“Sometimes people think that all security happens within the Information Security team, and therefore, they don’t have to worry about it,” said Williams, senior director of IT Infrastructure and Chief Information Security Officer (CISO) in the Division of Information Technology (DoIT). “This cannot be further from the truth.”
The truth, Williams said, is that every employee plays a critical role when it comes to the security of the university’s data and network.
“Each one of us is a doorway into the university’s network and data,” Williams said. “What websites we visit, how we use our devices, and how we work with and share data, all impact the university’s cyber and information security.”
Employees have the opportunity to act like a firewall – preventing unwanted malware and outsiders from gaining unauthorized access to private data – each time they log on to their computer, open an email or click on a link.
Think of it as part of every employee’s job description.
“All employees are on the frontlines of security,” Williams said. “We are attacked every day in every way, from spoofed emails and phone calls to websites that have been compromised.”
With the help of employees who are “cyber aware,” university business can be conducted safely.
That’s why the Office of Information Security works diligently to provide the Huskie community with educational tools and cybersecurity initiatives. Recent initiatives include things like phishing tests, revamped new hire training, and realigned NIU Payment Card Industry (PCI) security training.
“In general these initiatives are low cost to the university, low impact to the employees, and meet various policy and industry requirements,” Williams said. “In turn, they deliver high value in terms of improving our university employees’ ability to protect university data and assets from various risks.”
Every Huskie plays a part in cybersecurity. If something seems odd about an email, phone call or website pop up, please report it at [email protected].
Current campus information security initiatives include:
According to a new 2021 Cloud Data Security Report, phishing continues to be a major attack vector for credential theft and ransomware deployment with the number of phishing attempts targeting educational institutions being well above average. IBM reports that the average cost of a successful phishing attack that leads to a data breach is $3.8 million.
To combat this, we are conducting regular self-phishing tests on campus accounts. In a well-trained educational institution, the employee phish failure rate is about 5%. The current failure rate of our self-phishing tests across all employees is about 10%. The more this improves, the less captain awareness videos we will include in the annual training!
New Hire Training
We have revamped the new hire training program that all newly hired personnel are required to complete. We will contact the new employee within the first week of employment with instructions on how to take the training. They have 30 days to complete the training from the date of notification.
Annual NIU PCI Security Training
We partnered with the NIU Commercial Card program to include credit card security training for those who have been issued a NIU Commercial Card. The training also includes those who approve purchases made with the NIU Commercial Card. This reduces the amount of security training for general campus and focuses on employees with more specific training needs.