Training and Awareness

In today's digital world, protecting information is more important than ever. Cyber threats are always changing, so it’s crucial for University communities to know how to spot and deal with potential cyber risks. Training and awareness programs are essential for helping everyone understand their role in keeping our information safe.

Email Security - How to identify phishing email

Information Security Unit (ISU) will irregularly send simulated phishing email within our organization. Those campaigns aimed to test our overall security awareness and identify areas where we can improve our cybersecurity measures. We want to emphasize that this campaign was not meant to single out individuals or departments but rather to raise awareness about the importance of staying vigilant and cautious regarding online security. We encourage all employees to remain vigilant and immediately report any suspicious emails or activity to our IT department.

How to identify phishing email:

Common characteristics of phishing emails to deceive people include:

• Urgency for a demand or request (e.g. change of password, sending gift cards)
• Attractive or interesting content (e.g. COVID-19 themes including testing information and the new variant, free gifts and promotion, sensitive documents)
• Disguising as a legitimate or trustworthy entity (e.g. CityUHK departments, Banks)
• Contains deceitful website links or attachments
• Asking for credentials, personal information or financial needs

How to handle suspicious emails:

• Check the sender address if it is legitimate, especially if it is from an external party, contact the claimed sender in another channel (e.g. phone call) for verification if necessary
• Approach any website links and attachments with caution, do not click or open it unless you are certain it is safe
• Do not provide or enter any login credential, personal and financial information
• Do not trust offers that seem too good or unrealistic demands or request
• Please do not forward it to other colleagues. Report suspicious email to reportspam@cityu.edu.hk and then delete it
• Make use of “Report Spam” function to report spam to Central IT.

For further information, you may visit the following pages:

• Phishing emails reported by CityUHK members: https://www.cityu.edu.hk/csc/deptweb/support/faq/email/phishing/phishing.htm
• What is Phishing Email and How to Avoid it: https://www.cityu.edu.hk/csc/deptweb/support/faq/email/phishing/avoid_phishing.htm

Online Training Materials

The University has subscribed to LinkedIn Learning for expert-led high-quality instructional videos on topics ranging from computing, animation, accounting, architecture, business, engineering, etc.  There are numerous information security related resources for either beginners or students who want to pursue career development in the field of information security.

Security Awareness Training for Full-Time Staff

As part of our ongoing efforts to enhance security within our organization, we are pleased to introduce a new security awareness training platform for all full-time staff focused on building security awareness.

We have selected a series of informative and practical videos that will help you understand and identify phishing scams more effectively.

• 10 Ways to Avoid Phishing Scams with Quiz (7 mins)
• How to Spot Phishing Scams (3 mins)

We strongly encourage you to complete this training at your earliest convenience. To access these training videos, please follow the instructions below:

Step 1: Access https://training.knowbe4.com/ via Internet browser.

Step 2: Type in your CityUHK email. Click “Next”.

Step 3: Type in your CityUHK EID and password. Click “Sign In”.

Step 4: Select training material to start the training.

If you have difficulty to access the training materials, please write to infosec@cityu.edu.hk

 

IT.ServiceDesk@cityu.edu.hk