Information Technology Support announced on Aug. 8 its plans for a new security measure on the university’s networks.
The suite of new security tools, called Microsoft Advanced Threat Protection (ATP), went online on Aug. 23. It is designed to integrate with the Microsoft products that SVSU provides its users, such as Outlook and Office apps.
ATP consists of two primary mechanisms aimed at preventing phishing attempts through malicious links and email attachments, two of the most common threats to information networks and users’ privacy.
“(Phishing is a) social engineering tactic used by crooks to trick people into giving up their IDs and passwords,” John LaPrad, SVSU’s information systems security manager, said in a recent email to SVSU users.
ITS has worked to secure SVSU’s network from phishing attempts for years. Millions of emails to SVSU addresses are flagged as malicious by the network’s security systems every month. Last year, over 170 SVSU email accounts were compromised, likely through successful phishing attempts.
According to LaPrad, ATP automatically scans emails sent to SVSU email addresses and ensures that hyperlinks and attached files in each message are not malicious. ATP rewrites any links as their full URLs and prevents users from clicking a malicious link once one is discovered. It also scans attachments and replaces malicious files with a text document explaining to the user that something dangerous was removed.
“The ATP implementation was very smooth,” said Larry K. Emmons, SVSU’s director of technology and support services. “ATP was piloted in ITS for 45 days. Additionally, ATP has been turned on for campus in monitor mode for several months.”
Even with these new safeguards in place, ITS frequently reminds users to be vigilant regarding what links and attachments they are clicking on. ITS regularly sends SVSU users updates on new phishing techniques and tips on how to recognize whether a link or attachment is legitimate.
ITS will be providing SVSU users with short cybersecurity courses on Canvas through their Internet Security Awareness Training program, the first of which focuses on phishing and is available now.