On an average day, about 206,000 malicious emails are sent to Drake faculty, staff, and students, comprising nearly 80 percent of all the email sent to us. Most of these spam and phishing messages are blocked before they reach our mailboxes, but we cannot let down our guard on the content that does reach us.

Earlier this week, UnityPoint Health announced the potential breach of 1.4 million patients’ personal information. Attackers sent an email to employees disguised as an official communication from a senior executive that directed recipients to a fake website asking for their username and password. Once entered, the attackers accessed patient information stored in the email accounts.

Each of us stand between attackers and the information entrusted to us by students, alumni, community partners, donors, and each other. Fortunately, we have a set of tools available to combat this problem.

• Delete old information that you no longer need, especially if it contains personal or grade information.
• Report suspected phishing messages.
• If you receive an email claiming to be from someone at Drake and it has the [External Email] label, take a closer look.
• Email informationsecurity@drake.edu with any questions about information and device safety.

ITS will continue to provide training throughout the academic year through simulated emails and follow-up training, to help faculty and staff identify and respond to these attacks.

Peter Lundstedt, ITS