Skip to main content

Working remotely leads to increased cybersecurity risks

Update | Tuesday, July 21, 2020

As many of the nation’s companies and institutions have turned to remote operations, the threat from cybersecurity criminals has increased. Columbus State is no exception. As a test, the IT Security Office sent a false, college-produced phishing email from phony email addresses. The test had a two-fold purpose: first, to see how many people fell for the emails, and then to educate staff and faculty on the dangers.

The staff and faculty email was sent on July 8. The email appeared to be sent from Rick Hatcher, vice president of Administration. The subject line was marked [EXTERNAL] Urgent Request. The email message said that Hatcher was stuck in a meeting and asked to order $500 worth of gift cards for him.

When the link was clicked, it led email users to an informational screen set up by IT Security that highlighted the risks and provided awareness on how to spot phishing emails.

Of the 1,142 employees that opened the email, 20 of them clicked on the link. While that’s less than 2%, it could still represent a serious threat if the link contained malicious malware. Had it been an actual malicious link, it would not only be a threat to the College, but also to the individual’s electronic devices at their home where they are working remotely. 

(A recent Business News Daily article highlights the risks of working from home. Read it at this link.)

“These simulations are a great start to improving awareness of digital threats, but they don’t fully reflect the sophistication of phishing attacks seen on campus,” says Ben Dalton, information security officer. “Our goal is to help people understand their role in protecting information. When in doubt, the best option is to report it immediately.”

Phishing is a form of cybercrime that uses email and other methods to trick people into divulging sensitive information such as passwords, credit card details, payment information, and more.

Common indicators of phishing:
1. Deceptive email address
2. Marked EXTERNAL
3. Starts by asking: “I’m in a meeting, are you available for a quick task?”
4. Requests for gift cards
5. Request to “update your information”

Report suspicious or phishing emails:
abuse@cscc.edu or call the IT Support Center at 614-287-5050.

Click here for cybersecurity tips for working remotely.

 

Go to 2020 Update Archive Go to Employee Update

 

Latest Update Stories