The Information Security Office’s half-day virtual event on March 26 drew about 100 campus members. Data@Rest: Bits n’ Bytes featured a variety of speakers from Carolina’s IT community in a TED Talk style format.
“Seeing folks from across the University who we normally don’t get a chance to interact with attend was incredible,” said Charlie Mewshaw, event co-organizer with Michael Williams. “Sometimes it can be hard to draw a diverse IT crowd to a security-focused event. Thanks to our speakers bringing engaging topics across themes that were either security related or security adjacent, we got to see all walks of IT life in attendance. I am so grateful for their time and effort in making the event a success!”
Simulated phishing campaign
As two of the presenters themselves, Mewshaw and Williams discussed ISO’s recent simulated phishing campaign and explained some of the choices that went into the exercise. They phished campus IT professionals to “see if all that stuff that gets talked about is sticking within” and how much more education they need to provide to keep everyone safe, Mewshaw said. They wanted to learn if people understand the process for reporting phish, if they’ve become complacent, and if they look closely at suspicious emails.
“No one is immune,” Mewshaw said. Some information security professionals clicked on the fake phishing emails too. But the ISO isn’t naming names. “We are not going to shame anyone,” he said. Instead, the campaign was “a learning moment.”
If campus units want a simulated phishing campaign conducted with their end users, the Security Office will offer the service at no cost, Mewshaw said.
LastPass password management
Dave Eiselman, a Network Security Specialist with the ISO, reminded attendees that the University offers the LastPass password management tool for campus members’ personal use. Faculty, staff and students can get LastPass Premium for free, with encrypted file storage on an unlimited number of devices.
In addition, the Security Office will soon roll out LastPass Enterprise for free to University departments for business use. The ISO and a few pilot groups are currently using LastPass Enterprise.
“Your department can have your LastPass account broken up into your groups so that you can share passwords, encrypted files, and encrypted notes with members of your team or your sub team securely,” Eiselman said.
If somebody leaves the University or changes departments or units, the person’s access to that LastPass group will be removed.
“It’s a really powerful tool,” Eiselman said.
Other topics and speakers
Data@Rest: Bits n’ Bytes also featured:
- Kim Stahl, ITS Senior Policy and Process Lead, whose presentation was called, “Why So Sensitive? A discussion of data governance.”
- Drew Trumbull, Information Security Incident Handler, who discussed endpoint and network protection methods that the Information Security Office has implemented and their impact.
- Stephen Allen, Systems Programmer and Analyst, who talked about gamification in information security training.
- Quinton Johnson, Export Control Officer, provides expertise and personalized support to the Carolina community through training and program development with the goal of reducing the University’s overall compliance risk. He explained what his office does and what that means for the larger community.