From the CIO

From the CIO

Kelly Block serves as Interim Chief Information Officer (CIO) for the University of Illinois System.

For more information about Kelly, visit About the CIO.

Recent Posts
March 2017 - Posts

I was invited to give a briefing at AGB's National Conference on Trusteeship in Dallas, Texas, next week on cybersecurity for colleges and universities. Here are a few of my thoughts leading into the presentation.  

About once a week, I receive a new email message touting "top 10 cybersecurity risks" or "this year's report on cybersecurity shows more attacks than ever" or some other tactic designed to make me want to open it. I've yet to get one that is a cyberattack disguised as a cyber-defense message; however, I'm sure that's next. Mostly, these messages focus on two topics: the new threats and the new methods to combat the threats.

Just in the past few years, the increase in the use of mobile devices has created new ways for criminals to get your personal and corporate data. At universities, we tend to be a bit more open with the bring-your-own-device mentality, so the problem is amplified. It used to be that hackers would need to break into centralized on-campus systems. Now that it is popular to host university data off campus in the cloud, the bad guys have a choice to use malware on a personal computer or mobile device, or they can break in to hosted services without sneaking into your campus.

The current thinking is that containment, simplification, and automation are the keys to combat these threats.

Make sure that your critical data are constrained so that criminals have fewer options to get it. Simplify your security operations so that you don't have a different solution for every piece of software or data that you use. By simplifying the number of tools and procedures that you have, you can practice them more often and be more successful at implementing them. Automation is the critical when the breadth of threats increase. You can't just keep hiring more and more people every time something new appears, so buy tools that can watch your systems and data for you.

But the most critical aspect of cybersecurity is still the human.

Criminals will focus on the biggest vulnerability, so if your employees can't easily distinguish between legitimate online content and malicious content, you will become a target. Fortunately, this is preventable, and when you train your staff to be suspicious, the hackers will avoid you because the return on their investment is low.

Reprinted with permission of Association of Governing Boards of Universities and Colleges. To view the original blog post, visit  

Posted by Michael Hites  On Mar 27, 2017 at 9:24 AM