“Human behavior holds the key to online security”
As Information Security Officer at Tilburg University, Miranda van der Ploeg-Cools is charged with information security within the university’s organization. It is an important position, because she and her colleagues must ensure that all internal digital information is safe from such threats as data leaks, cyberattacks, and internal errors – every day, all day.
As Information Security Officer, Miranda has an advisory role. Together with her team, she develops and implements information security policy and protocols, carries out risk assessments, and raises information security awareness within the university’s organization. In practice, one of her tasks is to verify whether new applications awaiting purchase are safe and meet certain requirements. She also gives advice to students and staff on how to handle confidential information securely.
“At an educational institution like Tilburg University information security is crucial,” Miranda says. “We handle very large quantities of information. This information concerns personal data of our students and staff, of course, but also research data like medical data of respondents. That information is sensitive and we must protect it, not least because we notice that external interest in it is growing.”
At the end of the day it’s all about how students and staff themselves handle information. All it takes is for one individual to click on a dangerous phishing link...
Miranda van der Ploeg - Cools
Hacked through phishing
“We analyze information security risks in existing and new processes, and we give advice on technical and organizational measures that can or should be taken to enable secure working and studying,” Miranda continues. “But at the end of the day it’s all about how students and staff themselves handle information. That is why we are developing awareness campaigns. All it takes is for one individual to click on a dangerous phishing link...”
“In 2019, Maastricht University was hacked after a member of staff had clicked on a link in a phishing email. That really startled us and it made us realize that something like that should not happen to us.” Ever since that incident online security is attracting even more attention within the organization, especially given that digitalization is one of the pillars of Tilburg University’s Strategy. “It’s also becoming increasingly important. And no matter how carefully designed and aligned policies and systems are, the behavior of staff and students holds the key to online security.”
All hands on deck
What happened in Maastricht fortunately never happened at Tilburg University, but there was one incident that to Miranda’s mind was a bit too close for comfort. “Two years ago, a global and serious vulnerability was detected in Log4j software.” This particular software is widely used in web applications and systems, at Tilburg University, too. The National Cyber Security Center sent out a warning about potentially major damage and advised organizations to prepare for attacks. “The system needed an update, but the supplier was still in the process of developing one.”
“For us it was all hands on deck; this vulnerability could have very serious consequences. We itemized the systems that were running on this software – very many, as it turned out – performed risk analyses and ascertained whether we could turn off systems until the vulnerability issue had been resolved. It was quite complicated because these systems were being used by many people, staff as well as students. We put in so many hours, but it all ended well; we weren’t hacked and the update closed the security lek. They were tense times though.”
One of our biggest challenges today is to ensure that everyone within Tilburg University is aware of how essential information security is. Hackers are getting smarter every day.
“One of our biggest challenges today is to ensure that everyone within Tilburg University is aware of how essential information security is. We give advice and support, but at the end of the day how users handle information is their own responsibility. Hackers are getting smarter every day, and artificial intelligence is evolving at a breathtaking pace. How do we prepare everyone for these challenges? How can we continue to ensure that our information doesn’t fall into the wrong hands? That is what we deal with every day.”
Online security – Miranda’s three tips
- Never click on links in emails from unreliable or unknown senders. Our software catches many phishing mails, but not all. Ultimately, you are responsible. If you are unsure or in doubt, please contact the CISO Office at email@example.com. They will be happy to help. The Privacy & Security portal gives useful tips on how to securely handle data and personal data.
- Be aware that you are handling university information. Lock your computer (using the Windows logo + L key combination) every time you leave it unattended, no matter where you are working, and make it a routine. This way you prevent others from using your account.
- Use strong passwords and a different one for each account. Weak passwords are easy prey for hackers, giving them easy access to your data and those of others. Use a password manager like Keeper. This tool is available free of charge through the university.
Together we keep information and personal data safe … Be your own hero!
By: Hilde Gilissen
Photos: Simone Michielsen