Next phase of the Cyber Security Policy Framework implementation.
Thank you to all who have been involved in implementing the Cyber Security Policy Framework. The University has made considerable progress in identifying UNSW Information Resources and Business Owners, as well as defining cyber security risk ratings.
The next phase will identify Information Resource gaps compared against the minimum controls, as set out in the Cyber Security Standard - Risk Management. This Gap Assessment phase has already begun with a pilot group of Business Owners. In the coming days, remaining Business Owners will be contacted to start this work. If you have any questions, visit one of the Cyber Security Drop-In support sessions.
In September, a planning process for remediation will commence. The Business Owners will work with the Cyber Security Resilience Program to jointly agree on what actions are needed to close the gaps by addressing the vulnerabilities. Closing these gaps will make Information Resources compliant with the Framework and strengthen the maturity of the University's cyber security.
Complete your pending reviews in the MyUAR tool
64,000 user access reviews have been issued, with 88 per cent already in progress. However, 590 reviewers are yet to start – please check the MyUAR tool and complete any pending reviews you may have.
Reviewers with pending reviews can:
- Talk to the account holder, whose access is being reviewed, if required
- If needed, delegate a review in the tool and let your delegate know
- Join a Wednesday 1pm, UAR Drop-In session should you need additional support or have questions about the review
Staff using any of the in-scope applications have no action as part of the UAR. Any questions or requests for new access should be directed to their manager. Refer to the UAR webpage for information and support materials or email the Cyber Security UAR mailbox (cybersecurity-UAR@unsw.edu.au).
Auto-forwarding of UNSW email poses security risks
Setting up rules in Outlook to automatically forward an UNSW email to an external mailbox may potentially expose that email and any data it includes to security risks.
The University made significant investments to protect our email systems by implementing cyber security controls such as anti-phishing and anti-malware. By automatically forwarding a sensitive email to an external mailbox that doesn’t have the same level of security as the University, you expose that data to potential compromise, and the University to liability for any associated privacy or security breach.
All staff are encouraged to directly check their staff email inbox regularly for important University updates. Instead of using auto-forwarding, it is recommended that you set up your device to remotely access University email through a supported email application (Outlook), or via Outlook Web Access (OWA) using a browser. Refer to the Program update or email Cyber Security Services for more information.
Migrating email to the cloud
The University is migrating the existing on-premises Cisco Email Security Appliance (ESA) to the new Cisco Cloud Email Security solution. The new solution will provide an advanced and layered defence to stop a broad array of sophisticated email-based threats.
While there is no impact on staff using an email client, such as Outlook, application administrators may need to ensure that their applications can support a Transport Layer Security (TLS) protocol.
Migration activities will occur from mid-July to early August. Thereafter, outbound email traffic for the University will require the TLS protocol to operate.
Firewall rule improvements
The Program is continuing to harden the University’s network firewall rules. In the coming weeks, changes will be made that will block all unidentified traffic in non-production environments. This will improve our cyber security posture and ensure that only safe and legitimate network traffic is allowed.
Identified firewall rule application owners will be contacted. If you have any concerns with this change, please reach out to Cyber Security Services to discuss your needs.
Once implemented, new requests will need to follow existing firewall request processes via the IT Service Centre.
Help prevent spoofing and spam with DMARC
With the increased threat associated with phishing attacks, email scams, and domain impersonation attacks targeting UNSW staff and students, additional security measures will be implemented to protect the UNSW.EDU.AU email domain, commencing August 2023.
The new DMARC (Domain-based Message Authentication, Reporting, and Conformance) reject policy will enforce strict protocols for email authentication. It will ensure that only legitimate UNSW.EDU.AU emails sent from authorised sources will be allowed, while malicious or unauthorised emails spoofing our domain will be rejected.
From August 2023, if you intend to engage a new third-party service provider or software to email your stakeholders on behalf of the UNSW.EDU.AU domain, they will have to be pre-authorised. To avoid disruptions, please submit a request to the IT Service Centre and the Cyber Security team will then authorise eligible software.