it security awareness - trent university · 2018-02-28 · • overview of security landscape in...
TRANSCRIPT
Tales from the Trenches at Trent University
IT Security Awareness
• Overview of security landscape in higher education• Current measures and controls• Awareness efforts • Phishing Simulation• Challenges• Next steps
Agenda
1
• Growing Threats - Nature of the business• Advanced Persistent Threat
• Students? • FIPPA / PIPEDA • ISO 27001, SANS 20 (CIS)
2
Current Information Security Climate
• Students – Part time and full time, residence and off campus.• Staff – Fairly typical • Faculty – Full time, part time
3
Understanding our Demographics
• Students – Access to their own student data, wireless network (their own wireless networks), network accounts, desktop access.
• Faculty – Access to personal student information, network and desktop access.
• Staff – Access to a large amount of personal student information, network and desktop access.
4
The Risks
• They’re busy!• They’re scared to “bother” support staff• Wide range of devices
5
Student Challenges
• Changing Technology • Budget Difficulties • Access to large amounts of data• Technology Knowledge – Mechanisms for keeping up with technology
change.
6
Staff Challenges
• Traveling – Not fixed to a single location• Periods of not teaching – Summer, Sabbatical leaves, Research trips • Part-time status
7
Faculty Challenges
• Phishing• Information Theft • Information Loss (or improper disclosure)• Data Integrity • Malware• DOS / DDOS
8
Specific Problems
Don’t Take the
Bait__________________
_Trent IT will NEVER
ask you for your username and
password in an email request.
Is your data backed up?
___________________
Backup your files to Google Drive or OneDrive today
When you send me your username and
password__________________
_
If it sounds too good to be true, it always is.
Yours free!
Does your computer have pending updates?___________________
Updates fix critical vulnerabilities in your computer. Unpatched systems are the easiest
way for hackers to infect your computer with
malware. Install updates today!
Your photos are your memories.
Keep them safe by backing up your phone to Google Photos today___________________
Unlimited Space with your Trent account!
Don’t be caught without a backup plan
Backup your data___________________
Google Drive for Students
Microsoft OneDrive for Staff
• May 2017 – PhishingBox.com was contracted to provide a platform to launch simulated phishing on staff and faculty accounts and report on the results.
• 5 phishing tests of varying complexity have been completed. • Individual users are not identified
19
Simulated Phishing
20
The bait
21
The bait
22
The bait
23
Results
Test Link Clicked Full Submit
Easy 4.5 3.3
Moderate 2.8 1
Difficult 6 3
• “Just fix it” • Getting people in for training • Policy• Mobility • Changing Enviornments
24
Challenges
• Security Survey • Training for “higher risk” users• More distance sessions• Cyber Security Awareness Month
25
Next Steps