Cyber Security Training

With cyber security threats on the rise, we are committed to fostering a security-aware culture and to equipping staff and students with the knowledge to thwart cyber threats.

  • Cyber Hygiene Awareness Videos
    Overview​

    The University sends out regular security awareness videos that cover various topics in cyber security including:​

    • Data security​
    • Data privacy​
    • Information Protection​
    • Office Hygiene​
    • Passwords​
    • DevSecOps​

     

    How it will work​

    On roughly a quarterly basis, staff will receive an invitation to watch a short (2-3 minute) video and answer a quiz afterwards to confirm learning. You will receive weekly reminders if you do not complete the training.​

  • Simulated Phishing Program
    Overview​

    Did you know that 90% of security incidents involved some kind of malicious email such as phishing? It is critical that University staff have the knowledge to distinguish between legitimate email and suspicious email, and not fall prey to clicking on malicious links, opening potentially dangerous attachments, or responding to fraudulent emails. Simulated phishing serves two useful purposes for the University: they can (a) identify people who may be more vulnerable to phishing emails and provide just-in-time training (b) provide useful statistics on the proportion of people who are vulnerable and/or report phishing​

    How it will work (and the chance to win a prize!)​

    On roughly a quarterly basis, staff will receive a “simulated” phishing email that will contain a link or an attachment. If you think you have spotted such a simulated phishing email, please report it in the same manner as real phishing emails. 

  • Simulated Phishing Debrief (Q4 2022)

    Simulated phishing was sent out to all University paid staff in November of 2022. Below provides an explanation of what they looked like, and how you may have identified it as non-legitimate email.

    This was a "multi-staged" simulated phishing exercise that comprised of

    1. An email with a link to a fake login page, asking you to reset your password
    2. A fake login website that is designed to harvest passwords of users. This follows a very typical pattern of real phishing emails.

    The suspicious email could have been identified using the following information:

    1. The sender was not from your usual University of Adelaide senders with a trusted domain such as adelaide.edu.au
    2. When you hovered over the link, it would have revealed a non-UofA domain - therelayservice.com - something you would have never seen before
    3. Finally, the email was signed "IT Department, University of Adelaide", whereas legitimate email should be signed "Information Technology and Digital Services, the University of Adelaide"

     

    Phishing test Nov 2022

    How to identify suspicious emails

    The fake logon page, even though it has the University of Adelaide logo, has a lot of signs of being non-legitimate

    1. Looking at the URL, again, this does not have the usual adelaide.edu.au domain
    2. The form asks you for the current password. Currently the only place where you can change your University password is from the Okta login page at https://id.adelaide.edu.au. Any other places should be treated with suspicion.
    Phising test Nov 2022

    How to identify fake logon pages

    Finally, if you did submit your password, a "just-in-time" learning page like below would have been displayed.

    Phishing test debrief

    Learning page