People are an organization's most important asset. Regardless of its mission, field, or size, an organization's people are its driving force.

To help empower our institution's employees, the University offers Secure UD Training. As cyberattacks continue to make headlines around the world, it's more important than ever for each of us to be aware of and prepared for cybercrime and other computer- and information-related risks. Secure UD Training's modular, online, self-paced design equips employees with the vital skills and knowledge they need to protect themselves, our community, and our University against the threats of the digital age.

2018 Secure UD Training will be released during the last week of February and the first week of March. As with last year, training will be delivered in two phases:

• Phase I will be released at the end of February and will remain available until the end of September.
• Phase II will be released at the beginning of October and will remain available until early 2019.

Employees are strongly encouraged to complete 2017 Secure UD Training before the end of February, and to complete the phases of 2018 Secure UD Training as they become available.

Department heads may request a report of training completion within their units by emailing secadmin@udel.edu.

Take action! Complete your 2017 Secure UD Training today!

At the beginning of every year, cybercriminals get busy trying to scam the IRS out of refunds by filing fake returns using unsuspecting taxpayers' identities. They may also try to trick employees into providing W-2 files, which contain much of the information that helps the scammers perpetrate tax fraud.

Watch out for emails requesting copies of W-2 files. Scammers will impersonate presidents and other executives to request W-2s, wire transfers, and other information or payment.

Also, be wary of phone calls or emails claiming to come from the IRS. Scammers often try to pressure victims into believing they owe backtaxes, fees, or fines.

Always verify a request for sensitive personal or University information before providing any, and always encrypt sensitive files before emailing them. If you receive any suspicious emails demanding personal information, payment, or W-2 files, help us respond by forwarding those emails to reportaphish@udel.edu.

Take action! Watch for suspicious emails and forward them to reportaphish@udel.edu.

As announced earlier this month in UDaily, all UD employees and students can now access Microsoft Office 365 Online, including Microsoft OneDrive. As a result of this change, access to many Microsoft products and services is now protected by Microsoft's Multi-Factor Authentication (MFA).

Microsoft MFA is an authentication system similar to, but separate from, UD's two-factor authentication (2FA) system. Employees using Skype for Business, Office 365, OneDrive, Exchange Online, and other apps are now using MFA to protect their work.

IT Client Support & Services (IT-CS&S) is currently migrating UD Exchange users to Exchange Online, unit by unit. Hosting UD Exchange users on the MFA-protected, cloud-based version of Office 365 dramatically improves the security of University accounts and makes it easier for Exchange users to protect their personal information and the University information entrusted to their care. Protecting UD Exchange accounts with MFA also reduces the University's risk exposure under new provisions of the Delaware Computer Security Breach law (Title 6 § 12B-103 of the Delaware Code).

Take action! Set up MFA and try Office 365 Online.

The Secure UD "Take a BITE out of phish!" campaign is an ongoing phishing awareness enhancement to Secure UD Training. Each month, a selected sample of employees will be presented with a harmless test phish that mimics the real attacks being launched against the University community. The tests are non-punitive and are intended to reinforce awareness and skills for recognizing suspicious, potentially dangerous emails. Annotated versions of test phish and real phishing attacks are posted to the Secure UD Threat Alerts blog.

As part of this initiative, the University introduced reportaphish@udel.edu. Members of the University community who receive a suspicious email should forward it to reportaphish@udel.edu for review. Your watchfulness helps us keep our community safe from cybercriminals.

Since its introduction in the spring of 2017, the "Take a BITE out of phish!" campaign has enjoyed positive engagement with the University community. In the last nine months, University community members have forwarded over 3,600 suspicious emails to reportaphish@udel.edu. At the 2017 Tech Fair, faculty and staff shared with IT how they were using the monthly tests as a fun way to practice their skills and raise awareness within their teams.

Help UD take a BITE out of phish:

• Be aware of the threat
• Identify the warning signs
• Tell us about suspicious messages
• Erase phish from your inbox

Department heads may request phishing tests of their units, as well as Secure UD Training reports for their units, by emailing secadmin@udel.edu.

Take action! Forward suspicious emails to reportaphish@udel.edu.