Despite the massive number of blocked emails, it’s the few that do make it through that cause the greatest concern for USask Chief Information Security Officer Jon Coller and his team in the Office of the Vice-President, Finance and Resources.
“Universities are popular targets for two big reasons,” Coller said. “First, we are a large organization and there are a lot of individuals to be targeted. There is value in the individual accounts, whether it be gaining access to their paycheques and payment information, or to any online accounts tied to their university email. Second, the university completes a large number of bill and invoice payments, so there is the opportunity to steal or funnel that money away.”
For criminals, the first step in carrying out a cyberattack typically involves gaining access to an individual’s credentials or their email account through phishing.
“Given our reputation, the value of using a USask email account to send out fraudulent emails is higher than when it comes from a Gmail or Hotmail account,” Coller said.
To help in the fight against cyberattacks, USask’s Information Communication Technology (ICT) department is continually advancing its security practices to keep pace with cyber criminals.
One of the ways Coller and his team are helping to protect individuals is through end user awareness and training.
“We run phishing simulations, so that users can see phishing messages and are provided immediate feedback,” Coller said.
To help safeguard against an email cyberattack, Coller touched on a few simple techniques that everyone can use.
“It’s OK to be skeptical of requests sent by email, especially if you don’t know the person requesting the information,” he said. “We also encourage you take the extra few seconds to check the sender’s email address—is the email actually coming from who it says it is.
“Finally, if you receive a suspicious email or have clicked on something that you think could be phishing, forward the email immediately to firstname.lastname@example.org so the IT Support experts can check to see if the email is legit.”
October is Cybersecurity Awareness Month and the ICT security team is hosting a number of cybersecurity-related events to help increase awareness of cybersecurity at the university. To learn more, visit: itsecurity.usask.ca