Adding IT security to your spring cleaning checklist

This spring many of us are thinking about what we’d ‘normally’ be doing at this time of year on campus (for the second spring in a row). With exams just concluding, we know we would be reflecting on a busy academic year, admiring the tree blossoms, looking at a carnival setup for Light Up the Night, and bidding good luck and happy summer to our students. Spring is a favourite time of year on campus, both an ending and a beginning.

Spring isn’t always predictable of course. This year less so than others. From a seasonal perspective, you may have recently switched out your snow tires, only to be surprised with a typical Canadian late-breaking snowfall. Or perhaps you thought you would see those amazing tulips you planted, only to discover the neighbourhood rabbits picked your yard as their spring buffet. And how about spring cleaning, the annual effort to toss the dust bunnies out to join the tulip bunnies, or finally wipe off the top of the door frames (you do that, right?). During lockdown, I am guessing many people are saying ‘what’s the point?’.

But maybe that IS the point! After being in our homes more than ever before, spring cleaning seems like a vital requirement. We need to freshen things up, ensure we are ready for the next season and all that awaits. Spring cleaning is about creating a thorough checklist and ticking through chores we seem to always put off doing. Necessary tasks that prepare us for another year of living gracefully.

Believe it or not, this missive is about IT Security, so why not see spring as a perfect time to undertake IT Security spring cleaning, too. Whether for ourselves or those we support, there are IT Security spring cleaning, too that can be undertaken to improve IT security as we tick over into a new season. It is a perfect time to re-assess our work from home IT security environment using the tools that are available to us. And if you run out of ideas, there is an abundance of information: search ‘digital or cyber spring cleaning’ and you will find articles to keep you busy for a decade of springs!

Also this spring, the McMaster IT Security Services team, led by Director Tracy Dallaire, will be introducing our first McMaster IT Security Roadmap through IT Governance, for input and ultimately endorsement. It will outline key activities for the next three years with the intent of enhancing our IT Security posture. IT security is a core objective of our McMaster IT Strategic Plan and we often highlight the importance of everyone at McMaster seeing themselves as part of our Cyber Security Squad.

Cyber security initiatives are already underway on campus, including the multi-factor authentication roll out for Microsoft 365 email which will extend to students once they are part of the Microsoft email environment. The roadmap outlines numerous other initiatives to help educate and secure our campus constituencies, including our Research community. Higher Ed IT has many unique IT Security challenges, but we must address these as there is much at stake.

Spring is also conference season, and the upcoming CanHEIT 2021 conference, currently in the throes of finalizing programming, will include several cyber security related presentations. This includes a handful of presentations on the Canadian Shared Security Operations Centre (CanSSOC) of which McMaster is a founding member. CanSSOC has matured greatly over the last two years and discussions are currently underway to expand its mandate and services in partnership with the Canadian NREN and CANARIE. Don’t miss out! You can also check out the EDUCAUSE Cybersecurity and Privacy Professionals Conference, or maybe take advantage of the virtual conference scene to join an international venue, by participating in AusCERT.

Perhaps the rainy days of spring in our current forecast will be a welcome setting for IT Security refresh and renewal activities. The work you put into being proactive now will pay dividends when lockdown is over and real summer weather arrives – there is nothing better than feeling cyber secure when you would rather be anywhere but on your computer.