You are here

New Training Teaches UNLV Employees the Basics of Cybersecurity Awareness

The UNLV Office of Information Technology provides faculty and staff with techniques to spot potential cybersecurity threats and use safe online practices.

OIT News  |  Mar 21, 2019  |  By Nicole Johnson

Locking your front door. Closing your garage. Setting your home alarm. These are some of the security measures we do every day to protect ourselves from criminals. But what about taking security precautions when it comes to the internet?

According to a report by the Identity Theft Resource Center (ITRC), hackers stole nearly half a billion records containing sensitive personal information from U.S. consumers in 2018. That is an increase of 126 percent from 2017 - when nearly 200 million consumer records were exposed - and an all-time high for one year.

Cybersecurity professionals working in the UNLV Office of Information Technology (OIT) recognize the uptick in cybercrime. To address and combat increasing threats to the university’s information systems and data, OIT is equipping faculty and staff with the tools to identify and report hacking attempts, data breaches, and other cyberattacks.

“The new cybersecurity awareness training teaches UNLV faculty and staff about cybersecurity threats and common risks,” said Vito Rocco, senior information security analyst and supervisor for OIT, who has more than 20 years of information security experience, including years working for the U.S. Department of Defense and several Fortune 500 companies.

Although the 2018 ITRC findings show a 23 percent decrease in data breaches from the year before, the report notes that data breaches have become the new normal. “(It is) not so much a matter of ‘if’ a breach will happen, but ‘when’ a breach will happen.”

So there is no better time than now to learn how to protect UNLV and yourself from being a victim of cybercrime.

It may not be shocking that hackers are finding new and creative ways to compromise information systems and data. Social engineering, using phishing tactics, is on the rise in higher education.

A university in Edmonton, Canada became a victim of an elaborate phishing attack. CBC News reported that the college was defrauded of $11.8 million after it failed to “verify whether emails (from 14 construction firms) requesting a change in banking information were legitimate.”

However, it may come as a surprise that data breaches happen (more often than not) because of human error - or simple mistakes.

One recent example is the California State Polytechnic University student data leak. EdScoop reports that a university employee sent an email containing advising information to nearly 1,000 computer science students. Inadvertently, the employee attached a spreadsheet with personal information of all 4,557 active students in the college of science.

Even though affected students were notified about the data breach and the email was deleted, “there is no way to know how many people downloaded or copied the information before access was lost.” An honest mistake may have crippling ramifications for the university, including potential Family Educational Rights and Privacy Act violations.

What happened at California State Polytechnic University could happen anywhere, and UNLV is not an exception.

“It is incidents like this that show why we all need to be more aware of the importance of cybersecurity,” Rocco commented. “UNLV continues to be a free information sharing institution, but we need to be able to balance the ability to access information with the need to keep it secure.”

UNLV faculty and staff are required to take the cybersecurity awareness training on an annual basis. The course includes easy-to-use modules that teach employees how to remain vigilant, exercise caution online, and use best cybersecurity practices to protect the university and themselves from falling victim to an attack.

Rocco would like to see faculty and staff use what they learn from the training and apply it to their day-to-day activities. Enhancing the security culture at any higher education institution can take some time, but is not stopping Rocco from looking towards the future

He hopes to offer more targeted training for different university entities.

“We would like to expand our catalog of training opportunities. Eventually, we will have specialized courses for upper management, technical personnel, and administrative groups.”

Until then, Rocco is ready to prepare UNLV faculty and staff with the knowledge to stay safe online.