On Nov. 6, the Office of Information Service Technology, or IST, released security awareness training modules for students on the Highlander Pipeline. These modules train NJIT students and staff about cybersecurity threats they may encounter, as well as the steps that they can take to prevent them.
Under the 1999 Gramm-Leach-Bliley Act, universities are required to develop, implement, and maintain an information security program. Sharon Kelley, Executive Director for Information Security & Chief Information Security Officer at NJIT, stated, “there are a lot of job scams, and our goal is to try to help our students protect themselves.”
Ed Wozencroft, the Vice President for Digital Strategy and Chief Information Officer, explained that because NJIT has a public directory information, it is easy for scammers to impersonate a professor and send a scam email to a student. To mitigate this type of attack, NJIT has partnered with trusted vendor Proofpoint and released a security awareness training tool, as well as an email protection tool, which protects students’ emails from phishing, malware, and account spoofing.
The tool scans emails by a protection server and validates it against a list of filters and safety checks. While the email tool serves to protect students from different cyber-attacks, the security training modules bring awareness to different preventative cyber cyber-attack techniques that students and faculty can follow. The modules consist of three to five-minute videos and are followed by short quizzes on what participants have learned.
As of the week of November 13, Kelley stated that the completion rate from the NJIT student body is “6% and the average score is 97.47%.” Both Kelly and Wozencroft are hoping for a higher completion rate for the spring semester.
Wozencroft explained that the Office’s security campaign was broken down into two phases. The first phase was to introduce students to Duo-Authentication in Fall 2023, which was meant to prevent issues with an account being compromised. The second phase is commencing this semester, with a stronger push for students to take the security training modules.
“We’ll start to incorporate it into things like New Student Orientation and Transfer Student Experience,” Wozencroft stated. “Similar to the ALICE Training that Public Safety does, we will introduce new and more advanced modules over time.”
Kelley added that future plans for the Office of IST involve “working together with different communities around campus,” and “[ensuring] that the faculty, staff and researchers can do what they want to do, as securely as possible.”
With the end of Fall 2023, both Kelley and Wozencroft stressed that students should remain alert when interacting with the cyber world. Kelley recommended that students take advantage of multi-factor authentication services for all applicable personal accounts. Wozencroft advised that if students are unsure about a site or email, they should take a second to think before they react: “If you see a lot of typos on a webpage, question that. If you see something that’s asking for your data, look at the URL and look at the origin of it.”
As cyber-attacks continue to become a growing problem for many Americans, the importance of being well-informed in cybersecurity has grown as well. According to the Federal Bureau of Investigation’s 2021 Internet Crime Report, 847,376 complaints were filed in relation to cybercrime. Some of these complaints involved ransomware and business email compromise schemes.
Wozencroft summarized that the IST’s “primary goal is to make sure that the data that we’re entrusted with is as secure as humanly possible.”