valuable resource for developing your own online safety habits, or starting conversations with others.

IDCARE (opens in a new window) is Australia and New Zealand's national identity & Cyber support service. IDCARE is a not-for-profit Australian charity organisation that was created to provide support and advice to people who are recovering from ID theft. The website also includes information on how to recognise the signs of identity theft.

The 'Have I been Pwned' (opens in a new window) website is a free resources that can be used to check whether your email address has been involved in a data breach. This is especially useful to know whether passwords need to be changed or how likely it is that someone could use your information to impersonate you online.

'How secure is my password' (opens in a new window) is a free online password tester - see above for more information. it can be very informative to see just how fast common or weak passwords can be compromised.

'ToS;DR' (opens in a new window) is an online database comparing and rating the Terms of Service & Privacy Policies for various commonly used online services. Their goal is to raise awareness of users' rights, as well as which services are better at promoting them. This project isn't affiliated with the University, but is an interesting resource if you want to learn more about user rights and terms of service.