Cyber Essentials is a software bundle, plus two-step verification, that is required of all HMS supported end points.
What are Cyber Essentials?
Two-step verification (2FA) is the best way to mitigate the risk of stolen credentials. Two-step requires that individuals verify authentication with a smartphone application, a code sent to a mobile device, a call to a registered land line, etc.
Systems Management Software (SMS)
Systems Management Software, such as LANDesk and JamfPro, are vital tools that enable HMS IT to keep systems up-to-date with the latest security patches and virus definitions. In addition, HMS IT uses a standard naming convention so that an IT Support Associate can readily recognize the type of computer and the location.
Antivirus is absolutely essential to have on every single desktop or laptop. Updated antivirus software can help to stop malicious software, such as viruses, and ransomware.
CrashPlan backs up systems securely and can be the difference between losing all of your data or simply restoring from the most recent backup. For Ransomware mitigation, backup copies are indispensable.
CrowdStrike is next-generation endpoint protection utilizing pattern recognition to help Harvard respond quickly to advanced attacks, both those that use “malware” (malicious programs specifically designed to steal information) and those that do not use malware but instead use stolen credentials to move around a network and steal data. For more information on CrowdStrike, please see our FAQ.
Why are we requiring Cyber Essentials?
Harvard accounts are compromised or stolen every day. These accounts are used for everything from Harvard email to digital library access to PeopleSoft. In the case of PeopleSoft, we see active compromises of individual’s W2 and direct deposit information. Thieves are targeting this data in order to steal money. Additionally, valid accounts are being used to log into our systems and move laterally through the infrastructure, taking advantage of vulnerable systems in order to compromise them in order to gain access to sensitive data.
Prior to the introduction of 2-step verification, Harvard University would disable 500 accounts per month.
For those who are unfamiliar, Ransomware is malicious software that encrypts data so that you can’t access it until you pay a ransom. Ransomware is a $1 billion business. We’ve recently seen an outbreak of Ransomware here at HMS. In this last case, the individual who opened the infected file encrypted close to 82,000 files belonging to collaboration members and fellow department staff.
Today information security is a shared responsibility. Each of us has an obligation to educate ourselves to be good cyber citizens. As an unfortunate consequence of our connected world, we each have the potential to cause damage to Harvard, either through a data breach or through Ransomware or some other malicious software. It is now possible for a single individual to be leveraged to cause this damage, either through their credentials or through clicking on something malicious. Because of these risks we are currently reevaluating our policies on things like systems management software.
HMS IT and Cyber Essentials respect your privacy
- None of the Cyber Essentials software track or report on the data stored on a computer.
- The Cyber Essentials package will be required on any computer that an HMS/HSDM IT Representative maintains or troubleshoots, or that uses Harvard University licensed software.
- Cyber Essentials works in conjunction with two-step verification.