Today on Teaching & Learning Champions, we’re joined by Emilie Kunze. We’re talking about the importance of cybersecurity awareness as it relates to online teaching & learning.

Thanks for listening to TLC @ ACC!

Episode Transcript

[ Music ]

[Matthew Evins:] Welcome to another episode of Teaching & Learning Champions. I’m Matt Evins, Director of Academic Technology in the Teaching and Learning Excellence Division at ACC. Before I introduce our special guest for this month, I have a quick announcement. It’s actually a quick but important ask. ACC employees, have you noticed a colleague going above and beyond? ACC students, is your professor rocking it in the classroom? It’s important to recognize the best of ACC and celebrate teaching and leadership excellence when we see it. Nominations for ACC awards are open now through November 2nd. Take a moment to nominate the best of ACC at austincc.edu/awards. Today, I’m joined by Emilie Kunze as we talk about the importance of cybersecurity awareness as it relates to online teaching and learning. Emilie, thank you very much for joining me today.

[Emilie Kunze:] Thank you so much for having me.

[Matthew Evins:] Great. Well, let’s go ahead and jump into some of the questions. Can you tell us a little bit about the role of ACC’s information security department? What services and functions do you play?

[Emilie Kunze:] Sure. So our department, ACC Information Security, we support the governance, risk, and compliance needs of protecting the ACC information resources. We do follow the requirements of Texas Administrative Code Chapter 202. You often hear us refer to it just simply as TAC 202. We work closely with the Department of Information Resources at the State of Texas. So really, just like any information security program, our ultimate mission is the CIA triad. We’re trying to balance to confidentiality, integrity, and availability of ACC’s information. So our core services include, of course, awareness, as we’re here now, and regulatory compliance, risk and vulnerability management, data protection, and we do also provide some privacy oversight as well.

[Matthew Evins:] Are there particular areas – Just to follow up on that, are there particular areas where faculty who may be listening to this have come across ACC’s information security department, or do you try to stay behind the scenes as much as possible?

[Emilie Kunze:] You know, we’re really building our program right now. We are making a presence. I do know that faculty and staff get security advisories from us, so they’ve probably seen us there, and then also, of course, the mandatory cybersecurity awareness training. That’s an annual requirement. It’s actually a requirement of TAC 202. So those are definitely some places that you have seen us around.

[Matthew Evins:] Great. Well, thank you for that reminder. That actually reminds me, I’m actually behind in my cybersecurity awareness training, so I’ll be sure to take care of that as soon as we get off of here today.

[Emilie Kunze:] Perfect. Yeah, it’s only 30 minutes this year, so it’s great.

[Matthew Evins:] Perfect. So let’s talk a little bit about, you know, with everything that’s been going on with COVID, you know, the whole environment internationally has changed, but let’s drill down, what has changed in the last two to three years, and even since COVID, in the world of cybersecurity?

[Emilie Kunze:] You know, just ransomware and phishing just really come to mind. If you just do a simple search on Google, you’ll just find a ton of breeches and lockdowns that have occurred. I know just in the last year, there’s been Texas counties that have been locked down. And even broader, across the country, there have been colleges and universities and even K through 12 districts that have been locked down by ransomware. So as you may or may not know, ransomware is usually introduced through phishing. So that is why you will hear us talking about being diligent when it comes to email. You know, hovering over those links, don’t click on attachments, and, you know, things like that that you just get tired of hearing about, but it just helps protect us all, and it’s everybody’s responsibility. As far as COVID, it’s brought a whole new dimension to information security. The demand of teleworking structure has brought concerns around, you know, unauthorized disclosure of data, you know, challenges of enforcing the acceptable use policies, users using their own devices to access the network. And, of course, who thought we would have in our vocabulary Zoom-bombing? Those are just a few challenges that COVID has brought on.

[Matthew Evins:] Sure. And since you mentioned it, just as a follow-up, in terms of Zoom-bombing, you know, that’s something that we see in the news quite a bit these days as more companies and K-12 and higher education institutions start using Zoom for their web conferencing tool. ACC, of course, picked it up just recently as an option for web conferencing. Not to put you on the spot, but are there any quick tips you can provide to faculty to want to use Zoom or are currently using Zoom for are afraid of the Zoom-bombing to help prevent that type of thing?

[Emilie Kunze:] Absolutely. And actually, you know, I know we say Zoom-bombing, but it does happen on other platforms as well. I know we did have an incident in Google Meet, so it’s not just for Zoom. And I would encourage everyone to visit our website because we do have a Best Practices page for each of the platforms that ACC supports. That would be Google Meet, WebEx, and Zoom. And so we do have some best practices. You know, just password protect, unique codes, just really lock down your sessions. But I would highly encourage everyone to visit our website for those tips that are unique to each platform.

[Matthew Evins:] Perfect. And we’ll talk more about where you can find those links after our interview at the end of today’s show.

[Emilie Kunze:] Okay.

[Matthew Evins:] With the ongoing push towards online teaching and leaning, especially in light of COVID, what are some things that faculty specifically should be aware of in order to keep themselves and their students safe?

[Emilie Kunze:] You know, since moving virtual, it’s so important for all of us to protect ourselves personally and professionally. As you can imagine, cyber criminals take advantage of these heightened situations. Any time there’s, you know, this pandemic or maybe a hurricane, anything that is in the news, that’s where the cyber criminals just really jump in. We all need to have strong passwords. We need to change them often. We need to use multifactor authentication when we can, and most of all to stay on top of threats and just always be alert. If it sounds too good to be true, it probably is. And if it sounds or looks a little off, just take a minute to dig a little deeper and check it out and always ask questions. With regards to our conferencing platforms, like I mentioned before, we do highly recommend creating those unique codes and requiring passwords. We do have those Best Practices links like I mentioned before on our website that I highly encourage everyone to look at.

[Matthew Evins:] Just to follow up with that on the faculty side, you know, we’ve talked about web conferencing already, but in terms of faculty who are teaching online and having their students use various technologies on the web to create and submit assignments for their courses, are there things that faculty members should keep in mind when deciding which technologies to use in order to protect their students?

[Emilie Kunze:] You know, I think it’s really important to just know what ACC supports because, when you know what platforms and technologies that ACC supports, then you know that you have support of our department and such. But with any platform, with any technology, you just need to really make sure that you use those passwords. We can’t preach that enough, is passwords, passwords. And you need to fully investigate all of the technologies that you use and make sure you’re not sharing any personal identifiable information or sharing any sensitive maybe HIPAA, which would be health-related data, or student information, actually, you know, the FERPA. So you just really need to make sure of what data you’re sharing.

[Matthew Evins:] Sure. And then is there anything specific that students should be aware of, besides the passwords of course, but anything specific on the student side in terms of keeping themselves safe while being enrolled in and participating in online courses?

[Emilie Kunze:] Well, we can’t say this enough. I’m going to say it again, passwords and being alert. Always use multifactor authentication where you can and change those passwords often. There is a rise around spear phishing, which is targeted phishing attacks. We did send out an alert just this week to all students around spear phishing that is targeted for the financial aid disbursement season. So students just really need to be alert and on their toes. Students should always be wary of any communication that requests personal information. ACC and the federal government will never ask for any personal information via email directly.

[Matthew Evins:] Great. One of the things you mentioned, as we were talking about both faculty security as well as student security, is multifactor authentication. For those faculty members listening who may not be familiar with what that is, can you explain what multifactor authentication is?

[Emilie Kunze:] Absolutely. So that is going to be more than one form of identification. So usually, when you log into a system, you have your username and password. So it’s becoming more and more common to have multifactor, so it might be just two factors of authentication or even more than that. You can have three or four versions. You might use it when you go to your banking website. Usually, they’ll text a code, and you can reply with that code. Sometimes it is an email that is sent to you and you have to click on a link. So it’s multiple ways of identifying yourself to the company.

[Matthew Evins:] And you mentioned, you know, using multifactor authentication when possible. Is there a page available that — “documents” might be the wrong word, but that lists the platforms within ACC that uses and supports multifactor authentication?

[Emilie Kunze:] I do know that we do have information on multifactor authentication on our IT website. I highly encourage everyone to visit. When I’m saying “when available,” there’s just certain platforms that just have not gotten there yet on a personal level and a professional level. So a lot of the ACC applications are leaning towards multifactor authentication, and that is something that we’re really pushing in information security right now, so you will see that rise within the ACC community. But also, on a personal level, just any time you see multifactor authentication, I know you might think it’s a bother, but it’s so worth it.

[Matthew Evins:] Great. Let’s talk about — One of the things you mentioned at the very beginning was, you know, around awareness of cybersecurity and things like that, and you mentioned — Well, we discussed at the top of the show about the required annual cybersecurity training. Beyond that — and I realize that that’s for employees, whether it’s faculty or staff — are there other forms of cybersecurity training that’s available for faculty and staff as well as what might be available for students to help them learn more about cybersecurity awareness?

[Emilie Kunze:] So we are working to build our program. The main thing we do offer, like you just said, is the cybersecurity awareness training that’s a TAC 202 requirement. That is required for all faculty, staff, anyone who touches our data, really. We don’t really have anything else at the moment, but like I said, we are building our program. I highly recommend the Department of Homeland Security website. They have lots of information on their website as well, and that’s the overall national campaign. Here locally for cybersecurity awareness, we are creating awareness and sharing tips and best practices. It doesn’t just end with this month, though. Awareness is ongoing. We do encourage everyone to follow our social media accounts. You can find us on Facebook and Twitter, ACCInfoSec. We’re constantly sharing tips and tricks but also maybe news articles and related things that could just really help you in your everyday life, whether it be at school or at home.

[Matthew Evins:] Perfect. Well, the last question, on topic at least, that we have for you is, are there any new projects or initiatives around cybersecurity that InfoSec is working on that you might want to share with our listeners? I know you said your department is new and growing, so is there anything sort of coming up that you want to give us some insight to?

[Emilie Kunze:] Absolutely. Our department is growing leaps and bounds, as I’ve mentioned several times where it’s just growing really quickly. We’ve been working on policy and standards, awareness, new tools, onboarding new staff. It’s just been very busy, and a lot of the information can be found on our website. We’ve been reaching out the third parties, enhancing our confidentiality agreements, which helps, of course, in protecting faculty, staff, students, and alumni data. We have data loss prevention program. We’re looking into encryption tools and, of course, tightening up that password policy that I’ve mentioned several times. A great way to get information on new projects and initiatives, though, is our IT Digest that comes out biweekly. There’s actually a little security corner that you might have noticed, and we do relay important information there, and we do have some very — We have some upcoming projects that are coming up very soon, and there’ll be some training available, and we’ll be able to communicate that through the Security Corner.

[Matthew Evins:] Wonderful. Well, Emilie, before I let you go, one last final question. It doesn’t have to be InfoSec related, but is there anything giving you #RiverBatPride this week?

[Emilie Kunze:] You know, I’ve been a part of ACC for over 21 years, and watching ACC grow has just been very rewarding. Just really glad to be a part of a community that helps and encourages one another and most of all puts a focus and such pride in helping our students. It’s just really a rewarding and definitely gives me #RiverBatPride.

[Matthew Evins:] There was definitely something to be prideful for. So Emilie, thank you very much for your time today. It was very informative. And so, yes, thank you very much for joining us as we celebrate Cybersecurity Awareness Month.

[Emilie Kunze:] Thank you so much for having me.

[Matthew Evins:] Great. Well, that wraps up another episode of Teaching & Learning Champions. Don’t forget that you can read episode transcripts on the TLED blog and find links to any resources we referenced during the show. I also encourage you to subscribe to the ACC district podcasts on any of your preferred podcast apps or listen to individual episodes on the TLED website. You can learn more about the Teaching and Learning Excellence Division and keep up with everything relevant to the faculty experience at ACC by subscribing to our weekly newsletter. Simply text ACC TLED in all caps to 22828 to subscribe. And, of course, you can find us on Facebook, Instagram, and Twitter at ACC TLED. Thank you for tuning in, and we’ll chat next time on TLC @ ACC.

[ Music ]

Resources

ACC Infosec page: https://it.austincc.edu/departments/information-security/

Telecommuting Securely (which includes links to the Best Practices pages for the conferencing platforms): https://it.austincc.edu/about/main-policies/best-practices-for-telecommuting-securely/

Cybersecurity Awareness Month page: https://it.austincc.edu/2020/10/07/october-is-cybersecurity-awareness-month/

Cybersecurity awareness Training (Employees): https://www.austincc.edu/offices/staff-development-and-evaluations/mandatory-compliance-training

National Cybersecurity Awareness Month Alliance (DHS site): https://staysafeonline.org/cybersecurity-awareness-month/about-the-month/

Stop.Thnk.Connect (DHS): https://www.stopthinkconnect.org/