Raising awareness of IT security: training programme to be expanded

14.03.2024

The ZID is launching a multimedia information campaign to raise awareness of IT security. After all, user behaviour is crucial for IT security at the University of Vienna.

Many university members are already familiar with the IT security tips for users on the ZID website, which help them to use IT securely. In addition, users will soon be able to learn about important IT security topics in new and interactive formats.

“Universities are increasingly falling victim to cyberattacks. In order to increase the IT security awareness of our university members, we are currently working on a comprehensive information and training programme on this topic. Together with our IT security team and with the support of the Corporate Communications service unit, we are creating training videos and quizzes that convey the topic in an entertaining and clear way,” explains Michaela Bociurko, Head of  IT Communications & Marketing.
 

The new training programme at a glance

  • Videos: They will bring dangers in e-mails and password security closer in an entertaining way.
  • Quizzes: Following the videos, but also independently of them, you can test your own knowledge in a fun way.
  • Webinar (in German): Experts from the IT security team share their knowledge about IT security in the workplace with employees.

The ZID will inform all users as soon as new information is available.


Better secure than sorry 

Why is it important to raise awareness among users? Christoph Campregher, Head of the IT Security central support unit at the ZID, explains: “It can be dangerous, for example, if university members enter their u:account access data on a fraudulent website. The access data stolen in this way can be used to penetrate the IT infrastructure and cause damage.” This procedure is known as phishing (from password and fishing). But insecure passwords can also enable attacks.

Another means by which cyber criminals gain access is malware. This can be hidden in e-mail attachments, for example. Once infected, it can encrypt data unnoticed, transfer data or spy on access data. 

Financial fraud attempts via e-mail can also cause considerable damage. Well-crafted, personalised e-mails to employees of the University of Vienna are the bait. The aim is usually to transfer money to supposed superiors or work colleagues or to send them voucher cards.

“All of these attacks target members of the University of Vienna. It is therefore important for us to have users on board and to provide them with the basics of the right defensive tactics when it comes to IT security,” explains Christoph Campregher.


The danger is real

The figures speak for themselves: at least 9 higher education institutions and universities in German-speaking countries were victims of a cyberattack in the second half of 2023. The times before public holidays and weekends or during school holidays are particularly popular for attacks.

These are often ransomware attacks. Ransomware (a combination of the words ransom and malware) encrypt a company’s data and block access to it. This can render the IT infrastructure unusable and data can fall into the wrong hands. In return for a ransom, the attackers promise to decrypt the data and/or not to publish it.


University as a place of learning and workplace: freedom brings responsibility

Freedom in research and teaching is practised at the University of Vienna – and therefore also in the choice of IT tools required for this. However, this freedom also means that each individual must handle their own and the university’s IT systems responsibly, explains Christoph Campregher: “All it takes is a single computer infected with malware, a poorly programmed personal web page or a password captured by criminals to enable serious attacks on the IT infrastructure. In order to make the university more secure, we therefore rely on the cooperation of all university members.”

 Back
[Translate to Englisch:] Illustration IT-Security Infopaket