Recent cyber security incidents that have affected major UK retailers including Marks & Spencer, Co-op, and Harrods are part of a growing wave of targeted attacks affecting a variety of sectors. These incidents, alongside attacks targeting local councils such as West Lothian Council and Edinburgh Council, highlight the increasing sophistication and frequency of successful cyber attacks. Often cyber criminals will use social engineering techniques to trick people into sharing their account login details, click links that redirect to malicious websites, or download innocent-looking files that turn out to be loaded with malware.
As a member of University staff, your awareness and vigilance against such attacks is essential to our information security. Information Services ensures that Multi-Factor Authentication (MFA) is enabled on your account, and critical software updates are automated to ensure systems are up-to-date with the latest security patches. Even so, we urge you to be extra cautious when interacting with emails, websites, or other forms of communication.
Remember:
- Information Services will never ask you for your password or MFA tokens. Be suspicious of anyone requesting this information, regardless of the sender. There is never a reason share your password or MFA tokens with anyone.
- Be wary of unusual emails, messages, and chats. Phishing attacks are becoming increasingly sophisticated. Look for red flags such as poor grammar, urgent requests, or suspicious links.
- Avoid clicking on links or opening attachments from unknown senders, and think twice before clicking even if you know the sender. Independently verify the sender’s identity before interacting with any links or files. Report suspected phishing emails using the Report feature in Microsoft Outlook.
- If you think you may have clicked a malicious link, downloaded a malicious file, or entered your account credentials in a website, report this to the Information Centre immediately: Information.Centre@stir.ac.uk. Your quick action can help prevent a potential security breach.
We encourage all staff to complete the free cyber awareness training available at https://universityofstirling.metacompliance.com or from the MyCompliance app on the left-side navigation bar in Microsoft Teams. This training is designed to provide you with the knowledge and skills to spot and avoid cyber threats.
Visit the Cyber Security SharePoint Hub for a range of information and resources to help you work securely.