An Information Security publication for the WPI community.

Welcome our new CISO, find out how security of remote connections is being increased, and ensure online shopping safety in this edition. If you missed National Cybersecurity Awareness Month, you can catch up here!

Introducing WPI's New CISO, Larry Wilson

Larry Wilson joined WPI in September as our Chief Information Security Officer. Larry’s key area of responsibility includes developing and delivering a comprehensive information security strategy and information security program leveraging collaboration and campus-wide resources, facilitating information security best practices, advising senior leadership on security direction and resource investments, and developing the appropriate policies and processes to manage information security risk. 

Prior to joining WPI, Larry was the former Chief Information Security Officer for the University of Massachusetts President's Office. In this role, Larry was responsible for developing, implementing, and overseeing compliance with the UMASS Information Security Policy and Written Information Security Plan (WISP). He also provided consulting and training that focused on designing and building enterprise and academic cybersecurity programs. Larry also managed the Network Security Engineering and Operations programs at State Street Bank. 

Larry earned an MS in Civil / Structural Engineering from the University of New Hampshire. He has both Certified Information Systems Security Professional (CISSP), and Certified Information Systems Auditor (CISA) certifications. 

Implementation of MFA for VPN

MFA requires a password and an additional verification on a separate device.

Multifactor Authentication (MFA) has been in place for over 6 months for all members of the WPI community who access Office 365 and Workday Applications. In early October 2020, WPI implemented MFA for additional security for remote workers within Institutional Research (IR), Advancement, Talent and Inclusion, Payroll, Finance, Financial Aid and Academic Affairs who use the Global Protect Virtual Private Network (VPN) to connect to the WPI network.  

On Monday, November 16, the WPI Information Security and Risk Council (ISRC) approved the implementation of MFA for all WPI remote workers who use the Global Protect VPN. So, starting next month (December 2020) the remainder of WPI employees, faculty, contractors, etc., will be using MFA in combination with Global Protect VPN for remote access to WPI resources. This change will likely be transparent for those already leveraging VPN on a weekly basis for Workday and Salesforce.  Prior to the implementation IT news will provide further details, including the use of tokens.

Passwords alone are not sufficiently secure for access to critical systems and applications. MFA adds an extra layer of security by requiring something you have (mobile device / text message) along with something you know (username / password) to connect.  Implementing Multifactor Authentication is one additional capability in the protection of critical WPI resources.

Additional information is available on the Hub at:

Protecting WPI's VPN with MFA

Shopping Safely Online  

Online shoppers need to take extra precautions, especially as the season of heightened cyber purchasing occurs! According to the Cybersecurity & Infrastructure Security Agency (CISA), attackers target online shoppers especially through fraudulent sites and email messages, intercepting insecure transactions, and targeting vulnerable computers. More information along with prevention tips are offered in their article linked below.

Shopping Safely Online

WPI Information Security also offers guidance in this new Hub article:

Shipping Online - Buyer Beware

NCSAM

Thanks to all who tuned in to the materials offered during National Cybersecurity Awareness Month (NCSAM). Because secure habits are vital to protecting identity, logins, and data for you personally as well as for WPI, materials remain available on the Hub!

NCSAM 2020