Technology Record - Issue 31: Winter 2023

138 Fortra’s Terranova Security helped a Canadian university to strengthen its security culture by implementing end-user training courses to change unsafe online behaviour CASE STUDY Protecting education “ Students are practically born with technology in their hands, but they don’t have the information about security” Canadian universities welcome approximately 1.4 million full-time and part-time students, as well as more than 47,000 employees every year, according to Universities Canada. Each of these universities stores lots of sensitive data on their IT systems, including personally identifiable data about individuals and information about proprietary research, finances, physical security operations, and more. In addition, there are hundreds of opportunities for open information sharing – from sending emails to submitting reports. This has led to higher education providers being one of the key targets for cyberattacks such as phishing emails, according to the Microsoft Digital Defense Report 2023. Therefore, IT teams at universities have made security awareness training for both staff and students an urgent priority in recent years. “Students are practically born with technology in their hands, but they don’t have the information about security,” says the chief information security officer (CISO) of a major Canadian university that chose Fortra’s Terranova Security to help it secure its digital ecosystem. While working with Fortra, the university was home to 40,000 students and nearly 7,000 faculty members and staff with many courses taught and presented in two different languages. University members were frequently receiving phishing emails that bypassed standard cybersecurity barriers, revealing a critical need to educate the entire university community on the growing threat of cyberattacks. At the time, cybersecurity training was not mandatory on campus. In some cases, people were reluctant to participate in simulation exercises, due to fear of repercussions if they failed a phishing email simulation. As a result, entire campus departments would reject simulation testing because they found it too realistic and believed it could negatively affect their daily communications. However, says the CISO, “We have to give people the right to make a mistake.” To overcome this challenge, the university’s CISO, the IT team and other stakeholders implemented a complete Fortra solution that included multiple end-user training courses to change unsafe online behaviours, training campaign monitoring and performance measurement with in-depth reporting and a customisable phishing assessment. They first deployed and presented modules from Fortra’s course library to the university in a series of campaigns. The university selected 12 modules for its diverse audience, based on customisation features crucial to the success of the training programme. Security team leaders focused on deploying training courses that aligned best with the existing culture. “Until last year we were focusing on personnel. Now we are targeting the whole community, including the students,” says the CISO. The goal was to record strong participation in a security training campaign rolled out to staff and faculty first. The training was presented in a safe environment, leveraging module content that all generations could connect with. As a result, participants freely engaged with

RkJQdWJsaXNoZXIy NzQ1NTk=