Security Ticket round-up
Universities are increasingly relying on technology for teaching, learning, and school operations. Concurrently, threats to cybersecurity persist and are constantly evolving. With an ever-growing number of cyber-attacks on critical infrastructure, online commerce and the private sector worldwide, security experts are finding that their work has become a never-ending race against attackers.
Likewise, Northwestern University and Weinberg College of Arts and Sciences are not impervious to information security related attacks and compromises. Over the last two years, Weinberg College IT Solutions (WITS) has increased security initiatives for the College including encrypting all newly imaged hardware, devoting time and resources to security education, and numerous infrastructure changes.
You remain a critical partner in keeping our data and systems safe. I’ve analyzed this past year’s support request activity to look at some security trends in the College. During the 2018-19 academic year, the university saw an increase in security related incident reports, most of which were related to phishing attempts. Weinberg College reported roughly 60% of all the incidents; surprisingly enough, a very low percentage of incidents amounted to an actual account compromise.
These numbers indicate that the Weinberg College community is paying close attention to phishing scams and reporting them. Thank you and keep it up! Please follow our security blog, review our security articles, and send any suspicious email to security@northwestern.edu. We’ll keep working so that our security awareness communications efforts and increased discussions about security are useful and relevant to you.
Scammers are getting smarter by making very legitimate-looking emails, while also targeting individuals in a more sophisticated way. However, our faculty and staff are not biting the hook as easily as in years past. The graphic below reflects in part how each division in Weinberg College is being targeted and the number of incident reports that the IT department receives.
A high number of incident reports demonstrates that a department is actively reporting phishing and malware attempts. If you suspect an email is a phishing attempt, you can check Northwestern IT’s “Scam Email Attempts” webpage. This page documents phishing attempts that are being seen across campus. Do you think your department or program has a good sense of when they’re being targeted?
Alongside reporting suspicious emails, we can’t emphasize enough how crucial it is to keep up to date with security patches, for both operating systems and applications, in order to keep the number of malware infections to a minimum. Northwestern IT support operations use the tools KACE and JAMF to send updates and patches to your computer. (Learn more about those tools and ongoing protection here.
Northwestern University and WITS actively collaborate to ensure that phishing attempts become less of a risk and nuisance. It is our hope that with the adoption of Microsoft Exchange Office 365 (email service) in the near future, we can enable better tools to recognize and report phishing emails within our Webmail and Outlook email clients.
Thank you for your work detecting and reporting suspicious emails and malware over the last year and let’s make the next academic year even more secure.
Back to top