Cybersecurity and privacy campaign kicks off: ‘Only by working together can we keep our university secure’
From choosing the right tools to locking your screen when you go to get a coffee: it’s often the little things that help you work securely. With our campaign ‘Check it: work privacy and security smart’, in the coming month we are focusing on protecting our information and data, including personal data. ‘You do it for yourself, and also for your colleagues.’
Priority rules, parallel parking, hill starts: in traffic we think it’s completely logical to know what you need to do to be safe on the road. ‘So, why wouldn’t we apply the same principle to our work?’, wonders Chief Information Officer Jan-Willem Brock.
Self-test and tool picker
He believes it’s a good move that the university is calling for more attention to be paid over the coming month to safe – or safer – working and cybersecurity awareness. On the fresh-from-the-press campaign page, from today staff can test their cybersecurity and privacy knowledge or check what tools and programmes are suitable for using at work. It’ll come as no surprise that the site is also full of cybersecurity tips, such as locking your screen when you step away from your computer – even if it’s just for a minute or two – and checking senders of dubious mails. The symbol of the campaign is robot mascot Sam Safe, who will regularly pop up with useful tips and checks.
‘As a university, we can’t help but be open to risks,’ says Brock. ‘Such as confidential information that gets misused, or how a hack can end up blocking all teaching or research. Individual staff members also have to take care. ‘A leak of personal data can cause a load of problems. Your name might be misused, for example, to spread disinformation, or sign off on some dubious contract.’
People are the weakest link
The university has made a lot of progress with cybersecurity in recent years, says Brock. ‘We are working hard on improving our technical resilience and making sure our systems are up to date. We also put a lot of time into monitoring, detection and response; you can see that as keeping watch over our digital windows and doors. We carry out audits and tests, where we ourselves try to hack into our systems. We are also training and educating members of staff and drawing up policies and procedures for if things do go wrong. The last thing you want if that happens is any uncertainty about what needs to be done.’
But awareness on the part of individual members of staff is and will always be an important issue. ‘Because you can make your systems as failsafe as possible, but cybercriminals always look for the weakest link, and unfortunately that’s often an individual worker who in an unguarded moment clicks on something.’
Hackers keep on getting better
What doesn’t help is that our university has a lot of those digital windows and doors. ‘That’s also the kind of organisation we want to be – and have to be – for our education and research: broad and open, with a lot of partners in all kinds of places in society. But that strength is also our weak point because all those doors and windows are continuously being tampered with day in, day out, to see if they really are locked tight. That’s why it is so important that staff are aware of the risks. It’s only by working together that we can keep everything secure and secure.’
And don’t forget that hackers keep on getting better. ‘It used to be that a phishing mail was an incoherent message in bad English,’ says Brock. ‘But now, with AI, it’s much easier for them to convince you that it really is a close colleague you’re in contact with. It’s getting more and more real. I can imagine that I too might fall for a phishing mail, especially if I’m really busy.’
His advice: be vigilant, both for yourself and for others around you. ‘Always raise the alarm with the ISSC helpdesk if you’re unsure whether to trust something; you can mail us or phone 071 527 8888. And think about a personal back-up plan for if something does go wrong and our systems are down. How could you communicate with colleagues or students? How could you give your lectures?’
Brock hopes that a lot of colleagues will visit the campaign page. It is so important to know where the weak spots are – and what you can do if things go wrong. The more you know about your system, the easier it is to put things right at times of stress. Ultimately, we are all responsible for protecting our data. We do it for you as a member of staff, and you, as a member of staff, do it for yourself and your colleagues.’
Report incidents
Do you think you may be dealing with phishing, a data breach or malware? Always report this to the ISSC Helpdesk (tel. 8888). Also report loss of confidential data to your own manager.
Dare to ask
If you have any questions about data breaches or security incidents, please send an email to the Privacy Office or Security Office via privacy@bb.leidenuniv.nl or security@bb.leidenuniv.nl. You can also always contact the privacy or security officers from your faculty or department. Find your contact person on the staff website.
Text: Evelien Flink
Images: Nanda Alderliefste