October is Cybersecurity Awareness Month and GUC recently experienced a near-miss cybersecurity incident which highlights the importance of recognizing and reporting suspicious emails.  Here’s what happened, what could have happened, and what you can do to keep GUC CyberSafe. 

A GUC employee had been communicating with a vendor via email and phone concerning an ongoing project. On a Tuesday afternoon, the GUC employee and nine other GUC employees received an email from this vendor that contained a file share link. One of those nine employees, who was not currently working with the vendor on this project, recognized the email looked suspicious and called the vendor.   

The vendor indicated they were aware malicious emails were being sent from their company, but they hadn’t yet notified GUC. The employee subsequently reported the email to IT by using the Phish Alert button (pictured right). IT confirmed the email was malicious and removed it from all GUC mailboxes before the end of the day. IT also communicated with the GUC employees who typically work with this vendor.  

In their review of email, IT found five employees opened the email and deleted it, one person deleted it without opening, two people reported it as junk, one had yet to read the email, and one employee reported it with the Phish Alert button. One employee clicked on the malicious link, but our GUC firewall blocked the connection. Had the connection been successful, the employee would have been presented with a login screen and directed to provide their GUC username and password, which is what the hackers were in pursuit of all along.   If the attachment had contained malicious software, it could have infected our GUC network. 

Security experts report that over 90% of all successful attacks start with a phishing email. The Phish Alert button in the desktop PC/Mac Outlook software is a valuable tool that should be used for all suspicious email. Be on the lookout for information from IT about a new Phish Alert feature for GUC-issued iPhones and iPads. We will also cover this topic in more detail in an upcoming Spotlight.  

More information is available on SharePoint in the CyberSecurity Resource Center. Take a look at the resources available there and remember to be CyberSmart!