Why should I report incidents?
Whilst Griffith has controls in place to detect and mitigate security incidents, the first line of defence is each of us. Reporting goes a long way to protecting staff and student identities, data and reputation and by reporting you help to reduce the potential impact of suspected incidents to the University and its community.
What does an incident look like?
Cyber security incidents can include a wide range of events and can be hard to spot.
Here is a short video to help you out.
Types of a security incident:
Phishing, vishing and smishing
A majority of phishing attacks occur via email but increasingly Griffith University is seeing attacks via vishing (phone calls) and smishing (SMS or Instant Messaging based). Attacks can also occur via social media or other social engineering methods. If you receive a malicious email or fall victim to these types of attacks they must be reported.
For more information on these types of incidents you can visit our phishing and other scams site.
Malware, ransomware
Malware is any type of software created to harm or exploit another piece of software or hardware. Short for “malicious software,” malware is a collective term used to describe viruses, ransomware, spyware, Trojans, and any other type of code or software built with malicious intent.
Ransomware is a type of malware that cybercriminals use to deny you access to your files or devices and demand you pay them to get it back.
Insider Threats
Insider threats are a security risk that originate from within the targeted organisation. These range from trusted staff facilitating plagiarism and fraud, to the theft of research and IP by visiting academics.
Unattended, lost, or stolen devices
Leaving a computer logged on and unattended, or leaving a computer unattended in a public area. Loss or theft of any type of computing device.
Unauthorised system access
Unauthorised system or network access can include hacking, data breaches, unauthorized privileged access (or access no longer required), website defacement, key stroke loggers loaded onto computers, or attempts to infiltrate systems via other means such as 'rogue' wireless access points.
Information disclosure
Sending sensitive information to the wrong person, losing a USB or other portable device with sensitive information, observing that sensitive information can be accessed without appropriate access controls.
Passwords
Leaving passwords in plain view of others, unintentional disclosure of passwords (e.g., via phishing victim, etc.), sharing of passwords, passwords hard coded into systems without appropriate encryption. For more information about password best practices you can visit our passwords site.
Reporting a privacy / data breach?
A privacy or data breach happens when confidential, sensitive or protected data, including personal information, is accessed, copied, transmitted, viewed, stolen or used by an individual unauthorised to do so, e.g.:
- Someone’s personal information is sent to the wrong person
- A database containing confidential information or research data is hacked
- An unencrypted and unlocked laptop or external hard drive goes missing
- A third party vendor supplying hosting, data processing or other technology services notifies of data breach
- Loss of hardcopy information that contains confidential information
Reporting a Privacy / Data breach
Reporting a suspicious email?
Via the Security Awareness tool, KnowBe4, staff and current students have a quick and easy way to report suspicious emails with the Phish Alert Button. Using this feature within your email will ensure the quickest way to alert the Cyber Security Team to commence an investigation.
To help understand the new process better, please see our Phish Reporting Help Guide.
Phish Reporting Help Guide.pdf (450KB)
Unsure what a scam looks like? Find out more on Phishing and Other Scams website.
Reporting a suspected security incident?
For all other incidents, contact the IT Service Centre by email ithelp@griffith.edu.au, phone (07) 3735 5555, or by chat below.
Please provide as much information as you can, such as:
- dates and times
- people and places involved
- any impact you are aware of
- any other background information or context
Griffith's Information Security Policy outlines further details about your responsibilities as a Griffith staff member or student.
Need help?
General enquiries
Access the Service Catalogue to see the full list of cyber security services available.
Or you can ask our friendly staff about IT products and services. Contact us by phone, email or chat.
