Cyber safety at UOW

Cyber safety is everyone’s business...

At UOW, we use cutting-edge technologies, rigorous procedures, and strict measures to ensure the security, privacy, and accessibility of our systems, devices, and information.

Our top priority is to reduce the potential for unauthorised access to your data and that of the university from the dangers posed by cyber threats and fraudulent activities.

Cyber security knowledge has become an essential life skill, one that benefits you, your family, and your work environment We all play a vital role in keeping ourselves, our colleagues and community safe. Our shared practices build a culture of shared accountability and in turn, increases the protection of our data, making UOW more resilient to evolving threats.

A strong cyber culture starts with you...

Did you know that UOW blocks more than 1.3 million cyber threats a week, 1.3 million is a lot of anything in today's interconnected world.

Cyber security is everyone's business at home and on campus. Whether you're a staff member or a student, protecting your work and personal information is a must.

First things first.

Let's talk about protecting your systems. Stay ahead by updating your apps, computers and smart phone regularly.

Think of it as giving your armour an upgrade to keep the threats at bay. Make sure you store your files in a secure location that is backed up. These will ensure your important documents are safe even if the unexpected strikes.

Passphrases are like secret keys to your digital kingdom. They're stronger and more secure than traditional passwords. Set them up today for greater security and peace of mind.

Scams often lurk in familiar disguises. They might impersonate trusted organisations like banks, police and governments asking you for confidential information or money. Remember, never share your bank or personal details online, through email or over the phone. Trusted organisations will never ask you for confidential information this way. Never send money to someone you don't know.

Despite our best efforts, cyber attacks can happen. Stay calm. Act swiftly and ask for help. We're here to support you. If you come across any suspicious activity or believe you've been targeted. Log a ticket with the IT service desk or call 024221 3000.

If we all take a moment to stop, think and verify, we can protect ourselves and the university from cyber threats. It's up to all of us to keep our community safe, because at UOW, cyber safety is everyone's business.

Visit uow.info/cyber-safety for more details.

Stop, Think, Verify - CyberSafety Everyone's Business
Stop, Think, Verify - CyberSafety Everyone's Business

Cyber security in everyday work

Our everyday interactions in an interconnected digital and cloud-based world exposes our data, intellectual property, and systems to cyber attacks. Due to these interconnections, many day-to-day functions require cyber security awareness. The most common functions are detailed below.

Whilst mobile computing has brought about the ability for us all to be mobile and collaborative, often these devices and how we manage them can be the weakest link.  

It’s important that you:  

  • Ensure your devices are maintained with the latest updates.  
  • Have a secure log-in method to access your device (Fingerprint/Facial recognition, passphrase or PIN code).  
  • Refrain from saving data to USB sticks or portable storage devices – particularly without encryption.  Use your free 5T OneDrive account to save your content – making it available anywhere (or H/S drives/EDRMS if you are staff).  
  • Use at least two authentication methods including a strong password and an authentication app (more secure) or SMS verification.   
  • Keep your UOW email separate to personal email addresses for personal matters.  
  • Being informed about data protection and privacy laws applicable to your work including data storage, disposal, and classification.   
  • Perform due diligence before sharing information with third-party vendors, suppliers, partners, or foreign entities. 

Refer to our Data Management & Storage article to guide you on best practice.  

Academia’s focus of creating valuable insights and taking their intellectual property to commercialisation makes researchers and HDR students a target for actors who wish to gain access to this information.  

Researchers and HDR students may be impacted through

  • Improper attempts to obtain intellectual property, e.g., through phishing scams or persons trying to gain trust or providing favours, later asking for reciprocity.
  • Vulnerabilities due to open collaborative forms and information sharing.
  • Foreign interference with actors trying to gain unauthorised access to research data, e.g., through a remote access card or password hacking.

Implications are the loss of credibility over research findings, reduced commercialisation potential, research(er) reputation, and ability to access funding into the future.

Safeguarding intellectual property should occur through

  • Applying strong passwords and multi-factor authentication,
  • Identifying and avoiding links in phishing emails and information gathering websites,
  • Not sharing UOW account login details with others including not using them for personal matters such as online shopping.
  • Following the guidelines for overseas travel if going to a conference or seminar.

Find out more about managing research data

Whether you use a UOW credit card, manage research funding or donated funds, financial interconnectivity increases the risk to unauthorised access to financial data or donor information.

UOW’s management of suppliers, credit cards, transaction security, and grants management practices become paramount in avoiding a data breach and adverse reputational impacts. Financial institutions prevention of financial fraud and operational resilience can have an impact on UOW.

Being cyber safe with financial data includes:

  • Check if there is an account to pay suppliers before using the credit card.
  • Don't share financial (including credit card) details or personal information with sources you don’t know and are for non-UOW business.
  • Ensure that passwords are strong and remain safe to avoid unauthorised access.  

It is a compliance requirement that IMTS Procurement and the Cyber Security Team MUST be engaged before you enter into any contractual arrangements with a third party or when you are considering procuring any technology related services and products, to ensure that those companies and their associated products and services meet our security standards.

Similarly, if an external party requires access to UOW data, systems or applications, the cyber security team must be engaged beforehand to assist with the security due diligence of that third party to help reduce any potential security risks.

Contact the Cyber Security Team on it-security@uow.edu.au to discuss your requirements.

When collecting personal information, it’s important to only collect and store what is necessary for that business purpose. Once its purpose has been met then UOW should be disposing of the data in line with its record keeping requirements.

Personal information, such as passports, driver’s license, financial details, or health records pose a great target for cyber criminals who may sell it on in the dark web.  

Loss of personal information will not only result in potential harm to the affected individual but will also result in financial, regulatory, and reputational damage to UOW.

Therefore, when collecting persona information, especially ID documents, consider whether you may be unnecessarily storing it after the verification process has taken place.

The Information Compliance Unit can help you determine which personal information you should only verify, store and dispose within relevant timeframes. 

Restricted personal information and organisational data of particularly susceptible to cyber attacks and therefore data breaches. Effective data governance provides the foundation for implementing cyber security measures that

  • Protect data,
  • Ensure data integrity, and
  • Support compliance and regulatory requirements.

Staff can help reduce cyber security risks by following appropriate data classifications when storing data. Access controls (applied in the systems and applications) also create a more secure and resilient data environment. Hence, it is possible when staff change roles and responsibilities, access controls also change.

For more information go to the Data governance procedure or contact the Data and Analytics team.

Cyber security and governance are intricately linked, and the effectiveness of an organisation's cyber security measures is significantly influenced by its governance structure. 

Information needs by governance bodies:

  • Support decision-making processes on cyber security risk mitigation, investment, strategies, priorities, and resource allocations including personnel and training.
  • Cyber security metrics and cyber security risk reports are triggers that help build a cyber aware culture.
  • Incident response and recovery outcomes.
  • Risk management and compliance need alignment with legal and regulatory requirements.
  • Policy development and enforcement may need to factor in cyber security. Policy examples are records management, foreign engagement, financial and procurement policies.

Continuous improvement of governance structures including assessments, audits, and reviews help identify enhancements.

When travelling overseas, devices such as mobile phones and laptops may become a target and therefore a heightened cyber security risk. A compromised device could impact the ongoing operations and security of the University’s business.

UOW has a procedure for staff when travelling overseas with University devices. It includes preparation work you need to undertake prior to travelling, things you should be aware of during your travels, and permissible post-travel actions.

For students: Cyber security when travelling overseas | Smartraveller

Happy travels.

The higher education sector, due to its international alliances, is susceptible to various forms of foreign interference linked with cyber security. Here are several ways in which researchers and UOW may be impacted:

  • Intellectual property theft potentially undermining a commercialisation opportunity, causing damage to researcher / UOW reputation, or limiting access to future funding.
  • Personal vulnerabilities due to increased phishing scams or people trying to gain trust and access to information.
  • Unauthorised access to research through a remote access card.

Be cyber safe by:

  • Protecting your personal information.
  • Checking sources for information requires.
  • Considering whether an offer is to good to be true.
  • Following these UOW procedures when travelling overseas with University devices.

More information is available the Foreign Engagement team in Global Strategy.