William & Mary
Close menu Resources for... William & Mary
Popular Topics
Suggested Results
News Events
Apply Visit Request Info
W&M menu close William & Mary
Information Technology
Year in Review

Security

Updates from the Chief Information Security Officer (CISO)

Increased Security Measures

The biggest information security risks we face at the university are phishing and malware attempts. In the past, we used an antivirus tool called Cylance to help prevent these attacks. This year we implemented Defender, which improved our ability to weed out and prevent phishing emails from being delivered and extract them out of mailboxes before our community ever has a chance to open them. The ability to identify those emails has been a big step forward for us in helping to protect our community. 

Microsoft Safelinks and Safe Attachments

These new tools, which come with Microsoft Defender, look at attachments and links within emails and determine if they are malicious, then notifies us if they are. This is something we didn't have a year ago, but do now and it has helped us prevent incidents. 

Mandatory Security Training

This year, participation in the mandatory security training that is required by W&M Human Resources went up from 78% to 98%. Our goal moving forward is 100% participation, but the improvement we saw this year is still a big success.

Upgraded Microsoft License - Information Security Suite

This year we upgraded from an A3 license to an A5 license with Microsoft, which gave us a number of information security tools we use to monitor not just email, but also risky behavior. For example, if we see someone logging in from a different IP address or an impossible travel notification, it's flagged. 

With this upgrade we got access to an Information Security Suite from Microsoft, which includes a new set of information we are able to receive in a format that is informative. It's applied to Outlook, OneDrive, SharePoint, Teams and more. It also came with data loss prevention tools, and we receive a notification if, for example, something resembling a social security number is flagged in an email. 

When we moved from Cylance to Defender, which is a cost savings for the university, we were able to reallocate those funds to get us to the next level with our Microsoft license. So not only were we able to upgrade to Defender, but we got access to more tools as a result.