15 February 2017 
Matt Sisson, Projects and Membership Manager
In the Digest last week, we mentioned a number of recent fraud attempts in universities regarding the use of phishing emails to access the payroll self-service section of university internal websites, in order to divert monthly staff pay. Readers were directed to the alert on the discussion boards and asked to check against their HEI’s own systems to ensure they haven’t suffered losses, and that their systems are robust.
As there is a considerable IT element to this fraud, it has prompted some universities to review their cyber-security risk assessments, to see if there are any improvements that could be made. Colleagues might not be aware that UCISA has a free-to-access Information Security Management Toolkit, with Chapter 5 being of particular help. The chapter is supplemented by a set of resources including templates. The chapter in question, as well as the rest of the Toolkit, can be accessed via this link.
Finally, a last reminder that there are now just a handful of places remaining for the annual Counter-Fraud in HE conference in London on the 6th March. There’s more information and the programme available on the booking page.
