As October turned to November, ITS completed its Cyber Security Month campaign for 2022 with a number of successes under its belt.

As of the time of this writing, more than 1,100 members of the Carleton community have enrolled in our Cyber Security Awareness courses, the bulk of them in October 2022, with many students completing dozens of the available modules to enhance their understanding of cyber security topics. This is a record number of registrations!

The winners of our contest, which was open to students who enrolled in the courses and took at least one module in October, are as follows:

  • Tanitoluwa Osuporu – Civil Engineering
  • Hang Su – Statistics
  • Faris Mahmoud – Biomedical and Electrical Engineering

Thank you to everyone who enrolled!

Learnings from our Simulated Phishing Campaign

We were also successfully able to run simulated phishing campaigns for various groups at Carleton, including first-year students, returning students, and staff and faculty members. One learning from these campaigns is that a good number of recipients downloaded images from our phishing emails, either automatically or manually.

Microsoft Outlook is configured by default to block image downloads, prompting the user to click the download external images button to see the image. But there is an option for users to configure the app to download images automatically to save the time it takes to click the button.

The problem is, images sent by threat actors sometimes contain malware. If you receive an email from an unfamiliar sender, clicking to download external images may expose you to this malware.

And those who configure their email clients to automatically download images in their email inboxes are at greater risk, because they’ve removed their own ability to decide if an image might be safe.

Our recommendation is to leave this configuration alone, and to try to determine for yourself if an image in an email might be safe before viewing the image.

Though Cyber Security Awareness Month may be over, it is important to remember that cybersecurity threats don’t begin and end in October. You can enrol in our Security Awareness Course any time through Brightspace to learn more about staying safe online.

This story is a part of ITS’s Year in Review for 2022/23. Read more at our Year in Review homepage, or follow along on Twitter using the hashtag #ITSYearinReview. Thanks for reading!