Starting this spring, two new educational measures will fortify cybersecurity defense at the University of Oregon by informing the UO community about preventing cyberattacks.

The Information Security Office has launched a new online training in cybersecurity and will begin conducting simulated email phishing educational campaigns for UO faculty members, staff, graduate employees and student employees.

The training, called "UO Cybersecurity Basics," is available to all employees through MyTrack. It consists of three groups of short video modules on topics such as passwords, email, devices, multifactor authentication, remote work and data handling.

More information about the training is available in the UO Service Portal.

"We strongly encourage all UO employees to check out this new training," said José Domínguez, interim chief information security officer. "It's a quick and efficient way to learn how to protect your accounts and devices on campus and at home."

Some employees may be asked by their departments to take the training to satisfy regulatory requirements.

Soon UO employees also will start to receive simulated phishing emails as part of an effort to raise awareness and provide education about avoiding scams.

Those simulations will imitate the techniques of real phishing attacks, such as asking for passwords, enticing the reader to click a link or pressuring the recipient to make a fraudulent wire transfer. They may also include the names and logos of familiar companies.

However, unlike in a real phishing scam, a click on one of UO's simulated phishing emails will lead the recipient to an informational webpage about phishing.

"Research has shown that this type of simulation can be an effective way to increase people's awareness," Domínguez said. "We want to emphasize that there will be no negative consequences if you click. Our goal is to help you avoid falling victim to a real phishing scam and suffering actual losses in the future."

The Information Security Office plans to conduct such simulated phishing educational campaigns on a quarterly basis.

The two new efforts are among those begun in 2019 to safeguard the UO community against cyberattacks. The implementation of Duo two-step login was another such project, along with URL link protection in email and numerous behind-the-scenes measures to better protect individuals and the university.

"All of these technological measures are intended to reduce the likelihood of cybercriminals stealing our intellectual property, money or identities," Domínguez said. "But no matter what, some malicious emails will get through, so each of us still needs to stay vigilant to protect ourselves and those around us."

People can report phishing emails through the Report Phish button in Outlook or by emailing phishing@uoregon.edu.

Anyone with questions can submit a ticket through the security awareness training support page in the UO Service Portal.

—By Nancy Novitski, University Communications