Cyber security is a critical concern for organisations of all sizes. With the proliferation of connected devices and the increasing sophistication of cyber threats, in particular ransomware, it is essential for organisations to take a proactive approach to cyber security.
Information Services are making changes to systems and services to ensure they are protected against threats.
The main areas for change are:
Ensuring that all AU owned devices connecting to the network are up to date and secure
All University owned devices will need to comply with the Device Management Policy. This includes computers, laptops, tablets and mobile phones.
An audit of existing devices will be carried out to identify:
- those that are AU owned and not currently centrally managed
- those that will not comply with the policy due to age and specification
Information Services will contact departments to arrange the allocation of new devices where appropriate.
Ensuring that all software on AU owned devices is fully supported by the manufacturer
Installation of software on AU owned devices will need to comply with the Software Management Policy
Software will be made available through the Company Portal (Windows) and Jamf Self Service (Mac).
Ensuring that all personally owned devices connecting to the network are up to date and secure.
All personal devices accessing University resources, for example, Office 365, SharePoint, Teams or other cloud hosted software, applications, services and environments, including connecting to the University network via VPN will need to comply with the Bring your own Device (BYOD) policy
Ensuring that all systems and servers are up to date and secure
All systems and services will need to be managed in compliance with the Vulnerability Management Policy
An audit of existing servers and hosted services will be carried out to identify:
- those that require updating those that will not comply with the policy due to age and specification
- Information Services will contact departments with any action required.
Ensuring that access to services is protected by multi-factor authentication
All solutions must comply with the Software as a Service Policy
An audit of existing services will be carried out to identify those that require updating.
Information Services will contact service owners to discuss any updates