If you've looked at your inbox at all this year, you will have noticed a torrent of emails from the Uni giving you a “friendly reminder that you have not yet completed the University of Otago cyber security training module(s)” and that these are “mandatory to complete”. The onslaught of these ironically spammy emails has left students a little peeved, with one news tip sent to Critic complaining that cyber security can “get fucked! Every day there’s a new training email,” with another student reporting they received four identical emails within the space of two hours one afternoon.
One student aptly pointed out that the very same emails saying that “if an email you receive if threatening, pressures you for time, and looks like a scam email then the email is most likely a scam” are, in fact, “THREATENING that they will snitch me to my supervisor, TELL ME I HAVE LIMITED TIME to complete the training, and looks like a scam email.” Make it make sense, doll.
Clearly one of the biggest frustrations from students was the sheer quantity of emails sent. One student said, “They spam me too much… It’s my prerogative if I want to get phished or something like that.” Aware that at least some students may give a fuck about the modules, and wondering if they are actually mandatory or whether the Uni is cosplaying as a playground kid making threats to tell on you to your parents, Critic made the effort to have a look into students' concerns (or lack thereof).
When asked if they were concerned about there being consequences for not completing the modules, one student said, “Fuck it , I don’t care.” Another said that at this stage they’re not going to do it “out of spite.” This lack of interest seems to add up. Otago Uni IT Services Acting Director Wallace Chase told us that about 30 percent of students have completed the training, with average scores of about 83-95 per cent in assessments.” Hey, at least it’s a decent grade right? Go students?
The biggest question on everyone’s minds centred around the use of the word “mandatory”. What are you gonna do if I don’t do it? Tell on me? The Uni’s response would leave any politician salivating: “Training is mandatory for staff – including students in staff roles – and is highly recommended for all students.” So no it’s… not mandatory for students? Chase elaborated: “While the training is mandatory for staff and students in staff roles, it is not mandatory for other students and including the word ‘mandatory’ in their emails was an oversight which we are correcting.”
Asked about the point of the training, Chase told us: “We strongly believe the training is a valuable skill we provide for students’ study, work, and play… Students will be better equipped to identify constantly evolving cyber threats, including phishing, smishing, whaling, and social engineering attacks.” On whether or not that’s actually working, he replied, “Last year, 20 percent of students clicked on a malicious link sent as a test, and this year it was 15 per cent, indicating training has been effective,” because as any Health Sci kid will tell you, 5% makes a big difference. He did, however, offer a sincere apology for the number of emails sent to students, and “any inconvenience those email notifications caused.” Ah, vindication.