In November, the WashU Information Security Office (ISO) issued a mandatory email safety training in an effort to improve the university’s cyber defenses against phishing, a common cyber attack. The training focuses on identifying types of phishing schemes, recognizing the warning signs of scams and knowing who to contact if things seem phishy.
Phishing is the most common type of cyber attack affecting organizations like ours. Phishing attacks can take many forms, but they all share a common goal of getting the email recipient to share sensitive information—such as login credentials, credit card information or bank account details—resulting in identity theft and usually financial loss.
In 2016, the ISO detected and investigated 125 phishing campaigns targeting the WashU community where a total of 85 accounts were compromised. This year, however, the number of detected phishing attacks decreased to 50 but with an increase of 128 accounts compromised. As cyber criminals become increasingly more slick in their approach, arming the university community with information about the latest attack tactics is important. In 2018, the ISO will launch a series of cybersecurity awareness training modules and awareness communications to help improve the university’s defense against future threats.
The email safety training can be accessed through Learn@Work and will take approximately 10 minutes to complete. All current WashU faculty, staff and students are required to complete the training by December 31, 2017. This training will be a new requirement for all new faculty, staff and students going forward.