Cyber security: a year-round team effort

September went by in record time and we are on October’s doorstep! How did that happen?!

We are also on the eve of National Cyber Security Awareness Month (NCSAM), one of the most exciting times of the year for anyone who loves improving the awareness and adoption of cyber security… and that is all of us, right?  

When it comes to cyber security, our Information Security Services team has had an unprecedented year, much like most of our peer higher education institutions. The number and frequency of attacks and compromises has been on the upswing, and McMaster University has had its own IT security incidents. When they arise, cyber-attacks are disruptive, stressful, and all consuming. We are fortunate that our McMaster IT community works so well together: cyber security incident response is a team sport and we have been able to react quickly and decisively to stop and recover from these situations. Thank YOU (you know who you are) for playing a vital contributing role! 

We must also work together proactively as a team to increase our cyber security protection and capabilities, minimizing the severity of future attacks. With McMaster leadership support, we have implemented several proactive measures over the last few months: McMaster has endorsed an IT Security Roadmap, we undertook a global password reset to address the potential for compromised accounts, we have rolled out monitoring tools across critical systems, and we introduced Multi-Factor Authentication (MFA) on our Microsoft environment. 

Of course, cyber security awareness is not just an October activity. It is a shared responsibility that provides us with protection year-round. And much like cyber security is a team sport at McMaster, so too is it a shared and collaborative activity across the higher education landscape. Every opportunity we can take to share and learn from our peers provides additional knowledge and capabilities here at McMaster, too.  

There are many ways McMaster benefits from and contributes to cyber security activities across Higher Education IT:  

• We are founding members in CanSSOC, delivering IT Security services and expertise to institutions across the country in partnership with provincial and national/federal organizations 
• Paul Muir is the co-chair for the CUCCIO IT Security Special Interest Group, where he and Tracy Dallaire also share expertise, work on shared challenges, and exchange information across universities in Canada 
• We participate in ON-CHEC — the Ontario Cybersecurity Higher Education Consortium, a provincial program for higher education in partnership with ORION 
• Many of us participate in cybersecurity conferences and speaking engagements — as an example, in October, I am presenting at: 
  • EDUCAUSE, where I and my peers are presenting “Good Security is Shared Security: A Canadian Approach”, discussing CanSSOC 
  • A Ryerson Building Cyber Resilience Conference, where I will be part of a panel called: Recent Cyber Attacks in Ontario: The Executive Experience
    

Everything we do to improve McMaster cyber security for individuals and systems helps to shut the door on ‘bad actors’ — and our focus on IT Security during the October GetMFA campaign will be a timely reminder to exercise as many safeguards as possible to advance our cyber security posture. There will be lots of fun activities and good information to be shared, and we plan to ramp up the focus on MFA adoption to all McMaster students, faculty members and staff to share more of our proactive cyber security materials and information, including our IT Security awareness course on Avenue to Learn. 

I encourage you to make time to fit in some cybersecurity awareness this month and look forward to seeing you at various activities throughout the month.