Information Security and Privacy (ISP) is a subject that concerns everyone:
The VUB uses a range of technologies and procedures to manage the ISP risks. However, the most important link in the VUB defence are the VUB staff. They can be the strongest or the weakest link. Let’s make them the strongest.
To make staff aware of their role in ISP, every year we conduct an ISP Awareness campaign. In 2018, the focus was on presenting ISP and its representatives, the Chief Information Security Officer (CISO) and the Data Protection Officer (DPO). For 2019, we are concentrating on a few basic principles which every staff member needs to be aware of:
These are the basic principles that all staff members need to master and apply consistently. All it takes is one small error to infect a computer and put the entire VUB in danger.
The need for phishing test e-mails.
The VUB, like every other organisation, is attacked as regular as clockwork. In the majority of cases, the attacker tries to install a virus or steal data. Phishing attacks, where a scammer tries to obtain sensitive information (username, password, credit card number, etc.), are one of the biggest information security challenges. Phishing constantly features in the annual top 5 of attack techniques used.
N.B.: Companies do not usually request sensitive information by telephone or e-mail. So be on your guard if you get a phone call or an e-mail like this.
If you receive a suspicious e-mail, it’s best to report it to firstname.lastname@example.org. You can do this by adding the suspicious e-mail as an attachment. Do not forward suspicious e-mails. If you do, technical information that the helpdesk may need will be lost.
To make it easier for Office 365 users to report phishing, as of the second half of November a button is being added in Outlook (both desktop and mobile version) and the online webmail:
You select the e-mail in the overview and click on this button. The suspicious e-mail is then automatically sent to the helpdesk. The helpdesk staff will contact you if they need more information.
If you have entered your username and/or password after all, change your password immediately. If you have passed on bank details, contact your bank straight away and freeze your card via CardStop (https://cardstop.be/en/home.html).
Three test phishing e-mails were sent out in 2018.
The difference between the first and the last test confirms studies on this subject: phishing tests have a positive effect and reduce the risk for the organisation. Sufficient reason to send out test phishing e-mails again in 2019. You have been warned!
Finally, you are warmly recommended to play the short informative films under Awareness. Be sure to watch the brief demonstration film on voice phishing (phishing by telephone). You will find several examples of actual incidents and GDPR (fines) under News. The official ISP Standard (and principles), Sub-Standards, Guidelines and Hints & Tips can be found under Standards.
Wessel Damen Jan Paredis
Data Protection Officer Chief Information Security Officer