The recent WannaCrypt/WannaCry attacks targeted hundreds of thousands of computers around the world, locking users out of their own data. The havoc caused in every instance was initiated by a user opening an attachment or clicking on a link in a phishing email. Its devastating spread was enabled by a vulnerability stolen in a hack on the NSA (America’s cyber-security service).
The University has defences in place to help manage and reduce our risk (regular patching of machines, spam filters, firewalls, etc) but there’s still the opportunity for recently discovered vulnerabilities (called zero-days) to side step these measures.
Attackers are becoming more sophisticated and persistent – both Facebook and Google were recently phished for over $100 million whilst overall it’s estimated that just over £14 billion was lost in the UK to online fraud last year, 90% of which is irrecoverable.
Each and every one of us is the last line of defence to ensure such attacks don’t gain a foothold within the organisation. Please be aware of any unusual or out of the ordinary emails, especially those that look like they are sent by colleagues but:
- are unsolicited
- impart urgency
- carry an explicit or implied benefit/threat
- expect you to take an action (click on a link, divulge information)
- have spelling mistakes or unusual grammar
For more information about keeping yourself and the University safe, please visit our IT Security blog. You can subscribe to keep up-to-date with the latest advice.