By Laurie Merrill
GCU News Bureau
Grand Canyon University has been tapped to receive an award for a cutting-edge cybersecurity awareness campaign with a new twist.
The GCU IT Security department initiative — “A New Take on an Old Problem- GCU’s Cybersecurity Awareness Program” — makes a difference because it relies on positive, instead of negative, reinforcement, said Andrew Roberts, IT Security director.
The program garnered an award for GCU, which has been named an honoree of a 2017 CSO50 (Cybersecurity Officer) award from IDG (International Data Group).
“This prestigious honor is bestowed upon a select group of organizations that have demonstrated that their security projects/initiatives have created outstanding business value and thought leadership for their companies,” CSO said in a statement. The awards ceremony is in May.
Roberts said the initiative rewards employees who forward suspicious emails to his department. Traditional programs routinely provide negative reinforcement for unknowingly clicking on sham links.
Warnings from GCU’s “cyber-smart” employees allow Roberts’ four-member team to proactively protect systems before something bad happens.
Even a 15-minute head start gives the team time to mount a strong counterattack, allowing it to block email users and malicious links at the firewall and to contact email recipients. It has led to preventing malware incidents several times a week, Roberts said.
“The whole team has worked really hard to put this together,” Roberts said. “We don’t have a lot of the problems that other companies have. There’s usually a big wall between IT and everybody else. But we are getting a lot of engagement here. That is why we are ahead of the game.”
Since reporting suspicious emails is the desired activity, Roberts said, “every item reported to IT Security was answered promptly and courteously with an explanation of why (or why not) we should be concerned.”
The IT Security program includes weekly “IT Security Presents” emails, employee orientation training and an annual GCU Phishing Derby that awards prizes for sniffing out smelly emails.
The derby, which Roberts described as the “capstone” of the program, was timed to coincide with National Cybersecurity Awareness Month. It started with three weeks of tips and ended with a chance for employees to win prizes for reporting phishing emails.
The well-crafted factoids — which also were included in GCU Today’s daily employee news digest — imparted such pearls of wisdom as Phishing Clue #8:
“Just Smells Phishy — Sometimes you can’t put your finger on it, but an email just doesn’t feel legitimate. When that happens, trust your instincts. If you think an email is a fraud or scam, you are probably right.
“Lucky for you, GCU has a team of highly trained professionals that can sniff out a phishing email in no time. Just forward that email to ITSecurity@gcu.edu and they will tell you if it’s safe.”
Even luckier, employees read and understood the clues and began forwarding questionable emails to IT Security at an increased rate, Roberts said.
Weekly “IT Security Presents” newsletters contain often humorous stories with varied topics and characters that make repeated cameo performances, Roberts said.
“Employees now regularly reach out on a variety of topics, not just phishing, for guidance and clarification of all things cyber,” Roberts said.
Contact Laurie Merrill at (602) 639-6511 or firstname.lastname@example.org.