Securing the Campus, One Year Later
November 10th, 2021
A year ago today, CSUSM experienced one of the most impactful security events in CSU
history. In response, our campus community quickly came together to secure CSUSM through
the adoption of DUO and other measures. A systemwide project was also initiated to
respond to the growing threat and sophistication of cybercriminals that are purposely targeting higher education. Additionally, CSUSM underwent a security audit in Spring 2021 (Audit Report 20-81), which resulted in several recommendations on enhancing
Throughout the past year, IITS has deployed a full range of security enhancements that have better positioned CSUSM in the current cybersecurity environment. On a daily basis our campus is faced with protecting the community from thousands of phishing emails, malware downloads, and password exploitation attempts. In response, we have made key public changes like increasing password length and the full deployment of DUO to core campus systems, in addition to critical behind-the-scenes changes.
Looking forward, IITS is already taking the necessary and additional actions to address the security audit findings and complete our efforts in response to the systemwide security effort.
CSUSM utilizes automated systems to manage compliance with CSU and campus policy and to continue
our work towards a secure campus. Therefore, to ensure the campus community is fully aware of the tools that are either deployed on systems you use or may produce noticeably different interactions, we wanted to share with the campus community the following changes:
- Expanded Deployment of Anti-Virus Software – While anti-virus protection software has long been a must-have for Windows systems, historically it has not been a requirement for Mac computers. IITS has been utilzing Trend to protect Windows computers but had not yet deployed the software on Apple devices. Going forward, all campus systems will be protected by Microsoft Defender. Therefore, through the end of the year IITS will be automatically deploying the anti-virus software to all existing and new faculty, staff, and lab computers.
- Enhanced Protection from Email Threats – Campus systems are on a daily basis bombarded with thousands of fake emails that are trying to trick institutions such as CSUSM. During the COVID-19 period when more users than ever were online, there was a 60% increase in these types of attacks. This increase was also witnessed on our campus, as one of the most common threats the IITS information security team responds to are users who click on a link and enter their personal information only to realize afterwards that they have visited a
malicious site and shared their credentials with malicious actors. While your vigilance and skepticism before clicking on any link is always the first
line of defense, IITS has also deployed Defender for Office for increased protection. This tool seeks to prevent malicious attachments from being delivered to your inbox, runs embedded
links through the Microsoft AI engine to detect malicious websites (which results
in the url changing), and provides improved phishing protection.
- Client Vulnerability Scanning - IITS constantly scans all on-campus servers on for vulnerabilities and missing security updates. However, as every device on the campus network is a possible gateway for exploitation by cybercriminals, the campus is expanding our vulnerability scanning to include both servers and user computers. This scanning is done via an app called Nessus by Tenable on user computers that identifies vulnerabilities in both the operating system and identifies installed applications with missing critical patches. For increased protection, IITS will be expanding our use of Nessus by Tenable to help IITS identify systems with security vulnerabilities that require a proactive
response. When items that require remediation are identified, the user or system owner will
be contacted by IITS as we work to secure the system or software.
- Protection from Email Spoofing – We have all seen them: the emails that look like they are from someone you know or an organization that you trust but are actually malicious. In reality, the name of the email sender and the email formatting are the most unreliable measures
of authenticity. To help prevent impersonation of csusm.edu domain addresses by malicious actions,
IITS will be deploying a tool called Mimecast that will alert IITS and warn users
of suspicious emails.
- Expanded Use of DUO (Two-Factor Authentication) – A key element of last year's security response was the deployment of DUO on key campus systems. As the use of two-factor authentication is one of the best defenses against compromised user credentials, IITS will be expanding DUO deployment to additional systems and services including Zoom, Qualtrics, Abobe Sign and others. To lessen the burden that this may create, IITS will be making configuration changes to DUO so that users are prompted based upon the time period between validations versus every time a system is accessed.
- Annual Password Change – Last year, IITS moved to a passphrase configuration that removed some of the complexity requirements but extended the password change window to one year and put in place new length requirements. If you have yet to change your password since last year’s security event, your password is coming up on expiration. Therefore, we are encouraging the campus community members to change/update your password before
the end of the fall semester so it will not expire during the holiday break. Please visit https://password.csusm.edu to change your password.
Read our Spring 21 (Jan. 27th) update on the security incident for background and