During the Spring Semester of 2018 WCU was under a persistent attack of phishing Email. The attacks were sophisticated enough to lure hundreds of students and many faculty and staff into giving up their login credentials. WCU’s response to these attacks has been a 3-pronged approach to reduce the phishing and protect individuals and university data if an account is compromised. The three major efforts have been:
Multifactor Authentication (MFA) – As of September 10th this will be in place for all WCU users for off-campus access to most IT resources. This protects compromised accounts by requiring something besides a password, such as a phone, to access an account.
Secure Mobile Email – To implement this security layer WCU has adopted the Microsoft Outlook app as the only supported mobile Email app. This requires mobile devices to apply security features and also requires MFA to setup access to an account on a mobile device.
Anti-phishing tool – WCU has adopted an anti-phishing product from Avanan. This tool will scan all Email coming in from the Internet and quarantine messages with well-known phishing signatures. This will stop most phishing Emails from ever making it to the user’s mailbox.
In spite of these technical controls you still need to be aware of what phishing scams look like, both for your work and personal use of Email. Please take a look at this awareness video: