As the year draws to a close, we want to recognize something fundamental: every member of our university played a part in keeping the institution secure. Whether it was a faculty member pausing before clicking a suspicious link, a staff member reporting a strange login prompt, a researcher checking if a data-sharing tool met compliance needs, or a student flagging a scam circulating among peers, each action strengthened our collective ability to protect our shared mission.
The cybersecurity community thrives on collaboration. The university regularly receives and shares intelligence with our higher education peers and federal partners. Earlier this year, the Cybersecurity and Infrastructure Security Agency (CISA) alerted us to a large-scale watering-hole campaign targeting higher education employee web portals. In this case, bad actors weaponized Google ads that mimicked familiar login pages, tricking unsuspecting visitors into divulging their account information.
Around the same time, an employee reported an unusual login screen they encountered. That simple report, submitted within minutes, turned into the key that helped our team locate remnants of the malicious website harvesting credentials. With that tip and CISA’s alert, our security teams blocked the attack path, neutralizing the risk before it could spread. We also shared what we found with peers, including Big Ten peers, who were targeted by the same campaign. It was a powerful reminder that cybersecurity is not just a technical exercise; it’s a community effort where individual actions have an institution and industry-wide impact.
That partnership was demonstrated through this year’s progress. Upgraded email controls now block spoofing more effectively and stop many phishing attempts before they ever reach an inbox. Phishing-resistant multi-factor authentication now protects account information with a stronger, more secure verification method. Our continued collaboration across the Big Ten Academic Alliance (BTAA) fosters the partnership of peers in all aspects of our information security program.
As we enter a new year, we carry deep gratitude for everything you’ve done to keep our university safe. Your reports, along with those who forward phishing emails to ui-phishing@uiowa.edu, your questions, and your careful decisions make a difference every day.
If you have any questions, please get in touch with the Information Security and Policy Office, email it-security@uiowa.edu.