Cyber security guidelines for researchers

If you notice suspicious activity on your computer or UQ account, it might mean a security incident has occurred or is in progress:

• Immediately report any suspected incident and change your account password to ensure you have control of your account. 
• If you have lost your device, or sent information to the wrong person, report this too.

The impact of a security incident can depend on how quickly it is detected and responded to. Rapid reporting is vital.

The easiest way for an attacker to access your research is through your account details:

• Use a unique password or passphrase for your UQ account.
• Never share your password. If you'd like to grant others access to your email or files, there are secure ways to do this. Submit an IT request to find out more.

Find out more about passwords and account security and how to keep your credentials safe.

Take care that any email, message or call you receive is legitimate. Criminals will often impersonate organisations or people you trust in order to deceive you.

Be particularly careful of unsolicited emails or messages, and check any links for unusual URLs. Look out for warning signs, such as:

• a sense of urgency
• unlikely claims
• requests to confirm or provide personal or sensitive information
• unusual requests from a person or organisation you trust (even UQ).

If you're unsure if something is legitimate or safe, submit an IT request. You can also learn more about protecting yourself from malicious email scams.

Make sure your research data is stored correctly to ensure its security and integrity:

• Use the UQ Research Data Manager (RDM) to store and share your data. Data stored on RDM is backed up frequently and is well protected.
• Restrict access to your research data to only those who need it. Remove access for people who no longer require it.
• Only use removable storage devices (e.g. USB drives) when there are no suitable alternatives, and keep them physically secure – don't leave them on desks.
• Never insert an unknown USB drive into your computer – they can contain malware or other malicious content.
• Any storage devices that are no longer needed should be given to IT support.

Pirated software is likely to contain malware, so only use official versions of software from trusted sources such as:

• the Software Centre (Windows) or Self Service (macOS) on UQ computers
• the official website of the software provider.

Visit Software at UQ for any other software-related needs.

Poorly secured networks, particularly wireless networks, can allow attackers to eavesdrop and compromise security:

• Secure your home wifi network with a passphrase of at least 20 characters. This will make it much more difficult for others to access your network.
• Never use public wifi, which is highly insecure. If you require internet access away from work or home, use a personal mobile hotspot.

Find out more about using wifi safely and securing personal wifi networks.

The computing equipment you use may be compromised if it is poorly configured, contains vulnerable software, or is not protected by security software:

• Only use computers and infrastructure provided by UQ, or an organisation your are collaborating with.
• Install software updates when prompted by your system and reboot your computer at least weekly.
• Use your UQ email account for UQ work. Avoid using your UQ email for non work purposes.
• Make use of authorised cloud applications and collaboration tools, which have been carefully reviewed for security.

Information posted publicly online is visible to everybody, including potential attackers:

• Be mindful of what you post online and how it may be used. This information could be used by criminals to coordinate targeted attacks.
• Update the privacy settings for online platforms that you use (especially social networks) to limit visibility of your personal information and activity.
• Be careful not to post information that could be used by someone to impersonate you.

Mobile devices may provide access to your email or other personal or sensitive information. Make sure you keep your device secure by:

• setting a PIN, fingerprint or similar to unlock the phone
• turning on auto-lock
• turning on automatic software updates
• turning off Bluetooth when you are not using it.

Whether at home or in the office, simple and sensible precautions can be taken to protect your research:

• Lock your screen whenever your computer is unattended to prevent others from viewing or using it.
• Pay attention to unfamiliar people. Ask them who they have come to meet, or if they are lost or need help.
• Keep a clean desk, clear of printouts and other materials which may expose research information.
• Dispose of printouts securely so they can't be read.

There are additional security risks associated with travelling. IT support can provide personalised advice and support to help you travel securely:

• Submit an IT request whenever you are planning travel.
• Don't leave devices unattended while travelling.
• If you aren't taking UQ devices with you, leave them at work rather than at home.