links open in new tab

Personal Internet security is everyone's responsibility

This fact sheet will help staff and students with staying safe when using the Internet on their personal devices. It highlights common traps that users might face regularly. The best defence against all of these threats and concerns is awareness.

What is Phishing?

When internet fraudsters impersonate a business to trick you into giving out your personal information, it’s called phishing. Don't respond to email, text, or pop-up messages that ask for your personal, social or financial information. Don’t click on links within them either – even if the message seems to be from an organisation you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through insecure channels.

Be a little suspicious. Most phishing attacks rely on simple social engineering. People are the weak link in security.
It’s easier to trick people than it is to hack computers.

Don’t be the one who falls for a Phishing scam!

Spam and phishing emails have been a fact of life for many years now. So much so that over 80% of all emails addressed to NSW DoE email boxes are caught by our spam filters and deleted before they even get to you. Most users hardly get any spam as a result. However, some targeted spam and phishing messages still manage to get through from time to time. That’s why it’s very important that all staff become proficient at identifying phishing scams and don’t blindly click on links or open attachments. Here are some tips you can pass onto users at your site:

  • Be suspicious of any email that does not address you in the message by your name
  • The message often says something bad will happen if you don’t respond – it’s a trap.
  • Typos and poor grammar are common. Look out for them like you are marking student work
  • Any click here type links that seem to take you to a URL unrelated to the original message are bad – even if the site looks OK. Pay close attention to the URL of the link
  • Phishing is not always about your banking. It’s more often about wanting your account credentials for any site or service. Don’t give your credentials away easily. Be vigilant while online

Follow these tips, be observant and don’t get hooked.

Malware and Identity Theft

Malware is short for 'malicious software.' It includes viruses and other software that get installed on your computer, phone, or mobile device with or without your consent.

These programs can cause your device to crash, or perform less reliably. They can be used to monitor and control your online activity. It’s common for malware to be delivered via phishing - an email or online post that beckons you to click a link or open an attachment so it can install in the background.

Criminals use malware to steal personal information, capture keystrokes, send spam from your computer, or take over control of your device. With direct access to much of your personal information, identity theft is easily achieved. Being aware and proactively protecting yourself from identity theft is much easier than cleaning up the pieces after having been exploited.

Ransomware

Of all the types of malicious software, ransomware is both distressing and destructive. It is used by criminals to extort funds from their victims. The attack works by users unknowingly installing software, such as CryptoLocker or Wannacry on their computer or mobile device, usually received via a phishing email or a link on an unreputable website. Upon opening, it quickly encrypts your files, making them unusable. It then demands that you pay a ransom to decrypt the files. The best defence is common-sense. Don’t blindly click on email attachments or links. In April to May 2016, Australians reported more than 200,000 ransomware attacks. Not even DoE was immune. Fortunately, ITD was able to respond and prevented losses to DoE’s enterprise services without the need to pay the ransoms. Learn more about Ransomware and how to best avoid it.

This useful website has resources to help users who are tricked by the links and phishing emails of cyber criminals and manage to get all their files encrypted. Tools available at the No More Ransom site may assist cyber victims to decrypt their files on personal devices. Paying the demanded ransom is never recommended, so it's always best to teach staff and students to recognise and avoid phishing scams in the first place, as well as to have regular and reliable backups of their important files.

Is your Windows up to date with the latest security patches?

It's also very important to ensure that the latest Windows security updates have been installed on your personal Windows devices. The easiest way to achieve this is to open Windows Update to determine if there are any outstanding updates and to apply them. On your unmanaged Windows device, complete these steps:

  • Click the Windows button to open the Windows menu and in the box, type Check for updates then press Enter.
  • The Windows Update screen will appear. If it states "Your device is up to date" with a recent last checked datenothing needs to be done with that PC.
  • If the device has not been checked or updated for some time, click Check for Updates and apply any and all security updates that appear as available.
  • To ensure all security updates are installed completely, it is essential that the device be restarted from the shutdown menu option.

As per the department's Communication Devices and Associated Services Guidelines, staff and students are required to:

  • ensure that BYO devices are running up to date anti-malware software, application software versions and patched operating systems.

Student and staff owned BYODs should either have their Windows security updates installed at home prior to bringing them to school, or check for and install updates before 9am or after 3pm on school days.

Personal data security

An important concept that all ICT users should understand — the easier it is for you to access your data, the easier it is for someone else to access your data. In this age of mobile personal devices with saved passwords to easily access cloud-based storage, email and social media, losing your privacy is as easy as losing your phone or tablet.

Using different passwords for different services, regularly changing your passwords and signing out of services when not needed will help to protect your data.

Avoiding data loss

Too many people still make the mistake of only having one copy of their files, documents or photos. Keeping all of your personal files on a USB stick because it’s portable and handy is great, until something goes wrong with the stick, or it gets misplaced. Similarly, having documents only in MS Office 365’s OneDrive or Google Apps’ Drive means relying on Internet access and the service always being reliable.

Personal backup copies of all of your important files is essential. The mantra — ”A file doesn’t exist unless you have at least two copies of it in different locations” will help to avoid data loss.

If staff have any problems with personal internet security that affects your work, please log a call with EDConnect,
- or via phone on 1300 32 32 32

 

INFORMATION TECHNOLOGY DIRECTORATE - Fact Sheet v1_04/08/2017