Taylor University is rolling out a new anti-phishing system, known as KnowBe4, to increase cyber security.
KnowBe4 is a system that runs simulations and provides training to avoid phishing scams. It uses AI to assess the legitimacy of a message by comparing it to other emails in the system.
Chris Jones, chief information officer at Taylor University said the university receives multiple reports of potentially harmful emails daily.
When a potential scam email is received, the recipient has the option to click a button, flagging it as a possible phishing attempt. Clicking the button sends the email to the IT department and gives feedback on whether the email was a phishing attempt.
Fake phishing emails will be sent out to test the effectiveness of the system.
The system also automatically flags logins that occur close to each other in time, but far apart locationally.
“If someone falls prey to it (a phishing scam), they can be the start of a chain that can be devastating,” Jones said.
Once a hacker gains access to a single email, they can use it to deceive others, which can quickly exacerbate the problem.
These phishing scams have already worked with varying degrees of success on Taylor’s campus this year.
"Hackers tend to prey on individuals who are busy and those of older generations,” Jones said.
Hackers are aware of this trend and will try to target those who don’t have time to properly review an email’s legitimacy.
Jones said the best thing to do is isolate the incident by shutting down the account to protect it from spreading to others.
Many cases of phishing originate overseas. Another step Taylor University is taking is to block international internet connections on faculty and staff member’s school devices.
Prevention of such cases is the aim of this new system.
The university will also be looking to update their two-step authentication process and change the password requirement for logins to a minimum of 16 characters.
Password reuse is one of the biggest threats to security, Jones said. Requiring passwords to be unique and longer in character count will aid in hindering unwelcome access from unauthorized parties.
“We’re trying to balance usability and security,” he said.
Jones thinks the problem is only increasing. He said with the pervasiveness of such attacks, even a very small percentage of successful phishing attempts can be hugely profitable.
The goal isn’t to make Taylor University immune to these phishing scams but to make it difficult enough for hackers, so they’ll seek out an easier target.
The expectation is that the whole Taylor community will become more aware of the problem and help in the prevention of future attacks and scams.
“I would love to hear feedback from students and would be open to chatting over email or lunch with anyone who has questions or concerns,” Jones said.