What to do when retiring your old mobile device

Have you recently upgraded your mobile phone, or are you thinking about it in the near future?

With the continual innovation of new technology, the life expectancy of your mobile device can be as short as three years before you need to update – or maybe you elect to update sooner to stay on top of the newest releases.

So what should you do with your old device? Recycle it, of course!

Griffith is committed to finding sustainable solutions for our end of life electronics as part of our E-Waste and Sustainability campaign. To facilitate this, there are E-Waste recycling stations at each campus library, as well as the EcoCentre and various student centres.

However, just as you wouldn’t leave a public computer without logging out of all your personal accounts, don’t forget to remove your personal data from your mobile device before disposing of it!

Lately, there has been an increase in the number of phones being dropped off to be recycled that still have access to the owner’s highly confidential data: private text messages, personal photos, online accounts and even banking passwords!  

To avoid the risk of having your accounts hacked or money stolen, it’s important to ensure you remove your personal data before your recycle.

Simply follow the checklist below, then get recycling!

  • Back up the device
  • Manually remove any personal information (a factory reset does not necessary delete all personal information)
  • Log out of online accounts  (iCloud, iTunes, App Store, Google Play, etc) and social media (Facebook, Instagram)
  • Manually turn off any ‘find my phone’ applications (i.e. Find my iPhone and Android Device Manager)
  • Unpair any devices such as Car Media or iWatch
  • Perform a factory reset
  • Remove your SIM card

For further information on the data management of your device before recycling visit the Recycling Devices webpage, or take a look at the tips on the Mobile Muster, Apple iOS, or Android websites.


Who has access to your Google Drive files and folders?

Painting of shocked person

Uh oh! Were you supposed to share that confidential document with all Griffith staff?

Sharing documents via Google Drive is a great way to collaborate with your colleagues, but it can also create some undesirable situations if sensitive information is inadvertently shared. And it’s easier to do than you might think.

Who said: ‘With great sharing power comes great responsibility?’ Was it Voltaire? Spider-Man? Winston Churchill? Theodore Roosevelt? Franklin D. Roosevelt? None of them! We will attribute this great (if somewhat slightly amended) quote to the Information Management Portfolio.

The nature of the content you share in Google Drive will dictate who you should share it with. Does your document contain personally identifiable data? Does it contain business-sensitive information such as passwords, security details, commercially sensitive details?

If so, please be aware that access to this information needs to be restricted and you need to take particular care in the management of your sharing settings for these documents.

Check out the How to change your sharing settings in Google Drive guide on the Information Management Communities Intranet site. It explains how to administer the file sharing permissions in Google Drive.

It is also worth remembering that Google Drive is great for collaboration but it is not a records management system. When you have finished collaborating on your document, it may need to be saved into a more appropriate repository for ongoing management.


How to protect your Google Apps account

Suspect suspicious activity? Contact Information Services on x55555

Suspect suspicious activity? Contact Information Services on x55555

Research data, personal information and sensitive documents are often the target of hackers who use this information for identity theft, financial fraud or a stepping stone to access other systems.  That’s why you need to take steps to protect your Google Apps account.

Griffith University staff and students are provided with a Google Apps account to communicate and collaborate. It is important to remain vigilant and be aware of any suspicious activity that may be occurring in this account. Read the rest of this entry »


These are the 25 worst passwords of 2015

passwords

Is your password on the naughty list?

We have all experienced the frustration of having to update our password for one of our gazillion computer accounts; email, Netflix, ASOS, Spotify, Instagram, PayPal, iTunes…

Then there are the passwords for uni. The security-conscious folk at Griffith Uni make us change our passwords regularly so we can keep our account safe from hackers. And we totally appreciate it! Who wants hackers reading your rejected Mills and Boon manuscript saved on your Google Drive?

But let’s be honest, it’s hard having to think of a password you haven’t used in the last 12 months. So inevitably, you may choose a password that is too simple, weak or just plain obvious (c’mon, have you ever used griffith for a uni password?).

So SplashData made a naughty list; the 25 worst passwords for 2015. The list is based on more than 2 million passwords that leaked online last year.

Check out the naughty list and see if any of your passwords are hacker-friendly. Here are a few offenders:

  1. 123456
  2. password
  3. qwerty
  4. login
  5. princess

Read the full article in this month’s issue of PC World, which is available to Griffith students and staff via the EBSCO database:

How safe is your password? For tips on keeping your password secure, go to Griffith University’s Secure passwords page.


Cyber security and small states

Cyber conflicts LAST Banner

You’re invited to a special Friends of the Library event

On Thursday 14 April Professor Emeritus William (Bill) Caelli AO will present his book “Cyber Conflicts and Small States”; posing the question: to what extent should, or can, a small country prepare itself for handling the broad range of cyber threats?

Adjunct Professor William Caelli is Director of International Information Security Consultants Pty Ltd (IISEC) and Adjunct Professor at Griffith University. He has 40 years’ experience in all aspects of information/cyber security and over 50 years’ experience in ICT.

The probability of a worldwide cyber conflict is small. Yet the probability of forms of cyber conflict, regional or even global, could be argued as being very high.

Small countries are usually signatories to military and economic alliances with major world powers but rely heavily on the technical ability of these powers in protecting their own national interests. They may be considered to be IT ‘technology colonies’. Their cyber infrastructure is usually fully imported and their ability to assess it is limited.

We’re inviting you to join us for an evening with Professor Emeritus William (Bill) Caelli AO who will explore his book’s themes of cyber-warfare, cyber-terrorism, cyber-crime and associated concerns. 

Register online

When

  • 14 April, 2016
    5:30 PM – 7:30pm

Where

  • G’s Restaurant, Griffith Health Centre (G40)
    Griffith University, Gold Coast Campus
    Parklands Drive
    Southport, Queensland 4222

Since it’s inception in 2010 the Friends of the Library network has been offering diverse and engaging events that aim to inspire, educate, inform and entertain the audience while exploring topical issues across the Library and Information Technology sector.

For more information about Friends of the Library membership or this event please contact friends-library@griffith.edu.au.


Your guide to spotting scammers

  • Email and phone scams have become increasingly common in recent years. Here’s how to avoid them:

You’ve no doubt received the emails congratulating you on your $1million inheritance from your long lost cousin, a Nigerian prince pleading for your urgent assistance or your exorbitant win in the lottery you never entered.

However, it’s important to remember online and phone scams aren’t always blatantly obvious or ridiculous. As awareness increases and technology advances, so too does the believability and sophistication of these hackers’ scams. So we’ve asked (scammed) Information Services Security Specialist Jeff Braine into providing some tips on how to separate the wheat from the chaff:

  • “Something just doesn’t seem right.” Trust your instincts if an email doesn’t seem quite right to you, even if you can’t put your finger on why. It doesn’t hurt to call the sender to check – just don’t trust the web address or phone numbers listed in the email. Look them up in Google or White Pages.
  • Never respond to an email that asks you to reply with personal information such as your tax file number, date of birth or your credit card details, even if the email comes from a company you trust. Email is often transmitted across the internet in unencrypted form.
  • Check the language and grammar. Most real marketing material is designed, proofread and typeset by professionals. This includes online marketing. If the email or webpage contains numerous errors, it’s best to be wary.
  • The age old saying “If it looks to good to be true, it probably is” is certainly valid here. If you didn’t enter a foreign lottery, you didn’t win it. Neither are there unclaimed thousands of dollars in the bank account of a deceased person with the same surname as you.
  • Griffith IT Support should never ask you to give them your password either over the phone or in emails. Emails which ask you to reply with your email address, username and password are definitely scams.
  • A common email scam claims your email account will be deleted if you do not respond with your username and password. These can look very convincing, but can be identified because the email’s wording was directly derived from your email address. For example, if your email address is John.Smith2@griffith.edu.au, the email might start with the salutation “Dear John.Smith2” or say that “your Griffith.edu.au email account will be deleted” or be signed “from the Griffith.edu.au support team”. Other versions of this email scam are given away by use of very generic or inappropriate language. For example, it may start with the salutation “Dear User”, which is a phrase Griffith’s IT Support are unlikely to start an email with. The email may go on to talk about “your Exchange email account” (Exchange is not the email system used by Griffith) or be signed off by “the webmail support group” (there is no such team at Griffith).
  • Griffith’s central password system sends out emails warning you when your password is due to expire. We’ve tried very hard to make our legitimate emails stand out from scams. Real notifications have the title “Griffith University Password Expiry Notification”, address you by your full name, and give you instructions on how to browse to the password change page. They DO NOT give you a link to click on to get to the password change page – scam emails DO.
  • If you receive a telephone call from somebody claiming to represent your bank, Telstra, Foxtel, Energex etc, remember that you only have their word that they really work for who they say they do. If they ask you to prove your identity before they can continue with the call, ask the caller for their name, department and a reference number and tell them that you will call back. You can then look up the appropriate customer support telephone number for the service/business in question using Google, White Pages etc.
  • If you receive a telephone call claiming to be from Microsoft saying that your PC or Mac has a virus, is an unlicensed copy, or is otherwise broken, then it’s a scam. Microsoft cannot equate your computer’s internet address to your phone number. This is a common scam at the moment.

Staff Email Security Alert

ICTS has received a number of reports of another bogus email being sent to Griffith staff and students.

This email claims that your email address will be deactivated if you do not click on a link and enter a number of personal details.

The examples we have examined have all come from Brazilian email addresses (they end with “.br”) despite the name of the sender being “Griffith University”.

This is another example of an identity theft attempt (otherwise known as a targeted “phishing” email). Its authors want you to click on the provided web link and enter in personal information that they can use or sell for the purposes of identity theft.

The text of these bogus emails is similar to the following:

We are experiencing some serious technical problems with our servers. Therefore, we would be shutting down all unused and unverified accounts. So to avoid deactivation of your account, you will have to re-validate your e-mail address by clicking on the link below.

This is followed by the clickable link and then ends with a copyright message  “© 2012 Griffith University.”

If you receive this message, please delete it without visiting the linked website. If you have visited the website, we advise you to virus scan your PC and also to change your Griffith password.

To change your Griffith password, click on the “Change Password” link on the lower right of the Griffith Single Sign-On page (you may need to log out of Griffith Portal to get to this page).

The security of your personal information and our systems is importance to us. If you have any queries about this or any other possible scams, please do not hesitate to contact and inform our security team at security@griffith.edu.au.

The Single Sign-On page where you can change your password