Cybsersecurity at Biola - One Year Later
October 3, 2019
One year ago, during National Cybersecurity Awareness Month 2018, Biola launched our university’s Information Security Program.
Now, it's National Cybersecurity Awareness month again, and the threat landscape has continued to develop in the past year. According to the Verizon Data Breach 2019 Report, Information Security incidents have increased in Higher Ed by 30.8% since last year, and attackers have been specifically targeting large quantities of personally identifiable information (PII), more so than individual usernames and passwords.
So what have we being doing at Biola to stay secure?
Update on Year One
For the first year of our program, our primary goal was to equip our community to recognize and respond to cyber threats.
Our program has 3 parts: Awareness, Training, and Simulated Phishing. Here’s how we did:
Since last October, we have posted to our Infosec website each month about various cyberthreats. We also send each of these articles to the Biola employee community via Inside Story. Each month, nearly 300 Biolans visit our site and read these articles—and the number continues to grow.
If you’re an employee, you received your annual cybersecurity training last Spring. This course was required for all full-time and part-time employees (staff and faculty). After the course was completed, we saw a significant increase in the number of employees who contact IT about suspicious email messages, and a decrease in compromised accounts in Google.
In August, we sent simulated phishing emails to our employees in order to train our community to identify and report malicious emails. Phishing is the most common cyber threat, and it gets more sophisticated each year. Simulated phishing emails are designed to replicate current cyber threats and reinforce healthy online habits for our employees. We sent our first simulated phishing test to all emphless on Wednesday, August 21.
79.5% of employees passed the phishing test, which also means 20.5% of Biola employees are phish prone.
Everything that we did last year will continue:
- The InfoSec team will continue our monthly awareness campaign.
- Employee InfoSec training will be assigned again in Spring 2020.
- IT will continue to send unannounced simulated phishing messages to employees.
Additionally, we will continue equipping the Biola community with improved technology solutions and practices, this includes:
- An upcoming 2-Factor Authentication solution for all critical Biola systems
- Improvements to how Biola handles email accounts for individuals who are both students and employees, to protect business data from being intermingled with personal data.
- Improvements to our data security assessment for all technology purchases and vendor contracts, to ensure that our vendors handle and store Biola data properly (In the past, Biola users have been compromised because third party vendors suffered a data breach).
Expect to learn more about these pursuits in the coming months.
Thank you for teaming up with us to protect university data.
Until next time, stay secure.