Embedded Files
Moderator: Allison Oslund, Texas A&M University
Presenters (panel):
Lorrie Burroughs, Georgia Institute of Technology
Frank Cavazos, University of Texas Rio Grande Valley
Kara Gillespie, The George Washington University
Sonya Jones, Teachers College, Columbia University
Becky Klein, Valparaiso University
Stan North Martin, North Carolina State University
Allison Oslund, Texas A&M University
Brian Rust, University of Wisconsin–Madison
Resources
Resources
Presentation: See the presenters' common presentation notes below
Recording: https://educause.acms.com/p2q6sgn8hti/
Presentation Notes
Presentation Notes
April 21, 2017
University Background
University Background
The George Washington University (Kara Gillespie): private, 25,000 students, small IT communications team (2 people) - GW has participated over the past 7-8 years, I personally have been involved in the last 2 years.
Valpo (Becky Klein): private, liberal arts University in NW Indiana, total student body is ~4500 students (includes Grad School, Law School), ~1200 faculty & staff. We have 29 FT IT staff. I’m the sole person to handle all department communications and cyber security awareness. No dedicated comprehensive IT security staff member, it’s pieced out to multiple people. 2017 will be our 5th NCSAM campaign; we started in 2012 with a small campaign, skipped 2013, and have built each subsequent year.
University of Wisconsin - Madison (Brian Rust): public R-1 university; largest one in a 26-campus State system, 43,000 students, 21,000 faculty & staff; 700-member IT division, 15-member communications team. Have done CSAM for many years; not usually in sync with national plans.
Georgia Institute of Technology (Lorrie Burroughs): R1 research university, around 24,000 students, total population around 30,000 (faculty, staff, students). Our Office of Information Technology department has approximately 270 employees with one communicator. We have participated in NCSAM for 3 years.
Teachers College, Columbia University (Sonya Jones): 5,000 students. Private school, our IT staff has approx. 50 people, there are 2 of us conducting the Cyber Security Training.
UT Rio Grande Valley (Frank Cavazos): public, research & school of medicine, ~25,000 students, ~6,000 employees (faculty and staff). In our office (Information Security Office www.utrgv.edu/is) I’m the one in charge of awareness, communication, and outreach. Our office conducted the first Cyber Security Expo on the campus of Edinburg and Brownsville as part of NCSAM in October 2016. We have a Facebook (www.facebook.com/utrgviso) presence where we conduct online campaigns (e.g. Data Privacy Day), we use our website as a repository of information where people can find: policies, standards, news, alerts, and our newsletter.
NC State University (Stan North Martin): public, Research 1, ~35,000 students, ~7,500 employees. Participated in National Cybersecurity Awareness Month >5 times. One information and news services manager in central IT group, along with several part-time positions. CSAM planning team is part of a Cybersecurity Awareness Team that includes the communications manager, training coordinator, trainer/designer, and two members of the security & compliance group.
Texas A&M University (Allison Oslund): public (school of law and school of medicine), R-1, 60,000 students and 10,000 employees. 200 IT employees in central organization (report to CIO and to President), another 200 in academic IT report to Provost, another 200 are distributed in the colleges. Communication team of 10 - three FT staff dedicated to planning and implementing NCSAM each year along with several student workers. Participated in National Cybersecurity Awareness month 6 times, use our security team to validate our information and recommendations.
Team, Timeline and Tasks
Team, Timeline and Tasks
From one individual to larger teams:
Smaller teams start the planning process later
George Washington - 2 comm staff and 1 security (some student staff/intern support) - start planning over the summer (July/August)
Valpo - 1 person (Becky), no student assistance - so I tend to start about a month beforehand, though I do plenty of thinking as I see materials released earlier from national organizers, but then August happens...
Georgia Tech - 1 person (Lorrie) have worked with a few students (in help desk area) and without; have seen no difference in success, but believe students could help with right planning. Due to resource shortage, I have only planned a month in advance, but would like to begin in August this year.
Larger teams start earlier - leads to larger scope for campaign
Wisconsin - start planning in May; 2-3 comm people work with 2-3 Cybersecurity people on main event and promotional activities
NC State - planning starts during summer, core team is 4 people--3 are in my unit and 1 is in the Security & Compliance unit, pull in others, like SMEs and student interns, as needed.
Texas A&M - starts in May. Planning team is 4 core people - 3 FT and 1 student worker. Security Team is consulted as needed
Student involvement
YES - George Washington,NC State, Texas A&M, UTRGV
NO - Wisconsin, Valpo, Teachers College, Columbia University, Georgia Tech
Security involvement
YES - George Washington, Wisconsin, Texas A&M, UTRGV, Teachers College, Columbia, NC State
NO - Valpo, Georgia Tech
Important Tasks to Plan for
Make time for research early, look at what’s happening in the cybersecurity arena and at your university.
Choose a theme that will resonate with your university.
Make time for testing before you launch an online presence or even a print piece.
Evaluate the success of your activities (determine criteria in advance). Look at results of email or social media promotion as well to improve for next year.
Some Resources
Some Resources
Events and Campaigns
Events and Campaigns
Audience Specific - Wisconsin, Teacher’s College, NC State, Texas A&M
Students
Texas A&M - primarily targeted student for many years, although anyone could participate. In 2015 and 2016 tried to choose a theme that would appeal to everyone on campus.
Employees (Faculty and Staff)
Wisconsin - Hold big event and monthlong promos with dual focus: protecting (your) intellectual property, and vulnerability when traveling - specific speakers and online resources, partner with others.
Teacher’s College - We have done 30 min. workshops all faculty, staff and students are invited. We are also invited to attend departmental staff meetings and present.
Admins (whether systems or senior management--gatekeepers)
NC State - Lunch and Learn for developers on writing secure code
Texas A&M - IT Security Center website and IT Forum
University Administration
NC State - Chancellor's Administrative Leadership Meeting
Targeted presentation to upper-level administrators that gave overview of campus IT, but spent a bulk of the time on security topics related specifically to them.
Texas A&M - State of Security Report (print piece was mailed to all university Deans, VPs and top-level execs, online copy is protected behind log in)
Month-Long Campaigns - Valpo and George Washington
Valpo - We hold special events open to all, but attendees are mostly staff. The bulk of the campaign (details below) is aimed at everyone on campus. There are benefits to being an official NCSAM champion, including getting access to pre made resources that make life easier for smaller teams.
George Washington - Online phishing contest (online contest for GW community to identify signs of phishing in sample messages each week, posted on our social media channels, Apple Watch giveaway); interactive information tables set up in popular areas around campus (USB giveaway at tables), events targeted to faculty/staff, large keystone event at end of month partnered with National Cyber Security Alliance and Department of Homeland Security - https://it.gwu.edu/ncsam2016
Special Events - Teacher’s College, Georgia Tech and UT Rio Grande
Teacher’s College, present at specific faculty meetings. Add Value - conversational. Go to where they are!
University Texas Rio Grande Valley - Cybersecurity Expo:
Part of National Cyber Security Awareness Month (NCSAM) and Registered as an official NCSAM Champion via Stop. Think. Connect. (STC)
Promoted via emails, online registration, posters, Facebook, TVs around campus, and UTRGVMessenger
Games: Spin and Win, Let’s go Phishing (prizes: hand sanitizer, padlock stress reliever, keychain)
Help from:
The Information Systems Department in the Robert C. Vackar College of Business & Entrepreneurship
Student Association of Information Technology Professionals (AITP)
Department of Computer Science in the College of Engineering and Computer Science
The Office for Victim Advocacy & Violence Prevention
UTRGV Career Center
115 attended in Edinburg and 75 in Brownsville (students, employees, and community)
Georgia Tech - Data Privacy Month in February
Safe computing combined with Safe Dating…
Promotional Ideas - GW, Valpo, UW and Georgia Tech
UW :
Cybersecurity day: talks, exhibits/vendors, tracks for department sys admins as well as general staff and students.
CSAM month: free security check ups, tips via social, etc.
Lockdown conf. for IT Sys Admins and other tech gatekeepers
Expert panel events for fac/staff (well-attended)
Monthly Chief Information Security Officer and Cybersecurity Team Blog Posts
IT and Security awareness materials (Basic tips and tricks, AV/VPN resources, ransomware, how to avoid phishing scams, travel security and safety)
Data Privacy Month event (expert panel discussion)
GW:
Information sessions (targeted for faculty, staff, technical teams)
Interactive information tables (set up in popular areas around campus, interactive - test strength of password, hacking demo)
Incorporated our annual techEXPO event to NCSAM - outside exhibit on campus showcasing all of our IT services, with a focus on cybersecurity
Online phishing contest (online contest for GW community to identify signs of phishing in sample messages each week, posted on our social media channels)
Keystone event with National Cyber Security Alliance and Department of Homeland Security
Digital signage
Blog posts
Daily social media posts (Twitter and Instagram)
Mass email to university announcing events for the month
Tie in NCSAM events with other campus-wide events
Valpo:
Registration as an official NCSAM Champion via Stop. Think. Connect. (STC);
Weekly campus-wide emails;
Daily social media posts including the hashtag #CyberAware (mostly using STC’s pre-written suggested posts) at facebook.com/itatvalpo and twitter.com/itatvalpo;
Daily posts on the IT website (valpo.edu/it);
Digital screens all over campus;
Table toppers in student union dining locations;
Posters distributed to all buildings (academic & residential) on campus;
A table in the student union “harassment hallway” during lunch hours for one week encouraging people to sign the Crusader Cyber Citizen Pledge (valpo.edu/it/cyberpledge/) staffed by IT fulltimers;
Workshop presentations open to everyone on campus;
Password best practices (co-presented by IT and College of Engineering) https://docs.google.com/presentation/d/1T3Yl9Vv0iFKLcEHmL8u3I5ZkWItd5lpt5KxtWLbQX1s/edit?usp=sharing
Avoiding malware & ransomware (co-presented by IT and Christ College (honors)) https://docs.google.com/presentation/d/1UrnUnJo1qL_KuK3X5rjiU2CUL62sNLIYQjff5knmUJQ/edit?usp=sharing
Buttons distributed to those who signed the pledge or attended a workshop. Surprisingly popular!! The finished button is 1” in diameter. (The HD manager allowed his students to make them for me so I “shared” the busy work.)
Georgia Tech:
Have participating in 3 events for October; one in Feb. for National Privacy Month.
Social media posts planned per week for FB and Twitter (cross posted with other campus units)
Posters in Student Center, IT buildings
Digital Signage
Banners on FB and Twitter
For February Data Privacy Month: Used Valentine’s Day to tie in “safe” data practices with heart shaped valentines containing security tips one one side and a Hershey’s kiss on another. Set up interactive quiz on table in Student Center with give-aways to participating students.
https://www.dropbox.com/s/gxiiv54wwjlace9/February%202015%20DPM%20Announcements4.pdf?dl=0
https://www.dropbox.com/s/j5k5x2wml9qdri5/Giveaways.docx?dl=0
This year, plan on theming around horror, spooky for Oct.
Lessons Learned
Lessons Learned
Challenges - Allison Moderates, Open to All Presenters
More time to plan isn’t always better. Scope creep can happen!
Students need a compelling reason to attend anything. Food and a ‘rock star’ speaker doesn’t guarantee engagement
Free cookie or coffee
Free USB Drive
Location, location, location! - Phishing fair was too off the beaten path
Events not always well attended, started moving more toward information tables set up in popular areas around campus
Finding campus partners can help reach more audiences
Confirm your theme, date, speakers and location early.
Success Stories - Stan Moderates, Open to All Presenters
Look for partnership opportunities (GW worked with the National Cyber Security Alliance and Department of Homeland Security on a keystone event)
Bring information to faculty and staff (GW created a short video with IT security best practices to show at faculty/staff orientation), present at faculty meetings
Include interactive components to help increase engagement
Plan in advance to evaluate what you will do; establish criteria and agreement for success.
If there are little/no funds, you must be creative and look for quick wins
Variety of events (info sessions, interactive info tables (tchotchke giveaways, candy), online component - phishing contest (prize for winner)
Page updated
Report abuse