Cyber Security Training
With cyber security threats on the rise, we are committed to fostering a security-aware culture and to equipping staff and students with the knowledge to thwart cyber threats.
-
Cyber Hygiene Awareness Videos
Overview
The University sends out regular security awareness videos that cover various topics in cyber security including:
- Data security
- Data privacy
- Information Protection
- Office Hygiene
- Passwords
- DevSecOps
How it will work
On roughly a quarterly basis, staff will receive an invitation to watch a short (2-3 minute) video and answer a quiz afterwards to confirm learning. You will receive weekly reminders if you do not complete the training.
-
Simulated Phishing Program
Overview
Did you know that 90% of security incidents involved some kind of malicious email such as phishing? It is critical that University staff have the knowledge to distinguish between legitimate email and suspicious email, and not fall prey to clicking on malicious links, opening potentially dangerous attachments, or responding to fraudulent emails. Simulated phishing serves two useful purposes for the University: they can (a) identify people who may be more vulnerable to phishing emails and provide just-in-time training (b) provide useful statistics on the proportion of people who are vulnerable and/or report phishing
How it will work (and the chance to win a prize!)
On roughly a quarterly basis, staff will receive a “simulated” phishing email that will contain a link or an attachment. If you think you have spotted such a simulated phishing email, please report it in the same manner as real phishing emails.
-
Simulated Phishing Debrief (Q4 2022)
Simulated phishing was sent out to all University paid staff in November of 2022. Below provides an explanation of what they looked like, and how you may have identified it as non-legitimate email.
This was a "multi-staged" simulated phishing exercise that comprised of
- An email with a link to a fake login page, asking you to reset your password
- A fake login website that is designed to harvest passwords of users. This follows a very typical pattern of real phishing emails.
The suspicious email could have been identified using the following information:
- The sender was not from your usual University of Adelaide senders with a trusted domain such as adelaide.edu.au
- When you hovered over the link, it would have revealed a non-UofA domain - therelayservice.com - something you would have never seen before
- Finally, the email was signed "IT Department, University of Adelaide", whereas legitimate email should be signed "Information Technology and Digital Services, the University of Adelaide"
The fake logon page, even though it has the University of Adelaide logo, has a lot of signs of being non-legitimate
- Looking at the URL, again, this does not have the usual adelaide.edu.au domain
- The form asks you for the current password. Currently the only place where you can change your University password is from the Okta login page at https://id.adelaide.edu.au. Any other places should be treated with suspicion.
Finally, if you did submit your password, a "just-in-time" learning page like below would have been displayed.