Cyber security threat: actions required
(4 September 2020)
On Wednesday you should have received an email asking for your support in maintaining the security of our IT systems. Please take the time to read it carefully and follow the actions requested. For convenience, click below for the full message.
We are aware of recent media reports of malicious cyber activity in the region, and colleagues have reported an increase in phishing emails. We take the security of our IT systems very seriously. To support this, we need everyone to be vigilant to suspicious activity and to practice good cyber hygiene. Please read this message carefully and follow the actions below.
What we need you to do…
• Be alert to and report phishing
Phishing is when a fraudster sends an email or text seeking information that might help them commit fraudulent activity, such as identity theft or bank fraud.
Recently, colleagues have been receiving emails that appear to be from a named member of University staff, but are fraudulent. To check the true source of an email, click ‘Forward’ to reveal the full email address of the sender.
Possible indicators of a fraudulent email include: absence of a University signature, use of unusual language and spelling errors.
Please: be careful with hyperlinks (hovering over a link will show you the destination URL); don’t open attachments you’re suspicious of, and; report the suspicious message. You can do this by using the 'Report Message' button from the Microsoft Outlook desktop client (top right corner of the email window)
If you are using the web email version, click the “More actions” button in the top right corner of the email window; you can find the “Report Message” second last on the list of options. Alternatively you can forward the message to: firstname.lastname@example.org
• Be alert to malware
Malware is short for “malicious software”, such as viruses or ransomware.
Please: ensure your device has a firewall enabled and anti-virus software installed; keep your software up to date; back up your information regularly; be careful when downloading software (CIS managed devices will have appropriate settings applied and updated) and; on mobile devices, be suspicious of applications asking for too many permissions.
• Keep your passwords secure
Use a minimum of 10 characters, don’t share your passwords with anyone, avoid using the same password for multiple accounts, use a password manager and enable multi-factor authentication where it is available.
More detailed guidance is available on the Computing and Information Service (CIS) web pages: https://www.dur.ac.uk/cis/security/staysafeonline/
Thank you for reading, and for your vigilance.
Director of Information Systems