2020 has proven to be a very challenging year all around. Those of us fortunate to be able to work remotely had to adapt to a new routine and a myriad of technical and organizational challenges.
IT groups had to quickly scramble to enable employees to perform their daily tasks remotely. New technologies needed to be evaluated and implemented, and that presented a challenge while trying to thoroughly evaluate the appropriate applications and vendors for security and performance. We were required to maintain business continuity and strong cyber resiliency.
One of our biggest challenges was (and still is) to maintain data security and integrity while allowing the use of personal devices.
From a cybersecurity risk and resilience perspective, we needed to be ready to reduce risk and smart in how we went about it. Many of our staff had to work from home full-time for the first time. Even those who were already set up for remote access may not have been adequately equipped to enable working from home on the scale we are now witnessing during this pandemic.
This pandemic has certainly created additional security threats as attackers take advantage of the increased population spending more time online at home, working in unusual circumstances. Working from home shouldn’t prioritize productivity at the expense of safety and security, but in some cases, this was bound to happen. We needed to do three major things: equip faculty, staff, and students with the appropriate work, teaching and research tools, implement sensible security measures, and increase our cybersecurity awareness education communications to help keep their homes cyber-secure.
“Our main effort throughout this period has been an enduring messaging and communications campaign to our staff to achieve two things: help them understand the importance of handling and protecting data, and continually inform them of the measures they need to apply to ensure that our systems, platforms, and endpoints are secure. This messaging is vital to encourage them to adopt a specific way of working so that data won’t leak.” – Michael Jenkins, COVID-19 Business Continuity: Working from Home and Cyber Resilience
The impact of cybercrime is ever so expanding, and we need to focus on maintaining systems (servers, services) and endpoints (desktops, laptops, mobile devices, etc.) secure from outside threats, and areas to focus to enhance security are VPN, Patch Management, Email Security, and Privacy.
- Northwestern University recommends the use of the GlobalProtect VPN, to ensure that your internet traffic is shielded from intruders.
- Patch Management means that Northwestern IT manages system updates regularly, however, with the state of working from home, those tasks fall onto the users’ responsibilities for their personal devices. We recommend checking for up system and application updates at least once a month. Don’t leave your computer vulnerable to software exploits.
- Email Security. Email is the primary source of communication for remote workers, and cybercriminals are always finding new ways to phish you through email using social engineering phishing campaigns. Always be wary of an email that sounds too urgent, or too good to be true. Preferably, don’t respond to emails with attachments using your mobile devices.
- Personally owned devices at home sit in a physical and digital space unlike any within the office, which brings risk to our data and privacy. Staff homes will have a plethora of routers, printers, IoT devices, and other social devices—staff will often be on conference calls within earshot of family members or even employees of other companies. Privacy breaches and data leakage from home devices is a clear and present threat. – COVID-19 Business Continuity: Working from Home and Cyber Resilience
IT Departments, whether it is Northwestern University or at a large corporation, are working tirelessly to ensure that the company’s data and privacy of their staff, faculty, and students remain secure and free from attacks and data leaks. It is a cat-and-mouse game, where the criminals have the upper hand, are better funded and in large numbers.
The IT Departments at Northwestern University will always adapt and evolve to ensure that we have the best methods of security available, but with your help, we can only keep getting better. Welcome to a new academic year!
October is Cybersecurity Awareness Month, and I’d like to hear from you about what it means to be Cybersecure.