Cybersecurity
V.
Cybersecurity
Key Initiatives
Making Campus More Secure
Building Blocks
Ensuring our campus feels safe and secure is essential for the overall wellness of our community, their data, and our organization as a whole. Our layered security approach addresses the individual security needs of our network, our systems, devices, and users. Introducing annual penetration testing allowed us to identify potential weaknesses in our security measures and has given us the opportunity to address those concerns prior to a cybersecurity attack. Conducting comprehensive third party vendor reviews has ensured that the tools we have in place were vetted by our security team. The establishment of a PCI Compliance Initiative team keeps campus accountable and in compliance with Payment Card Industry Data Security Standards (PCI-DSS) and related University policies and procedures.
Monitoring new technology will be essential to keep ahead of the ever changing cyber threat landscape so we can remain agile to quickly and proactively respond to change. There are several technology areas where upgrades and the addition of new capabilities will improve visibility and management of vulnerabilities and threats. These include checking non WFU devices when attempting to access the domain, replacing fragmented legacy identity management solutions, identifying automated methods to identify inappropriate data movement for efforts in implementing a data loss prevention strategy, and investigating Cloud Access Security Broker (CASB) capability needs as we expand our cloud first strategy.
Further network investments will be a key component of our security platform. The age of fiber presents opportunities to reevaluate our strategy and research, invest, and implement leading edge technologies needed to keep our network safe and secure. Expanding our network to newly acquired WFU locations, as able, will make the security and reliability of our network available to WFU users in those locations.
Designing and implementing a cybersecurity dashboard for campus leaders and auditors will provide an aggregated view of our incidents for thoughtful evaluation of our overall security posture.
Involving our Community
Building Blocks
Educating our campus about potential security vulnerabilities has been a priority. Participation in the October National Cybersecurity Month has provided a fun and hands-on opportunity to share information and steps our campus can take to protect themselves. The implementation of KnowBe4, a platform for security awareness and training, has proved to be another engaging tool for educating our campus.
With an established and enforced endpoint management policy and frequent reviews of accessibility, access, and hardware, we can respond quickly and efficiently to potential incidents or threats. This policy includes exchanging faculty and staff computing devices every four years to keep up with changing security and compatibility requirements. It also ensures faculty and staff have a reliable and high performing computer to conduct their work.
CrashPlan, our automated online backup solution for data stored on faculty and staff WFU-issued computers, will be moved to the cloud to improve the user experience, provide redundancies to prevent data loss, and decrease our data center footprint.
With a focus on increasing awareness, we will expand our cybersecurity training and social media presence, particularly addressing our student population. We need to develop short, impactful methods to educate our students on how they can protect themselves and their data from aggressive and dangerous cybersecurity attacks and phishing scams. Goals to expand the usage of the KnowBe4 platform to better reach the student population are underway.
In response to rising cyber attacks, expanding reviews of our third party partnerships will ensure we have the best tools in place to mitigate risk. Embedding security and accessibility reviews with procurement workflows will be a new strategy to minimize risks associated with acquiring new technologies.