In light of the recent phishing attack we faced last week, I cannot stress enough the critical importance of personal cyber hygiene in safeguarding our institution against these malicious threats. It's disheartening to note that many of our colleagues inadvertently fell victim to this attack, leading to unauthorized access to their Springfield College credentials. In the aftermath, it is vital that we collectively take proactive measures to prevent such incidents in the future.
It cannot be emphasized enough: 74 percent of all data breaches stem from human errors. This statistic underscores our need for unwavering vigilance to protect our valuable data and uphold the integrity of our systems. It highlights the rationale behind our strategic shift towards the principle of least privileged access over the last few years. This approach ensures that even in the event of a breach, the amount of sensitive data exposed remains limited, thereby significantly reducing potential damage.
To that end, I urge each and every one of you to consider the following steps as an integral part of your daily online practices:
- Verify Suspicious Communications: If you receive an email or message from a familiar source but notice any unusual elements such as typos, poor grammar, odd requests, or you are simply not expecting the email, exercise caution. Reach out to the sender via an alternative method of communication, such as a phone call, to verify the authenticity of the message.
- Think Twice Before Clicking: Be cautious when dealing with unsolicited emails, especially those from unfamiliar senders. Avoid sharing personal information, clicking on suspicious links, or downloading attachments from such messages.
- Spot the Red Flags: Keep an eye out for errors in emails. Phishing attempts often contain spelling mistakes, grammatical errors, or language that doesn't align with our professional standards. Genuine communications uphold the quality we stand for.
- Inspect URLs Carefully: Before clicking on any links in emails or messages, hover your cursor over them to reveal the URL. Be particularly cautious with shortened or mismatched URLs. When in doubt, refrain from clicking to avoid potential risks.
- Strengthen Your Defenses: Craft strong and unique passwords for your various online accounts. Using distinct passwords for each account reduces the risk of multiple accounts being compromised in the event of a breach.
- Stay Informed: Familiarize yourself with the latest phishing techniques and scams. Stay up-to-date on common indicators and evolving tactics employed by cyber attackers. Knowledge is a powerful defense.
By diligently adhering to these guidelines, we fortify our collective cybersecurity shield and minimize the chances of falling prey to phishing attacks. We are not simply protecting our own accounts but also safeguarding the reputation and integrity of Springfield College.
If you have any concerns about the recent attack or suspect that you may have been targeted, please immediately change your password at password.springfield.edu. For those whose accounts were disabled, contact the Technology Support Center (TSC) for assistance in re-enabling your account.
Your proactive stance is paramount to our success in mitigating cybersecurity risks. Let us continue to work together to maintain the highest standards of personal cyber hygiene and ensure a secure digital environment for our entire community.
Best Regards,
Anthony Mutti
Chief Information Officer
Springfield College
Information & Technology Services