By Scott Strasser, March 17 2017 —
In order to address cybersecurity on campus, the University of Calgary will introduce an education program this spring to teach faculty and staff how to spot a phishing attack.
Phishing attacks are emails that attempt to trick users into providing sensitive information, usernames and passwords in order to access their accounts.
This spring and summer, the university will send “test phishing” emails to U of C staff and faculty members. If the user clicks on the link provided in the email, they will receive a pop-up that says they fell victim to a test phishing attempt. The pop-up will include information on how to avoid falling for future phishing attempts.
If a user falls victim to the university’s first email, they will be sent a second test. If they click on the link again, they will receive a personal phone call from an IT representative.
If a user clicks a test phishing link a third time, they will receive a visit from a university official and their supervisor, who will educate them further on how to spot a phishing attempt.
The U of C has worked to educate staff and faculty on how to spot phishing emails for over five years, mainly through posters and presentations at staff and board meetings. U of C vice-president finance and services Linda Dalgetty said the new program is “another tool in the [university’s] belt.”
“One of the pieces in the arsenal that is emerging as probably the best practice in terms of phishing education is to grab people by their computer and test phish them to see if they fall victim,” Dalgetty said. “None of it is about being punitive — it’s really just about how we can help with our education.”
A 2016 report from the Pomenon Institute — a research think tank dedicated to privacy and data protection — found that between 12 and 30 per cent of users will click on phishing emails. The report stated that companies that provide training programs notice vast improvements in decreasing their phishing email click rates.
“When you go tell your population ‘sometime between April and August, you’re going to be phished,’ that unto itself becomes a deterrent,” Dalgetty said. “If I know I’m being watched, I’m going to be more vigilant.”
Cybersecurity has been a priority at the U of C this year after the campus fell victim to a ransomware attack in May 2016. The U of C paid an unknown cyber hacker a $20,000 ransom to regain access to files.
According to Dalgetty, phishing emails are very common on the U of C’s servers.
“There’s not a day that goes by where at least one user is not phished [on campus],” she said. “A lot of people don’t even know they’re being phished and that’s why these programs are so important.”
Dalgetty said the test emails will be sent between April and August 2017. All U of C faculty members and staff will receive an email.