The university administration is set to restrict automatic forwarding for faculty and staff email accounts in an effort to mitigate cybersecurity risk.
University of Illinois Technology Services says the top security risks facing the school begin with email phishing, which is a tactic used by hackers who fake credentials or the appearance of a legitimate organization to obtain your information. Automatic email forwarding decreases the university’s ability to secure important information about individuals and business interests.
“Cybercrime is a major concern for universities,” Associate Director of information security Chuck Geigner said in an email. “With risks and threats increasing in our new “remote-online-normal”, it’s important for us more than ever to protect student data, research data, business interests, internal processes, and personal privacy.”
As October is Cybersecurity Awareness Month, Geigner wants students and faculty to become more familiar with phishing and other tactics criminals may use to access their data. Recognizing when something doesn’t look right helps to avoid falling for traps.
“The Privacy & Cybersecurity Team works hard to prevent unauthorized access on the back end of email. It’s important for students, staff, and faculty to become more cyber aware to help prevent cybercrime on the front end.”
A second major concern is that employee email forwarding makes offsite emails subject to the Illinois State Records Act and FOIA, which not only threatened individuals’ privacy, but “put the university in a difficult position, being that it could not comply with laws unless owners somehow granted official access to their private email,” according to Technology Services.
July and August of 2020 saw a 30 percent increase in “weekly attacks per organization in the academic sector,” according to a report published by Check Point Software Technologies. “The general increase when you consider all sectors in the USA is only 6.5%.”
Employees who automatically forward emails or use the electronic delivery editor (EDE) will be affected by the change. Non-individual or group email accounts will not. The process to request an exemption has ended.