Secure IT–Cybersecurity in a Zero Trust World
One of the constants in the computer age has been the continuing need to protect sensitive and valuable information from cyber criminals. That’s why at UMass Boston, cybersecurity is an ongoing effort covering an entire spectrum of threats. With the university’s Secure IT initiative and newly licensed Microsoft A5 program, staff, faculty, and students can feel more confident that their personal information is as safe as possible.
Secure IT went live in 2021. The Secure IT education program works to put the power back into the hands of everyone by preparing them to identify online threats.
“We use Secure IT to train people to become part of the solution, rather than becoming part of the problem,” said Wil Khouri, the university’s Chief Information Security Officer (CISO).
The main components of the Secure IT training program are AwareEd and PhishSim. Each month, AwareEd requires UMass Boston employees to view short training videos on issues related to cybersecurity and then take a short quiz reviewing the material. As its name suggests, PhishSim educates employees by sending them simulated phishing emails that urge users to click a link. If the link is clicked, the user is brought to a page that notifies them that the email was only a simulation. However, the page highlights the fact that if the email were a real phishing attack that the user would lose their information to scam artists or hackers. Employees who fail to recognize the email as a simulated phishing attempt are required to have extra training on phishing.
“It’s not only my job as CISO to protect everyone, no—security is a responsibility that is shared by everyone.”
Wil Khouri, Assistant Vice Chancellor and CISO
The university’s ongoing cybersecurity efforts got another boost from the acquisition of a Microsoft A5 license—a major upgrade from the previous A3 license. A5 provides a complete set of automated cybersecurity tools for visibility into threats through analysis of user’s behavioral patterns. The system can identify impossible travel along with other abnormal activity and quickly alert the proper individuals as soon as such behavior is identified. A5 also brings all the cybersecurity tools together in one ecosystem. Rather than having to look at individual tools or multiple consoles, the information security team can more easily manage threats through the A5 threat monitoring system. The system can discern major threats from minimal ones and then focus on the larger threats. Also, when Zoom, Microsoft Teams, and other programs were added to the university’s Microsoft 365 (M365) package, A5 was able to provide the extra security necessary to secure operation of these programs.
“A5 gave us more power and more tools to monitor all the other applications in M365,” said Khouri. During the return to campus following COVID-19, these cybersecurity tools became increasingly important. Bad actors were able to read into the anxiety many individuals faced with the transition back to campus and attempt to phish users for medical or other protected information.
Khouri works with Alison Murray, Senior Information Security Specialist, and David Bonczar, Senior Information Security Architect, to maintain a safe and secure campus environment. However, Khouri believes the protection of data extends beyond his team. “Security is the job of every individual,” said Khouri. “It’s not only my job as CISO to protect everyone, no—security is a responsibility that is shared by everyone. It brings us all together, because as long as you are secure, we are secure.”