October is National Cyber Security Awareness Month and has been observed since its inception in 2004. Many people believe their computers and personal data are of little value to cybercriminals; however, in today’s digital world this is no longer true. Your accounts, mobile devices, and computers, all contain information and access that can have tremendous value to cybercriminals. In our current political and economic climate, it is even more important to be vigilant and protect your computers and electronic devices from an attack. Former President Barack Obama stated “cyber threats pose one of the gravest national security dangers the United States faces.”
Research institutions need fool-proof cybersecurity to protect their IP, health records, grants and critical personal and financial data. Universities and medical centers house vast repositories of valuable information, including student healthcare information, patient information from academic medical centers, and financial and personal data from applicants, donors, students, faculty, and staff. As research administrators we are at a greater risk and any hack into our electronic devices can become a major security concern for our universities and organizations. A university’s administration reports to the Federal Government, to its Board, to its donors, to the media, to its students and faculty, and to the general public. Cybersecurity measures should go beyond minimal compliance and be up to date with regulations. To address cybersecurity risks with some initial measures to prevent intrusions and to minimize the damage if a hacker does get through, below is a compilation of tips, advice and useful resources that you can use to protect yourself and your workplace.
- Detect Malicious Email: These emails at a quick glance, can look authentic with subtly distorted logos and symbols from recognized financial institutions, e-commerce sites, government agencies, services or businesses. They may contain requests such as “act quickly,” “your order cannot be fulfilled,” or have a warning about an urgent matter that needs to be addressed. Any suspicious email should be forwarded to your organization’s information technology department. It is best to avoid clicking any links or visiting any website reference in the email.
- Proper Training: Emphasize training of employees, faculty, and administrators in basic cybersecurity awareness to instill habits that will better protect the institution.
- Implement Security Measures: Implement security precautions to make hacks difficult or impossible. Create enhanced protocols to prevent unauthorized access to devices and systems, including multi-factor authentication. Update computers frequently that regularly access campus networks.
- Cyber Intrusion Testing: Work with a vendor to test the institution’s current cybersecurity vulnerabilities and get advice on how to reduce those vulnerabilities.
- Have A Corrective Action Plan: One that includes disclosure and mitigation efforts. Importantly, if an institution holds government contracts or grants, follow the required disclosure protocols for cyber intrusion (note that agencies may differ in their requirements).
- Consider Cyber Insurance: Particularly academic medical centers and/or sensitive research programs. Ensure your policies are large enough to cover a worst-case scenario.