In April, the University launched the Secure UD "Take a BITE out of phish!" campaign. This enhancement to Secure UD Training helps improve our community's awareness of phishing attacks and the danger they pose to personal information, devices, and accounts.

Members of the University community can help protect themselves, each other, and our institution by remembering "BITE":

• Be aware of the threat
• Identify the warning signs
• Tell us about suspicious messages
• Erase phish from your inbox.

How it works

Each month, as part of the "Take a BITE out of phish!" campaign, a randomly-selected sample of employees will be presented with a harmless test phish that mimics the real attacks being launched against the University community. The campaign is intended to raise awareness—not to deceive or trick. Employees will not be punished for falling for test phish. If an employee falls for a test phish, he or she will see a message about the "Take a BITE out of phish!" campaign and resources to help become more successful at recognizing future phishing attacks.

Employees are encouraged to be aware of the threat posed by phishing attacks and report suspicious messages immediately by forwarding them to reportaphish@udel.edu. Phishing emails sent to reportaphish@udel.edu, including test phish and real ones, are annotated and posted to the Secure UD Threat Alerts blog.

Our first test

In April, the University ran the first "Take a BITE out of phish!" test. In this baseline assessment, test emails were sent to all 7,119 employees enrolled in the campaign. Only 273 employees (3.83%) clicked on the suspicious link, and 161 employees reported the phish by forwarding it to reportaphish@udel.edu.

These results are a tremendous improvement over the University's two previous phishing tests. In June 2015, 25% of test phish recipients clicked on the suspicious link, and in February 2016, 18% of recipients did so.

April's phishing test shows that our community has made great progress in security awareness. Most organizations expect to see single-digit click rates only after several months to a year of testing. Although a perfect 0% click rate is impossible to achieve, continued testing, training, and awareness can help manage much of the risk to our community and our University. Cyberattacks continue to evolve, and a well-informed and vigilant community is our greatest defense against them.

Why it matters

The importance of increased and ongoing phishing awareness was recently highlighted by the massive and very real Google Drive phishing attack and the ransomware epidemic that crippled the United Kingdom's National Health Service.

During the first week of May, thousands of organizations and millions of accounts received phishing emails that imitated Google Docs invitations. Clicking the link and giving permission to the fake Google Drive app would compromise a victim's account and allow the attacker to then send the same phishing email to addresses in that account's contact list.

Last Friday, the news exploded as 40+ National Health Service trusts, the backbone of the UK's healthcare system, were shut down by ransomware. Dubbed "WannaCry," this strain of malware encrypts files on computers and network drives and demands payments ranging from $300-600+ for their return. WannaCry is also designed to spread across networks to attack as many vulnerable devices as possible. As the ransomware raced across the UK and into 150 other countries, patients were denied medical care and businesses crashed.

While incidents like these are highly visible in the news and are good examples of what can happen when cyberattacks are successful, these are far from rare occurrences. Hackers are always searching for and trying new ways to exploit people, organizations, and countries.

Even as our community becomes more aware and phishing test scores continue to improve, regular training and continued watchfulness are important to protecting ourselves, each other, and our University from cyberattacks.

How you can help

You can help protect our community against phishing and other cyberattacks simply by being aware of them. If you identify a suspicious email, forward it to reportaphish@udel.edu. You can also report other kinds of cyberattacks and security risks by emailing secadmin@udel.edu.

May's phishing test is coming up soon! See if you can spot our test phish and forward it to reportaphish@udel.edu!

You can learn more about the dangers of phishing and how to keep yourself, our community, and our University safe by completing the "Social Engineering" and "Email, Phishing, and Messaging" modules of Secure UD Training. Phase I of Secure UD Training, which includes these and other modules, will be available until September. Approximately 1,000 employees have started or completed Phase I so far. Join your colleagues in helping Secure UD: complete your training today!

Unit heads who would like to arrange a phishing test for their unit, or who would like a report of Secure UD Training completion across their unit, may request one by contacting secadmin@udel.edu.

Take action! Complete your Secure UD Training and help take a BITE out of phish!

As the spring semester winds down and students, faculty, and staff alike look forward to some well-deserved vacation and travel time, it's important to keep your security in mind.

We've put together our top five tips for traveling securely. Follow these recommendations to help protect your data, devices, and identity during your trip!

1. Set passwords or passcodes on your laptop, tablet, and smartphone.
2. Encrypt your laptop, tablet, and smartphone to protect your data if your device is lost or stolen.
3. Back up your laptop, tablet, and smartphone before you leave.
4. Use VPN, not public Wi-Fi, to connect securely to the Internet or to University resources.
5. Don't leave your devices, passport, or other belongings unattended in public.

To learn more about keeping your data, your devices, and yourself safe while traveling, complete the "International Travel" module of your Secure UD Training. You can also read the full list of travel security tips on the Secure UD website.

Take action! Complete your Secure UD Training, and stay safe and secure this summer!