We live in a data-driven world. Almost every transaction and interaction you have with most organisations involves sharing data including your personal data.
Sharing data helps make life easier, more convenient and connected. However, cyber threats put at risk our digital identity, the security of our devices and the data we exchange using Apps such as email and cloud storage.
We aim to build a culture of security awareness within our Institute to increase the protection against cyber-attacks.
Presentation of the Cyber Security Awareness training:
- click here to open (PDF format)
Accessing the training:
Internal Moodle platform
- for Administrative staff members, Trainees, Research Assistants and Research Fellows
- From EUI premises: Access the training via this link using your EUI credentials (username and password) and selecting CyberSec under Dashboard, My courses
- From off-campus: Access the training by remote connection to your EUI office computer, choosing one of the following two ways:
Then follow indications provided at step 1 above.
What Is Phishing?
Phishing is an attack that aims at collecting sensitive information by masquerading as a trustworthy entity. It starts with a personalised email or other electronic communication where the attacker is using social engineering, a technique attempting to fool you into taking an action.
The goal of the phishing action is that either you directly provide sensitive information or you help a malicious software (e.g. virus) to be installed and further harvest information, steal documents and login credentials to web pages, or access and infect other computers. The attacker then uses the collected information to harm the EUI or you (e.g. empty your bank account).
How Does Phishing Work?
The attackers want you to:
- Open an attachment
- Click on a link (with or without request to provide your login credentials)
- Continue the conversation
Red Flags That Will Help You to Identify an Email Phishing Attack
- Password-protected attachments
- Sense of urgency
- Generic greetings
- Grammar and spelling mistakes
- Links with intention not to show apparent destination (e.g. "click here", URL shortening)
- Someone pretending to be a successor of somebody
- Someone offering money
- Internal ''Helpdesk'' email coming from a non @eui.eu email address
What Should I Do?
If an email seems odd or too good to be true (!) it is most likely an attack.
- Be suspicious of attachments and only open those that you were expecting.
- Be suspicious of any email that requires "immediate action" or creates a sense of urgency.
- Be suspicious of emails addressed to "Dear Customer" or some other generic salutation. If it is your bank they will know your name.
- Be suspicious of grammar or spelling mistakes; most businesses proofread their messages carefully before sending them.
- Never answer requests for passwords, pin codes, etc., even from an IT User support
- Be suspicious with email coming from someone you know but not from the usual email address (for instance, from @gmail.com when usually you interact with @eui.eu or @yahoo.com).
- Hover your mouse over the link. This will show you the true destination where you would go if you actually clicked on it. If the true destination of the link is different, this may be an indication of fraud
I Received a Phishing Email!
The EUI is actively protecting its networks and information systems against possible malicious intrusion.
Help us improve this service by notifying us of any suspicious email you receive in your mailbox!
- Please send any suspicious email to [email protected] email address.
- In case you clicked on a link, opened an attachment in a phishing email or notice any suspicious behaviour of your computer, please immediately report to [email protected] or call +39 055 4685 600 (ext. 2600).
To reduce the risks of cyber incidents caused by phishing attacks, EUI is checking links to external websites via a service called Advanced Threat Protection (ATP). When you open the link, the email security system will check its threat status. If there is no risk detected, it will simply redirect your browser to the initial URL. In case the link doesn’t seem secure, the URL will be blocked.
Emails are one of the main instruments of cyber-attacks. To protect the EUI against threats, emails that come from outside are checked at entry into the EUI's IT systems. The EUI’s security system checks any web links that they contain, to ensure that the sites they point to are safe.
Attackers now commonly use web links that seem to point to inoffensive sites to defeat the security system. Moments after the messages have been successfully checked and delivered to their recipients' mailboxes, the attackers change the URL to carry malicious payloads. This means that even if a harmless message is delivered in your mailbox, it can be turned into a threat.
Would It Be Possible to Disable This Protection (i.e. Is There an Opt-out Mechanism)?
The purpose of rewriting URLs in emails is to protect information (both the EUI's and the users) and the whole IT environment. The URL rewriting and checking mechanism is therefore applied systematically, as part of the EUI's email services, as a matter of Information security. The original URL is contained in the rewritten URL, and can be recovered if needed (see Safe Links for more details).
For further information on this topic, please check Office 365 Advanced Threat Protection.
Hackers attempt to compromise EUI accounts either to access data and mailboxes or to launch phishing campaigns against other users/institutions.
In case your mailbox is compromised, it may be automatically blocked not allowing any message to be sent outside the @eui.eu domain.
- If you suspect that your EUI email address (and password) has been compromised, contact the EUI Helpdesk immediately
- If the account has not been blocked yet, change the password immediately
- If the accopunt has already been blocked, contact the EUI Helpdesk
Please take into account it may take up to two weeks in order to remediate a compromised account!
For non EUI email accounts, you may check Have I Been Pwned? website.
Please remember NEVER to use the same password for personal (e.g. GMail, Hotmail, Yahoo, etc.) and work (@eui.eu) accounts!
The EUI is continuously targeted by various types of cyber-attacks. Staff travelling and on missions are particularly at risk, especially when travelling abroad. This page gives you some short Information security tips and tricks to reduce such risks.
General Advice When Travelling
- Avoid Shared PCs
Avoid shared PCs in hotel lobbies or airport lounges. Always assume they are not secure. If you must use them, just read the news and avoid typing sensitive personal information or passwords on these PCs. Especially do not type EUI passwords on these PCs. PCs in hotel lobbies and airport lounges are both attractive and easy as targets, so it is likely that these PCs are compromised by several different attackers who are waiting to capture interesting information.
- Be Aware of Your Surroundings
When traveling it is important to be aware of your surroundings. Do not leave your devices unattended in public places, be aware who might be looking over your shoulder when you are working on them.
- Be Careful With Free WiFi
Be careful when using wireless network connections, such as free WiFi in coffee shops, WiFi in hotel rooms and conference venues, WiFi points in an airport lounge, etc. These WiFi points are attractive targets for attackers and they are often insecure. Attackers can easily set up a fake WiFi hotspot with a familiar sounding name.
About Using Your Laptop
- Software Updates
Give your laptop all software updates and patches before leaving on a mission. This is very important! To get updates and patches bring your laptop to the office, connect it to the fixed network, log off or restart the PC, while keeping it connected. Make sure updates and patches are installed at least weekly and definitely before taking the laptop on a trip. If you cannot bring the laptop to the office then connect with the remote access connection and then log off or restart the PC. This will install any updates and patches.
- Remote Access
EUI's remote access service is available through secure VPN connection to access personal and shared folders at EUI. See VPN Remote Connection for further details.
- Disk Encryption
In the case you arestoring personal and sensitive data on your laptop, you might consider to protect your EUI laptop with full disk encryption (also known as bit locker), which prevents people from accessing your data, even when the laptop is stolen. But it is important to keep this (BitLocker) code secret. This security measure has been adopted on new laptops and it is deployed upon request.
If your laptop is stolen, then notify the EUI Helpdesk immediately.
Your EUI laptop (and desktop) is protected with anti-virus products. But it is important to avoid suspicious files and suspicious emails because the EUI faces advanced attackers who avoid detection by anti-virus products. Avoid using or exchanging USB sticks with others. Do not accept USB sticks you find or which are offered to you while on mission. Prefer an exchange of files via email. See also Share Safe topic.
About Using Your Smartphone or Tablet, Whether Personally-owned or Corporate
- Software Updates
Smartphones and tablets are typically more secure than normal PCs and many of the cyber-attacks for PCs do not work on smartphones or tablets. But it is not impossible to hack smartphones. It is important to keep your phone software up-to-date. Update the software before leaving on a mission.
- Telephony and Texting
When travelling do not exchange sensitive information via normal telephony or SMS messages, because normal telephony and SMS can be easily intercepted.
- Disk encryption
Most smartphones (like iPhones) have full disk encryption automatically turned on. This prevents data leakage when your phone is stolen or lost. But it is important to keep the PIN of your phone secret.
If your phone is stolen, notify the EUI Helpdesk immediately!
- Internet Connections
If eligible, favour cellular data connection (3G and 4G) or corporate/institution WiFis rather than free/public ones for internet browsing and be aware and always make sure that webpages you visit use HTTPS.
What Is It and Why Is It Important?
A privileged account (e.g. administrator or power user account) has the right to install any application, change the parameters of the operating system or give access to unauthorised people. When you browse the Internet or read emails using a privileged account, you put security at a higher risk. The result could be data loss, significant downtime or spreading malware throughout the network.
What Happens If You Browse With a Privileged Account?
Hackers prefer to attack computers where the users perform office tasks with privileged accounts because there is a better chance at hiding malicious activity. Once malware with privileged access is running on one computer, it is commonly abused to compromise servers and networking equipment, making it possible to locate sensitive documents.
Surfing the Internet with a privileged account increases the likelihood and impact of a potential infection when browsing, opening a link or attachment in an email (see Phishing further up):
- The risk is higher if the privileged user has installed its own software which is not maintained by the EUI (for instance, the malicious site may target an unpatched version of an Opera web-browser)
- The infection is more likely as other protection mechanisms are not effective on environments run by privileged users. The impact increases as the virus will have full access to the computer and will spread the infection internally inside the EUI.
What Should I Do?
- Do not login with a privileged account
In addition to the risk of being exposed to malicious websites and emails, your credentials can be stolen. Login with a non-privileged account and use Windows "run as" or Mac/Unix "sudo" to perform occasional high-privilege actions from a non-privileged account. At home, enable User Account Control (UAC) for Windows. Do not surf on suspicious sites or sites that provide illegal content (movies, games, music, license codes, serial numbers, cracked software, etc).
- Install software only from reputable sources and keep it up-to-date
Only install software coming from EUI providers that will issue security updates. At home try as much as possible to keep your software up to date, especially your antivirus and operating system.
- Examine requests from applications to gain privileged access
When an application prompts you for privileged access, make sure that you can trace it back to your actions. If you are in doubt, cancel the request.
Removable media such as USB keys and USB disks are very convenient for transferring information between computers. Unfortunately, they are also a very efficient way to spread malicious software (viruses etc.). Besides, they can get lost or stolen easily (causing data leakage)!
What Should I Take Care Of?
- Before connecting removable media to a non-EUI PC, you should make sure that anti-virus software is installed, active and up to date on that PC.
- Never use complimentary USB sticks, avoid mixing private and corporate use and only use EUI devices for work.
You can check whether removable media can safely be used contacting local Site officers. The rules regarding handling and storage of USB sticks are the same ones applicable to documents stored in them.
- Removable media must not be the sole or primary repository of EUI documents.
The information cannot be restored when lost and must be properly sanitised before disposal or reuse.
When sending a USB stick, first consider if there are other appropriate means of sending the documents, such as email encryption (for those authorised) or using dedicated SharePoint repository (contact your local User Support officer for advice). In addition, precautions should be taken so that it is not apparent that the envelope contains a USB stick, to avoid petty theft. Depending on the information sensitivity, it may not be stored on non-EUI removable media. In doubt, ask your Data Controller for advice.
- Information must only be held on removable media for as long as it is required, and avoid holding large quantities of information on a single medium.
- Don’t leave removable media unattended and in view.
- All lost or stolen removable media containing sensitive information have to be reported to your Data Controller, Data Protection Officer and EUI Helpdesk.
- Web-base Threats: a downloadable infographic by the European Network and Information Security Agency (ENISA)
Page last updated on 06 October 2020