The difference between a protected device and one which is exposed to hackers can be as simple as a click away, which is why William & Mary Information Technology (W&M IT) works diligently to increase campus awareness on cyber security issues. During the summer of 2018, IT began rolling out a Security Awareness Training Program through SANS Securing the Human training course with the objective of raising campus awareness on best practices regarding cyber security.
Awareness is Key
Director of Infrastructure & Security Pete Kellogg cites the protection of personal and institutional data as the value behind such trainings. “The value to faculty and staff is that by raising their awareness and knowledge about information security threats, we not only help them protect their own personal data but also help protect the institution against reputational, legal, and financial damages,” Kellogg explained. “Because human behavior is one of our major information security vulnerabilities, we want to lead people toward more secure practices with respect to information and information systems.”
Components in the course were chosen from over 100 different modules and integrate relevant information in both the broader sense of campus security as well as campus specific information. The course was first tested on W&M IT staff. Using the feedback, the assignment was shortened to a two-part interactive 30-45-minute course which can be paused and resumed at a later date.
Application Administrator Patricia Herrera Cox said that while some of the training may seem obvious, it reinforces safe technology management practices that safeguard W&M’s campus system from harmful cyber activity. “We tried to keep the training and assessment brief,” Herrera Cox said. “It should be an effective way of delivering a message without burdening a user.”
From short videos to quizzes, the course covers basic cyber security definitions, preventative measures to decrease susceptibility to attacks, and presents real world scenarios for staff and faculty to apply the knowledge they learn.
Turning Practice into Habit
Security Engineer Jim Supplee explains that “Security awareness trainings are becoming a method of making security habits a standard practice in order to better protect personal and private data.” Supplee should know. He has been working many years to keep the W&M campus safe from cyber attackers. Supplee is also the person who brought the SANS security course to William & Mary. Collaborating with Kellogg and Cox, Supplee helped develop the training program and worked to implement it across campus.
The invitation to the training is being distributed by department and comes from Cornerstone, W&M’s administrative learning management system. Each employee is only required to take the training once. Many administrative departments have already completed the training. To date, 467 staff members have completed it. Academic departments will receive the training in Spring 2019.
In later years, the training will be relaunched with updated and customized content to include new information as the boundaries of technology continue to expand.