Service Spotlight: Security Awareness Mitigates Threats
According to a Symantec Security Threat Report, in 2016 there were 20 data breaches in higher education, exposing the personal information of approximately 5 million people. Those figures illuminate a grim reality -- it only takes the loss of one person’s user name and password to expose the private information of thousands, or even millions, of other system users.
Ohio State’s Security Awareness team aims to teach users how to defend against harmful breaches, focusing on educating the university community about what users can do to protect themselves and their fellow users.
Breaches can happen in a variety of ways – a common and growing trigger is users being duped by phishing emails. The phishing phenomenon continues to grow substantially and represents a huge risk to users, IT systems and data. It’s a common attack path for distribution of malware or ransomware and compromising credentials.
These messages may lead you to enter your network log in information on a credible-looking (but phony) website or they may lead you to a page that loads malware onto your device. Ohio State tracks phishing attempts and provides phishing simulations with training to help users protect themselves.
Learn How to Stay Safe
You may be unknowingly exposing yourself to a breach in other ways, by using an easily-guessed password, using unsecured Wi-Fi networks or leaving a device unprotected by a password, which makes it vulnerable if it is ever unattended or lost. Educating the university community allows users to understand where they are taking risks and can make informed choices instead.
The Security Awareness team protects students, faculty and staff members from becoming victims by providing training opportunities to users and technical resources. For users, we focus on offering training, education and awareness efforts that are relevant to protecting them both at home and work.
The team also works with business units and technical staff who want to learn more about security. We tailor awareness and security training specifically to the group, team or individual, and can also provide in-person training. By tailoring offerings to fit individual needs, the team is able to partner with business units more effectively and to share meaningful knowledge that can have positive effect on changing risky behavior.
We offer more advanced education for technical staff. For example, the team hosts Cyber Security Day, a one-day, annual training opportunity that features an abundance of speakers and training opportunities. This year it will be at The Ohio Union on Thursday, September 24. Throughout the year, the team also provides technical training on topics like system hardening and secure code development to better protect the Ohio State’s IT environments. In addition, security liaisons provide a level of specialization in business units to deliver meaningful advice and content to their end users and technical staff.
Security Awareness Incentives Coming Soon
Right now the Security Awareness team is working to bring their programs to the next level by implementing a security awareness incentive platform. The program will offer short, practical exercises that users can participate in to accumulate points and redeem them for rewards. Challenges will include things like training opportunities, advice, news articles, games and more!