• (855) 752-5212
Free Quote
  • Services
      • Managed IT & Cloud

      We support RIAs with...

      • Managed IT Services
      • Cloud Services
      • Cybersecurity
      • Business Continuity
      • IT Compliance
  • Learning Center
  • About Us
      • Our Story
      • FAQ
      • Team
  • Contact Us
  • Back to Learning Center

Cybersecurity incidents – SCAM OF THE MONTH

  • Blog
security-g94c065bc1_1920

Dennis started a new job at a local university. He received cybersecurity training as part of his onboarding, but he didn’t pay much attention. He’s received similar training in the past and knows all about strong passwords and what to look out for in a phishing email.

Dennis’s third week of work was during finals. Students were cycling in and out of his office, and coworkers were blowing up his email. In between meetings with students, he would go through his inbox as quickly as he could, skimming over content and prioritizing tasks that would take the least amount of time.

When Dennis came across an email asking him to confirm his new account, he clicked the confirmation button, plugged in his credentials (which were the same across all his university accounts), and filed the email away as another task completed.

Soon after, the university experienced a ransomware attack. The networks were compromised and rendered the school Wi-Fi unusable. They were forced to cancel all online and hybrid classes, and finals were forced to be extended, impacting graduation.

Did you spot the red flags?

  • Dennis didn’t pay attention to his onboarding because he thought he knew the content, but such training could have provided him with university specific cybersecurity best practices
  • Dennis used the same credentials across all university platforms, even though he claimed to have known about strong passwords. There is a difference between knowing, and doing, and in order for cybersecurity training to be effective, the knowledge learned must be put to use in order to protect data.

What you should know about this scam

In academia, it is often the responsibility of IT to provide privacy governance, but a community culture that emphasizes everyone’s duty to protect data would help serve all organizations.

Universities face a unique vulnerability with a large portion of their users living “on site,” and experiencing high turnover. Addressing concerns that are specific to a company’s niche could prevent scammers from targeting such weaknesses.

For universities, January and May sees a peak in cybersecurity incidents. This is during finals when students and staff are busiest. Other institutions may also find that their busy season corresponds with an increase in unintentional data disclosures.

Share:

CONTACT INFO
RIA WorkSpace
  • 8770 W Bryn Mawr Ave
    Suite 1300
    Chicago, IL 60631
  • Toll Free: (855) 752-5212
  • Fax: 877-415-0059
NAVIGATION
  • Services
  • Learning Center
  • Get Your IT Risk Score
  • Blog
  • About Us
  • Contact Us
SIGN UP FOR FREE RIA TECH TIPS
  • This field is for validation purposes and should be left unchanged.

©2022 RIA WorkSpace. All Rights Reserved.

Privacy Policy