How do we avoid becoming loopholes for IT criminals?
Unfortunately, we live at a time when cybercrime is becoming increasingly common. As a university, we can do a lot to protect ourselves with anti-virus programs, firewalls and two-step authentication. But it is just as important that we are all vigilant about how we behave when we are working with information and data – both digitally and physically. We’re going to increase focus on this in 2021 – among other things through a new training initiative.
The senior management team have decided to increase focus on information security at AU. Among other things, this will be through a new initiative from the AU information security department, which I'll come back to later in my blog. But first a bit about the background for our more intensive efforts on information security:
The reason strong information security at AU is so important is quite simple: As an organisation, we live on our knowledge. This in itself makes us popular prey for IT criminals. And even though the administration doesn’t sit every day with the big, valuable datasets or research breakthroughs, we are all part of the AU digital network. This means that each of us is a potential loophole through which IT criminals could sneak in. So how do we each make sure that the AU IT armour is secure?
I believe that we can come a long way with scepticism, common sense and vigilance. Specifically, for example, we must make sure to link up our home-office computer via a VPN. We should also be extra vigilant about trusting websites when we download files or programs, and we must make sure that we protect confidential information and sensitive personal data. Finally, we should think twice before we click on links in emails from external senders. This could be phishing.
Information security needs training
But common sense isn’t enough. Information security needs training. I recently read the PWC Cybercrime Survey 2020, an annual survey that takes the pulse of information security in the public and private sectors in Denmark. According to the survey, approx. 30 per cent of employees will generally click on the link in a phishing email if they have not been trained in how to spot one. After training, the figure fell to 10 per cent.
The management of the administration has a particular responsibility to ensure that information security is trained regularly in the respective units. For this purpose, the AU information security department has developed a number of training packages with communication material to help to establish a dialogue about information security in individual units. The first package will be sent out very soon and it is about phishing emails. After this, packages on different themes will be distributed regularly to managers in 2021.
I very much hope that, with increased focus on developing our understanding and behaviour, we can make a positive contribution to forging even stronger information security armour at AU.
I would like to urge all employees in the administration to familiarise themselves with AU's nine tips to ensure information security. If you have any suggestions as to what we can do to improve information security in the administration – or comments on this month's blog, please write to me at director@au.dk.
If you have any questions about information security, please contact the AU information security department.