Faculty August Contract Pay & Email Security Alerts for Fall 2024
BFA representatives were advised of two campus issues that could impact faculty at the start of the year and asked to share this information with their constituents and colleagues.
The first was about a new email security service called Abnormal Security email that is being rolled out this week by OIT. The rollout and details were announced in
The second item is regarding faculty contract selection and the impacts to August pay. August 19th is the first date for AY24-25 faculty contracts, which means there are fewer paid days for August paychecks.The deadline to make changes to faculty contract pay (9x9 v. 9x12) was in July and was communicated to department HR liaisons in May and June. It's recommended that faculty use the to ensure they know what to expect.
Please use the links above and view additional details from OIT and HR listed below.
Why is this needed now?
- It takes on average 28 seconds from a phishing email’s arrival to a successful phish (Verizon DBIR 2024). On a recent August Saturday evening at 11:47pm, a phishing attack was launched against ¶¶ÒõÂÃÐÐÉä Boulder and within 65 minutes, 254 ¶¶ÒõÂÃÐÐÉä Boulder accounts were compromised because they fell for this attack. Such attacks put personal and university data at risk.
- Over the past year, ¶¶ÒõÂÃÐÐÉä Boulder students have lost thousands of dollars to phishing attacks while faculty and staff have had their paychecks impacted, lost control of their personal data, and had their accounts used to attack students and other faculty and staff members.
- During the past six months while OIT was piloting the service, Abnormal Security detected and would have stopped 793,000 advanced attacks from reaching members of our campus community including the recent August attack.
- The start-of-semester time frame historically sees a significant spike in attempted attacks.
- For questions regarding Abnormal please contact: oithelp@colorado.edu or 303-735-4357
What is the risk to faculty?
- During the six-month pilot, OIT has seen a 0.0004% false positive rate out of all emails arriving to ¶¶ÒõÂÃÐÐÉä Boulder. A false positive is when an email is incorrectly identified as malicious and blocked. Abnormal Security is an additional layer on top of the Microsoft 365 quarantine service.
- What is OIT doing to prepare for false positives? OIT reviews Abnormal Security logs daily for false positives, proactively contacts recipients if a suspected false positive is discovered, and continues to train the system to reduce this possibility.
- OIT met with other universities who have implemented Abnormal Security and ensured our practices around reporting phishing and inquiring about suspected missing emails is in line with best practices.
- OIT can always be contacted by any faculty, student or staff who believe an email they were expecting was not received. If the email was stopped because of Abnormal Security, it can be recovered if reported to the IT Service Center within 30 days of expected receipt.
- OIT and Abnormal Security continue to train the system and measure false positives to continue to reduce the 0.0004% rate further to best support and protect the campus community.