Date Published February 6, 2019 - Last Updated December 17, 2019
Let’s face it, everywhere we turn, we are being inundated with attempts from cyber criminals to hack our identities and even more so, our organization’s resources. The news is full of stories about companies getting breeched and users’ private information getting stolen. Although organizations put necessary policies and software in place to protect us, the cyber attackers know our weakest link, our people.
Phishing attacks, spoofed email address, and fake job scams have proven to be some of the areas of greatest challenge for us at Duquesne University. At Duquesne, we have found that we are making the greatest impact against these attacks through deliberate and continual communication about the risks at hand. Cyber literacy is one of the best ways to combat these cyber attackers.
As the manager of the Help Desk at Duquesne University, I take our role in educating the campus community about safe computing very seriously. When we saw a major increase in the number of compromised Office 365 accounts and machines in 2015, we knew we had to do something.
When we saw a major increase in the number of compromised accounts and machines, we knew we had to do something.
Our first step in building a cybersecurity program was to comprehensively begin reporting on what we were seeing: hacked accounts, compromised machines, and more. Through that data, we were able to design a campaign around where we were most vulnerable, lack of user awareness.
We found many resources available online that can help with the development of your own campaign. We found one particular site helpful. STOP. THINK. CONNECT. is an online coalition of private companies, non-profits, and government organizations who aim to help all digital citizens stay safer online. As we developed our campaign, we knew we had to tailor our outreach based on the varied roles of our end-user populations, employees and students.
I’ll share some of the outreach methods that were successful for driving down the numbers of compromised accounts.
Offer Online Cybersecurity Training
For the past few years, the Help Desk and Information Security teams have developed an online training curriculum delivered through SANS. Although completion of the program was not mandatory, we provided incentive by promoting entry into a drawing for several fun prizes if the training was completed. We have approximately a 40% completion rate!
Share Newsletters and Web Content
The Help Desk creates and distributes a Cybersecurity Digest during the fall and spring semesters. The articles in the digest address current trends we are seeing on campus and help to raise cyber literacy. After distribution, we post these on our website, and periodically remind people to check them out via our social media platforms.
In order to support many of the communications that we send via social media and newsletters, we have also developed a very robust and informative website that we can reference and redirect users to for more information.
Start a Speaking Tour
Another successful communication strategy was creating strategic partnerships on campus with other departments who support and understand the importance of cyber literacy. At Duquesne, the two departments that reach all of our end-user demographics are Human Resources and Student Life. The Help Desk has partnered with Human Resource to deliver a 30-minute cybersecurity orientation to all newly hired employees once a month. Providing this valuable information at the onset, empowers employees to know how to keep themselves and the organization safe.
From a student perspective, we also present to all incoming freshmen at a summer orientation as well as the resident life employees who support the students while living on campus. By targeting all of these different communities, we are able to continue to get the message out.
Host Fun and Relatable Events
We have had great success with raising awareness hosting several tables throughout campus during the year. In January, we celebrate Data Privacy Day. The Help Desk staff and Info Security teams set up a table in a high traffic area to reach our diverse campus community of employees and students. This year’s table theme was titled “Do Not (Donut) Leave a Hole in Your Data Privacy.” We distributed donuts and information about locking down your social media security to minimize people using the information they find to hack your secret questions. The Help Desk created a buzz about the event through our social media channels. It was a great hit and got the word out!
Empower End Users
Trillions of dollars are lost every year due to cybercrime. Ensuring our end users are empowered with the information and resources on how to stay safe, greatly reduces the risks to their personal identity as well as our organization. Analyze what communication outreach methods best suit your company culture. At Duquesne University the Help Desk has been a great representative for getting the word out, and we look forward to our continued success in educating our end users.
Melissa Jackman is an IT service management professional with more than 25 years of experience leading high-performance teams in service delivery and support for IT infrastructures and operations. Melissa has a strong commitment to servant leadership, professional coaching, and fostering team dynamics. She also has broad experience implementing ITSM tools and processes, cybersecurity, and identity and access management. Melissa has served as a local chapter officer for HDI Steel City and has presented at a variety of conferences on topics such as critical skills for new managers, trust, managing multigenerational teams, and coaching. She currently serves as the Help Desk Manager at Duquesne University, providing support for a campus community of approximately 10,000 students and 3000 faculty and staff. Follow her on Twitter @melissajackman.