Skip to content

Cyber safety

Cyber safety is everyone’s responsibility. Cyber criminals are always working on new ways to access data so it is important to understand how to protect yourself, your personal information, and UniSQ.

Learn more about the Cyber Security Strategy 2021 - 2025.

Get Ready for Duo MFA (Multi-Factor Authentication)
In 2024, UniSQ ICT Cyber Security will be progressively rolling out Duo MFA (Multi-Factor Authentication) to students. This change is part of UniSQ’s ongoing efforts to reduce cyber security risk and to protect UniSQ systems.

Your UniSQ password gives you access to your files and systems such as the Student Centre and StudyDesk. To keep yourself and UniSQ safe, ensure you never use your UniSQ password on any other site, account or app, and never share your password with anyone (we will never ask you to disclose your password).

Passphrases are a stronger, easier to remember type of password and are highly recommended as they are harder for hackers to crack. Passphrases use real words, are very long and often contain numbers and symbols to add to the complexity. The best passphrases are those that use a random mix of words, e.g. PineapplePetaPoursPort3timesaday

Creating strong passphrases
Find out more
DUO Multi-factor Authentication (MFA) helps protect your data by adding an extra layer of security when logging into UniSQ systems. 

Multi-factor is known also as two factor authentication (2FA) as it requires two separate factors to identify yourself.

  • Something you know (your UniSQ Username and Password)
  • Something you have (code or push notification sent to your mobile, push notification, hardware token etc)

MFA is extremely effective at preventing malicious cyber-attacks as the they do not have the “something you have” factor.

Below are some helpful AskUniSQ articles for students:

What is Duo and Multi-Factor Authentication?

How do I add Duo to my Phone?

How do I enrol for Duo Multi-Factor Authentication (MFA)?

What about my privacy with the Duo mobile app?

For staff please refer to the ServiceHub Knowledge Base article Duo Multi-Factor Authentication.

Portable storage devices like USBs and hard drives are a convenient way to store and share data, however it is important to be mindful of the following: 

  • What type of information you are storing on the device? Is it research data, confidential documentation or maybe your Thesis? If you need to save sensitive content, consider an alternative storage solution that cannot be easily lost or stolen by an unauthorised party. 

  • Where are you using the device? Plugging storage devices into multiple computers increases the risk of cross contamination. If you have picked up a virus or malware in one machine, you may infect subsequent devices you connect to.

  • How did you obtain the device? Targeted hacking can occur when USBs or portable hard drives are left in places where students can pick them up, thinking they are lost or unwanted. When these devices are plugged in, a virus or malware can be automatically downloaded, creating a gateway to your data as well as the University's network. Avoid looking at the contents of a unfamiliar storage devices and pass these onto the ICT Client Support at your campus.

UniSQ offers all students free, anti-virus software called Sophos as Home. This software constantly monitors your computer and mobile devices for threats such as malware, viruses, trojans, worms, bots, and unwanted apps.

Sophos at Home can be installed on up to ten Windows or Mac computers plus Apple and Android tables and phones. 

Installing Sophos at Home
Find out more

Phishing is when cyber criminals email, text or phone you with the goal of tricking you into sharing sensitive information or data (such as usernames, passwords, credit card details).

In email and text communication, it can involve asking you to click on a link that will download malware or a virus onto your device if opened. Be aware of the following:

  • Anyone asking for your password or asking you to click on a link and enter your password. UniSQ and other reputable organisations (e.g. Banks, Tax Office, Centrelink) will never ask you to disclose your password. If you think the message is legitimate, avoid clicking on the link within the message. Navigate to the website and sign in from there.
  • Spelling mistakes. Emails with spelling errors are a common indicator of a phishing attack. If you are unsure, contact the company directly.
  • Generic greetings. Be careful of messages beginning with a generic greeting like ‘Dear Customer’. Legitimate emails are likely to use your name which the company will have on record. 
  • Email addresses that don’t look right. Any emails sent from UniSQ will end with Be careful of email addresses that are similar, but not the same e.g. etc.

Protect yourself by looking out for suspicious emails, texts and phone calls. If you are ever unsure, check with the ICT Client Support.

For more information watch our short Don’t Get Phished UniSQ video.   


Phishing attacks
Learn more
A simple way to protect your mobile device is to keep it updated. Android and IOS updates often release new security features or fixes and the sooner you update your device, the sooner your device will be more protected.

New scams and cyber attacks are being created all the time which makes it difficult to know what’s real and what isn’t. The Australian Cyber Security Centre (ACSC) Alert Service is free for Australians and provides easy-to-understand online security information about recent online threats and vulnerabilities within an Australian context. The service also provides solutions to manage risk to devices or computer networks.

Cyber Alert Sevice
Sign up now
When an organisation is hacked, cyber criminals can steal customers information which can then be sold to unauthorised parties. This information can then use it to try and break into online accounts and apps. Checking your passwords and emails is a simple, quick way to check how cyber safe your accounts are right now.
Check your security
Find out more

Reporting cyber security incidents

If you receive a suspicious email or are concerned about someone requesting information about yourself or the University, it's important to know what action to take.

Any serious cyber concerns, particularly regarding your UniSQ account, sensitive research or university information, should be reported to UniSQ's ICT Cyber Security team at so that the matter can be investigated further.

Email, phone calls and texts. If you receive a suspicious message, but have not clicked a link or opened an attachment, simply block the sender, and delete the message. If you are concerned your UniSQ account may have been compromised, please contact iconnect as soon as possible.

Online abuse. The eSafety Commissioner website has many resources to assist Australians deal with online abuse like cyberbullying (under 18), image-based abuse and illegal and harmful content.

Foreign interference. If you have any concerns regarding foreign interference, please contact the ICT Cyber Security team at so that the matter can be investigated further.


The Australian Government eSafety Commissioner website offers an extensive collection of educational resources and support information regarding online safety. 

Test your knowledge

How well can you identify a phishing email? Test your skills. 

Need help?


+61 7 4631 1900
8.00am - 5.00pm (AEST)
Monday to Friday

Staff ServiceHub