Changes to cyber security at UNSW and how this will impact you

09 Aug 2022
Important changes for cyber security at UNSW

The ongoing Cyber Security Resilience Program calls on the UNSW community to do their part and be cyber smart.

The security of the University’s information, and the privacy of our students and staff, are essential to our mission to transform lives through excellence in research, outstanding education, and a commitment to advancing a just society.

In that context, enhancing our cyber security will continue to be one of our highest priorities. UNSW’s ongoing Cyber Security Resilience Program is continuing to implement significant improvements, such as multi-factor authentication (MFA). The program also seeks to foster a security-aware culture among students and staff. While some of the changes may be inconvenient in the short-term, they are an important enabler of academic freedom, student and staff security, and our ability to achieve our strategic goals.

Below are just a few of these initiatives underway this year:

Removal of end-of-life (legacy authentication) email use 

Some staff may still be using email applications that were set up many years ago, such as earlier versions of Outlook (2015 or earlier), Mac Mail on Mac OS (10.13 or earlier) or Android (7.0 or earlier).

End-of-life email applications do not support secure authentication methods and can expose your account to password compromise and allow attackers to bypass security controls like MFA.  
From 1 October 2022, Microsoft will end support for these ‘legacy authentication’ email applications. Staff will have to either upgrade to a version of an email application that supports modern authentication or move to one that does, such as Outlook (2016 and above) or Mail app (requires iOS 11 and above).  

Disabling email auto-forwarding to external email platforms 

While most organisational emails are not particularly sensitive, some undoubtedly are. Uncontrolled auto-forwarding of university emails to an external mailbox that doesn’t have the same level of security as UNSW, exposes that email, and any data it includes to potential compromise. In addition, it exposes the University to liability for any associated privacy or security breach.

The practice of auto-forwarding email is not compatible with the protection of UNSW’s information and data. In the coming weeks, the Cyber Security Resilience Program will start to engage with your areas to move away from auto-forwarding. (There will be some exceptions where auto-forwarding to other organisations will be accommodated, however we plan to ensure that those organisations have an equivalent level of security.)

While these changes relate to automatic forwarding of emails, staff will still be able to forward individual emails where this does not expose the University to unnecessary risk.

Development of mandatory eLearning modules for staff 

Cyber security is everyone’s responsibility and by understanding some basic guidelines, we can help to protect ourselves and the University from cyber security threats and keep data and information safe. The University is developing a cyber security eLearning module that staff (including casuals and affiliates) will need to complete on an annual basis.

User Access Review (UAR) is underway for 2022 

UAR is a mandatory process to evaluate and manage user accounts, as well as access rights associated with IT services and assets. Managers and anyone with staff reporting to them will complete the review.  

More information about improvements to our cyber security will continue to be communicated over the coming months, and your involvement will be essential to ensuring our ongoing resilience to cyber security threats.

If you would like more information, please visit the Cyber Security Resilience Program webpage or stay in touch via the Program Yammer channel