Case in Point: Lessons for the pro-active manager, from our friends at Auburn University

Monday, October 3, 2016

It's hard to believe that we are about to enter the final quarter of 2016. October 1st will once again mark the start of National Cyber Security Awareness Month. Throughout October you will likely see multiple messages from technology and security professionals on ways you can protect yourself and the University in one of our biggest risk areas--IT security.

To get a headstart on National Cyber Security Awareness Month, I asked Auburn University's Information Systems Audit Manager, Mary Krauss, (CISA, CRISC, GCIH) for her top suggestions for safe computing. Here are Mary's top five:

  1. Passwords: Choose a hard to guess password and change it often. You should change your password regularly. Consider using a passphrase as this is harder to guess. Do not use the same password or passphrase for non-University resources.
  2. When in Doubt, Don't Click: Do not click on suspicious links in email messages. Always hover your cursor over a link to see the web address before you click on it. If you receive an attachment you were not expecting, do not open it--even if the email appears to be from someone you know or work with. Reach out to them in a separate message or phone call to ensure they sent it to you. If you think you may have clicked something malicious by mistake, let your IT support personnel know.
  3. Don't Disable Security Tools: Tools such as firewalls or anti-virus software are in place to protect assets. You should never disable these tools, even if they seem to be a hindrance to your work. Losing your data will be a bigger issue than a task taking a few extra seconds.
  4. Install Updates Timely: Don't delay the installation of updates. As new threats appear daily, updates ensure your computer/mobile device has the latest protection.
  5. Protect Sensitive Data: When dealing with sensitive data, you must take appropriate steps to prevent disclosure. You should encrypt your hard drive and external media. Store sensitive data on central servers and not on your local hard drive whenever possible. Think twice before sending sensitive information in an email as this is not always a secure method. It is easy for someone to forward your message to unintended recipients. Seek out another method or ensure that email attachments are encrypted.

We appreciate Mary sharing this great advice. For more data security suggestions visit the AU Office of Audit, Compliance & Privacy's web resource on Data Security Controls.

Technology brings a great deal of risk to our operations, but as you will read again this month, there are numerous risk areas that require vigilance in the higher education world. As always, we'd be happy to hear from you with comments or suggestions.

M. Kevin Robinson, CIA, CFE
Associate Vice President
Office of Audit, Compliance & Privacy