Cybersecurity Awareness Month, now in its 18th year, was created under the leadership from the U.S. Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) to be a collaborative effort between government and industry to make sure Americans have the necessary resources to stay safer and more secure online. This year Cybersecurity Awareness Month is co-led by NCSA and the Cybersecurity and Infrastructure Agency (CISA), a fairly new division of DHS.
Week 4 – Cybersecurity First
This week we focus on the importance making security a priority. For businesses, this means building security into products and processes. It is important to make cybersecurity training a part of employee onboarding and equip staff with the tools they need to keep the organization safe. Individuals must keep cybersecurity at the forefront of your mind as you connect daily. Consider that the Institute’s security and privacy settings are to protect the Institute’s data, which is a culmination of your hard work. Cybersecurity should never be an afterthought.
Did you know???
- Nearly two-third of companies have 1000+ sensitive files open to every employee. (Varonis)
- Global spending on cybersecurity is set to pass $60 billion in 2021. (Canalys)
- The IoT (Internet of Things) devices market is anticipated to reach $1.1 trillion by 2026. (Fortune Business Insights)
This list includes just some of the many things done to help keep the Institute’s data safe:
- Implemented Desktop Central to ensure that updates and patches are pushed out to Institute-owned IT assets.
- Hackers are constantly writing code to make viruses and malware for vulnerable systems and apps.
- Having Desktop Central push those updates and patches keeps our systems and apps more secure.
- Security awareness training is required and assigned on an annual basis.
- This training is role-based and is assigned based on position and responsibilities.
- New employees are assigned security awareness training upon hiring and have 30 days to complete.
- The New Employee training is a little bit longer and includes some different information to help catch them up.
- There are 35 UTIA IT Security policies and procedures.
- Yes, we have more than any other campus or institute, but this is because we have all those that are required of us, plus two additional procedural documents.
- These policies are not intended to dictate everything you do, but they are expected to be followed for the protection of the Institute’s data, funds, and reputation.
- These are written in an easy-to-follow manner, but if you ever have a question about anything in these policies and procedures, please let me know and I will help you.
- These policies and procedures are reviewed at least annually and updated as needed.
- Policy revisions are included in the monthly e-newsletters when revisions are made.
- Individual policy reminders are often shared in a number of ways with the UTIA faculty and staff.
- There is a very informative UTIA Information Security Program website that it updated to include the latest threats, important guidelines, monthly e-newsletters, IT Security services, compliance, and more.
- Please bookmark this site because it can be a very useful resource.
- Assign accesses to people based on the principle of least privilege.
- This principle is all about giving people just the privileges necessary to carry out their own job responsibilities.
- If you assign based on least privilege, or need to know, then the data is more secure because it is available to only those who have that need to know it.
- Use two-factor, or multi-factor, authentication.
- This is very important because you have a second method of authenticating to get to data you need to do your job.
- This means that someone on the other side of the world can’t just steal your password, or buy it on the Dark Web. They need this second method to actually get in and you are the only one with access to that second method.
Cybersecurity is always changing, so look for policies, procedures, the website, etc., to also evolve to keep up. I will always keep you informed of changes, but remember that cybersecurity is everyone’s responsibility to some degree. I am always here for any questions, concerns, suggestions, thoughts, you name it. Just send me an email or give me a call.
And for those of you who are wondering what happened to Week 3’s email, I did not do one. Every year Cybersecurity Awareness Month includes one week for trying to attract new interest to the field of cybersecurity. I could send that out to everyone, but I know the vast majority of you have made a lasting career decision. And, trust me, I am in complete awe of what you all do from academics to research to outreach. However, if you are interested in cybersecurity or know someone who is, please let me know and I will be happy to send you some resources.
Stay safe and thank you all for all that you do!