AVP and CTO update, May 4, 2020

May the 4th be with you!

Building on the idea of us all being ‘Jedis’ today, I want to share a few thoughts about IT security with you at the start of this new semester. I have tweeted and verbally shared the importance of of us all being extended members of our McMaster IT Security team, and I want to reinforce that ideal – we are only as strong as the weakest link. All of you are important participants in McMaster’s cyber security capabilities. I am inviting you to join our McMaster Cyber Security Squad both literally and figuratively to help us fight the good fight.

IT Security is always a challenge to maintain in a campus environment because of the openness we provide by necessity to our constituents. When we are all on campus, it is concerning enough, and when we moved to our at home environments as a result of COVID-19 safety measures, we expanded our challenges. We have many people on networks that we do not have visibility into, additional home and personal devices accessing our campus systems, and the potential of more exposure for many other reasons based on the need for all of us ‘out here’ to get access to our systems ‘in there’.

What we know, our adversaries know also – and they are definitely taking advantage of it. You may be aware that York University has been embroiled in a major cyber security threat over the weekend. This is every institution’s worst scenario and we feel for our IT colleagues at York who are in the middle of remediating the situation. Regardless of the severity, there is no ‘good’ IT security incident. On top of an already challenging time, this is a tough scenario.

As York University continues to work through their challenge, we will gain more awareness as to the root cause thanks to our very strong cooperative nature across Higher Ed IT. This will help us to react to ensure we have closed any of the same loopholes in our IT security posture, but the fact is that we never know when we may be in their shoes – so staying alert and proactive needs to be a daily ritual for all of us.

When we begin to move back to campus, in whatever way that unfolds over the next many months, the challenges will not diminish. We will more than likely see an increase in work from home activity than pre-COVID 19 and that means this extended challenge of maintaining IT security will be extended, too.

So my request to ALL of you is to please practice what we preach and ensure you are taking care with respect to your MacID and password hygiene and security, that you are making yourself aware of the various tips and tricks and guidelines that our very hard working IT Security team have made available to you as you work from home, and that you Identify Report and Delete whenever you see suspicious activity of any kind. In fact, assume the worst and remain suspicious of all activity, especially phishing attempts.

Stealing from the pandemic vernacular, let’s remember that we are ‘in this together’. Thank you all for your continued support. And please do let the IT security force be with you and all of us on this May 4th.

That’s how I see IT today!  Have a great week, everyone.
gg