Educause Security Discussion mailing list archives
Public Facing Faculty listings
From: "George J. Silowash" <gsilowas () NORWICH EDU>
Date: Mon, 9 Dec 2019 13:33:09 +0000
We have recently seen an uptick in phishing attacks utilizing faculty information published on our website. The malicious actors are able to identify department heads and their subordinates. The malicious actors then use this information to target a department head’s subordinates utilizing “legitimate” Gmail accounts posing as the department head to send phishing emails. I have proposed removing individual contact information on the website and use contact forms, a department email account, along with several other methods to make it more difficult for the bad actors. I have been met with a great deal of resistance. Have you seen this problem? What are you doing to mitigate the risk (beyond training)? Does your website list faculty information? Are faulty required to have their information posted and/or can they opt out? Does your site take any steps to make it more difficult or costly (ie using CAPTCHAs to obtain information)? I am looking for options to help balance leadership’s desire to have public facing directory information with that of risks to individuals and the institution. Any thoughts on this would be helpful. V/R, George ---------------------------------------------------------------- George J. Silowash, MSIA, CISSP-ISSMP, CCFP, GCFE, GCFA Chief Information Security Officer Norwich University 158 Harmon Drive Northfield VT 05663 http://www.norwich.edu ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Public Facing Faculty listings George J. Silowash (Dec 09)
- Re: Public Facing Faculty listings John McCabe (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Stromer, Wade (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Scantlin, Aaron J. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Howard, Christopher (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Barton, Robert W. (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Michael Young (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Beth Albertson (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Jamie Schademan (Dec 09)
- Re: [EXT]: Re: [SECURITY] [EXTERNAL][SECURITY] Public Facing Faculty listings Scott Norton (Dec 09)
- Re: [EXTERNAL][SECURITY] Public Facing Faculty listings Gregg, Christopher S. (Dec 09)