Last year, no fewer than 1.5 million people in the Netherlands became victims of online scams and fraud, Statistics Netherlands (CBS) has calculated. These are shockingly high numbers, which show that we are not as safe online as we sometimes think. How well are we, as UT staff, capable of detecting online crime? The PASSWORD (Privacy and Security Awareness on Workplace, Office, and Remote Data) project group tried to find the answer to that question last year.
The University of Twente invests a lot in digital security; both technical and physical measures have been taken. But in many cases, human behaviour remains the weak link. That is why efforts have been made to increase privacy and security awareness among both employees and students.
You may have seen them in your inbox recently: the invitations to participate in so-called 'baseline knowledge assessments'. About half of the employees took part in these.
We have also sent out several simulated phishing emails to both employees and students, on the one hand, to see how good the assessment of phishing emails is, but also to increase alertness. A striking number of people clicked the links in the phishing emails: 25 percent of the students and 19 percent of the employees.
In the subsequent period, employees and students were offered various online training courses. Based on the results of these training courses, the project group was able to see for which topics additional training or measures were most necessary. Staff and students were also offered the Security Essentials and Mobile Device Security modules. For employees, the modules Data Protection and Phishing followed as well.
The response to the simulated phishing emails that were sent after following the modules was considerably lower than in the previous simulation. This shows that the emails were recognised as fake emails more quickly and more adequately.
The assessments, training courses and simulated phishing emails have shown which aspects of digital security require further attention in the upcoming period. The PASSWORD project group will focus on ensuring that people remain alert to and aware of the latest forms of cybercrime. This is why we also call on you to (continue to) participate in the various training courses in the field of privacy and cybersecurity in the upcoming period. You do not have to wait for new training courses to become available: your portal “My training” of the learning environment securityeducation.utwente.nl contains many more training courses that you can follow. In this way, we aim to keep your and your colleagues’ valuable online data safe and to prevent costs and other inconveniences as a result of cybercrime.