Many university members are already familiar with the IT security tips for users on the ZID website, which help them to use IT securely. In addition, users will soon be able to learn about important IT security topics in new and interactive formats.
“Universities are increasingly falling victim to cyberattacks. In order to increase the IT security awareness of our university members, we are currently working on a comprehensive information and training programme on this topic. Together with our IT security team and with the support of the Corporate Communications service unit, we are creating training videos and quizzes that convey the topic in an entertaining and clear way,” explains Michaela Bociurko, Head of IT Communications & Marketing.
Better secure than sorry
Why is it important to raise awareness among users? Christoph Campregher, Head of the IT Security central support unit at the ZID, explains: “It can be dangerous, for example, if university members enter their u:account access data on a fraudulent website. The access data stolen in this way can be used to penetrate the IT infrastructure and cause damage.” This procedure is known as phishing (from password and fishing). But insecure passwords can also enable attacks.
Another means by which cyber criminals gain access is malware. This can be hidden in e-mail attachments, for example. Once infected, it can encrypt data unnoticed, transfer data or spy on access data.
Financial fraud attempts via e-mail can also cause considerable damage. Well-crafted, personalised e-mails to employees of the University of Vienna are the bait. The aim is usually to transfer money to supposed superiors or work colleagues or to send them voucher cards.
“All of these attacks target members of the University of Vienna. It is therefore important for us to have users on board and to provide them with the basics of the right defensive tactics when it comes to IT security,” explains Christoph Campregher.
The danger is real
The figures speak for themselves: at least 9 higher education institutions and universities in German-speaking countries were victims of a cyberattack in the second half of 2023. The times before public holidays and weekends or during school holidays are particularly popular for attacks.
These are often ransomware attacks. Ransomware (a combination of the words ransom and malware) encrypt a company’s data and block access to it. This can render the IT infrastructure unusable and data can fall into the wrong hands. In return for a ransom, the attackers promise to decrypt the data and/or not to publish it.
University as a place of learning and workplace: freedom brings responsibility
Freedom in research and teaching is practised at the University of Vienna – and therefore also in the choice of IT tools required for this. However, this freedom also means that each individual must handle their own and the university’s IT systems responsibly, explains Christoph Campregher: “All it takes is a single computer infected with malware, a poorly programmed personal web page or a password captured by criminals to enable serious attacks on the IT infrastructure. In order to make the university more secure, we therefore rely on the cooperation of all university members.”