Charles Sturt University
Charles Sturt University
  • Information Security
  • Report a Security Incident
  • Service Support Articles
  • Security Tips and Advice
  • Data Breaches
IT Servicesservice category ICT Security

Information Security

The goal of information security is to protect the confidentiality, integrity and availability of Charles Sturt University's information assets, and to ensure the safety of personal information held by the university.

Everyone at Charles Sturt has a role to play in protecting university information.

Report a security incident

To report a security incident or concern log an ICT Security incident/request, or call the IT Service Desk on 1300 653 088 (internal: 84357). For advice on when to report and what information you should include, visit report a security incident.

To report a suspicious email: use the "Report as Spam" button located on the Home ribbon in Outlook on CSU-managed devices, log an ICT Security incident/request, or call the IT Service Desk on 1300 653 088 (internal: 84357).

Risk assessments

Charles Sturt ICT systems' custodians are responsible for ensuring an information security risk assessment is undertaken for core strategic systems on procurement, or when significant usage or data structure changes occur.

To request a risk assessment log an ICT Security incident/request.

Security in projects

Charles Sturt is committed to ensuring university projects and initiatives are delivered with appropriate security and privacy considerations. DIT can assist your project with security risk assessment and management, secure coding advice, security testing, and contractual agreements review.

To request assistance with project security log an ICT Security incident/request.

Contact and feedback

If you have any questions about information security at Charles Sturt, or feedback regarding this site, log an ICT Security incident/request.

Service Owner

Manager, ICT Security

Report a Security Incident

How do I report a security incident?

To report a security incident log an ICT Security incident/request, or call the IT Service Desk on 1300 653 088 (internal: 84357).

When should I report a security incident?

You should report any activities or events which may affect the confidentiality, integrity and availability of the university's information assets.

This includes:

  • Unauthorised access to systems or data
  • Unauthorised disclosure or loss of personal information
  • Denial of service attack
  • Unauthorised changes to system hardware, firmware, or software
  • Damage or theft of IT equipment
  • Serious virus or malware infections
  • Unauthorised scanning of networks, systems or computers
  • Malicious code running of websites or systems
  • Compromised passwords or other credentials
  • Other suspicious activities or events

What information should I include?

You should provide as many details relating to the information security issue as possible, such as:

  • Date and time of the activities or events
  • Type of information disclosed or lost (please do not include passwords or other private information)
  • IP addresses or hostnames of devices (if known)
  • The operating system, software or services affected (if relevant)
  • Any other users or resources that are or may be affected

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk

Security Tips and Advice

Email security (phishing and scam emails)

To report a suspicious email: use the "Report as Spam" button located on the Home ribbon in Outlook on CSU-managed devices, log an ICT Security incident/request, or call the IT Service Desk on 1300 653 088 (internal: 84357).

All staff must be aware of the risks associated with malicious and fraudulent emails, known as phishing.

Phishing is an attempt to trick you into supplying personal information (usernames, passwords, personal and credit card details) by sending an email which appears to be from a legitimate business, organisation or individual.

An example of phishing is an email which states that you will lose access to your account unless you update your password by clicking on the link provided. The link then directs you to a website that looks authentic but is in fact controlled by cybercriminals who capture your password or other personal information entered.

If you suspect that you've been the victim of a phishing attack, immediately change your password. If you used the same password for multiple accounts, make sure you change the password for each account and never use that password again.

Tips on how to spot a phishing email:

Charles Sturt has introduced "Time-of-Click" to help protect staff from phishing emails:

Virus/Malware

All CSU-managed devices are installed with Sophos anti-virus protection.

Virus/Malware is software intentionally designed to cause damage to a computer, server or computer network. It can also be used by cybercriminals to undertake malicious actions such as stealing your confidential information, holding your computer to ransom or installing other programs without your knowledge.

The best way to minimise your chances of getting a virus/malware infection is to be proactive and follow some basic steps:

  • Install anti-virus software
  • Regularly update your anti-virus software definitions
  • Regularly scan your devices for viruses

If you need anti-virus software for your personal device Sophos Home is available for free download.

More information:

Strong passwords and passphrases

Your password protects access to sensitive information and services. If your password is compromised cybercriminals can use the information or services for malicious purposes.

Using strong passwords helps to protect yourself and the university's information. The general rule is: the longer it is, the stronger it is!

A helpful tip is to use a passphrase or sentence that is meaningful to you, making it easier for you to remember but harder for someone else to guess.

For example:

  • ilikemyluckyNumber#86
  • Hmcgt2s! (Hope my car gets through 2 semesters!)
  • Correcth0rsebattery$taple
  • Australiansallletusringjoyce!

For more tips on creating strong passwords go to Stay Smart Online – Passwords and passphrases.

To change your password visit changing my password.

Software updates

Keeping your operating system/applications up to date is one of the best ways to protect your device from cybercriminals.

Cybercriminals seek out vulnerabilities in software to exploit, enabling them to gain access to your device. In most cases software providers are aware of these vulnerabilities and have released updates to remove them, keeping the software secure.

On modern devices, software and applications should update automatically. However, you should check regularly to ensure this is the case.

Some important software to keep up to date:

  • Operating systems (Windows, Mac OS, etc.)
  • Web browsers (Firefox, Chrome, etc.)
  • Antivirus software (Sophos, etc.)

For more information go to Stay Smart Online - Software updates

Backups

Software failure, physical damage, malware infection, and theft are some of the reasons why you need to consider backing up your data.

The most important files to backup are your personal files. Operating systems and software can be installed from other sources, but your own personal data typically only exists locally on a device and cannot be replaced if lost.

You can use a number of different methods to backup files, including external hard drive or a cloud service.

Remember to:

  • backup up often
  • make sure the backup is secure
  • occasionally test the backups to make sure they are able to be restored.

For more information go to Stay Smart Online - Backups.

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk

Data Breaches

Charles Sturt is required to report data breaches that involve the disclosure of individuals’ personal information held by the university to the Australian Information Commissioner.

An ‘eligible’ data breach means there has been unauthorised access, unauthorised disclosure or loss of personal information.

A suspected or known data breach must be promptly reported to the IT Service Desk via the Staff Service Centre so that it can be contained to minimise the impact of the breach.

For more information read the Personal Data Breach Procedure.

All university staff and students must report any suspected or known breaches of personal information held by the university as soon as possible via the Staff Service Centre (staff) or Student Central (students).

The ICT Security team will assess the criticality and eligibility of the incident and refer to the Data Breach Response team for further action as required.

Support

If you have further questions or need technical help after checking the Online Resources, contact the IT Service Desk