Executive Board column: Cybersecurity is our shared responsibility so what do we need to do?
Cyber threats are on the increase. This won’t have escaped anyone’s notice. Monitoring by our cybersecurity experts has shown that there are non-stop attempts to penetrate our systems. What are we doing to prevent this and what can you as a staff member do to create cybersecurity?
In this column Annetje Ottow, Hester Bijl and Martijn Ridderbos give a peek behind the scenes at the Executive Board of Leiden University. What does their work entail? What makes them enthusiastic? What challenges do they face? Building a healthy and engaged learning community begins with sharing what you are up to. This time it’s Martijn Ridderbos’s turn.
Digitalisation has created bags of opportunities and chances that we want to continue to make the most of, but it also has a downside that can make us vulnerable as an organisation. The ransomware attack on Maastricht University in 2019 showed how this can happen to all of us.
To increase our resilience as a university, the Board has asked for our cybersecurity programme to be intensified. The programme consists of various actions and measures, including a campaign to raise awareness about staying safe online and handling sensitive information. We are also taking technical measures to reduce the likelihood of incidents and, if they do occur, to minimise their impact. For example, we will ensure that the website or externally hosted pages are back online again as soon as possible after an attack to keep the communication channels open with our students and staff.
To find out whether these measures work, it is important to hold regular exercises. The biennial OZON cyber crisis exercise for the research and teaching sector was held on 23 and 24 March. Together with other educational institutions and ministries, we looked at whether we are prepared for cyber attacks. Over 70 education organisations and more than 2,000 people from research universities, universities of applied sciences and senior secondary vocational education colleges took part. We were put to the test. Good collaboration is extremely important here. We will use our experiences and the input from the evaluation to further improve our processes and procedures. This will make us as a university even more prepared in the event of a real cyber crisis.
As a university we are therefore taking the extra steps needed to ensure we can safely continue with our high-quality research and teaching. This requires an effort from every one of us. We aim for the maximum security at the minimum inconvenience but security and user-friendliness do not always go hand in hand. You may find yourself having to log in multiple times with multi-factor authentication (MFA). Even I let out the odd sigh when I have to copy a code from my mobile for the umpteenth time, but we need this to work safely online.
Working safely also means working differently. One part of the new programme is the new Security Office. This is the central point of contact at the University for cybersecurity questions. Our colleagues at the Security Office are there to help. You will find more information, such as on how to report unsafe situations or ask any questions, on this new page.
The security of our data is in all of our hands. This means that we all have to do our bit to keep our digital systems secure by reporting risky situations, changing our behaviour and helping each other work more safely. We will have to get used to these security measures because the threat is part of everyday life. Cybersecurity is my responsibility and yours but we’ll get there by working together.
Share your comments or experiences by sending an email to firstname.lastname@example.org.