Changes to HMS Information Security

HMS IT is actively working on several initiatives to help make HMS more secure. We are identifying and prioritizing risks and putting processes and technology in place to help. Here are a few of the things that we are working on:

DUO 2-step authentication for O2 interactive logins.

In order to minimize the risk of compromised accounts, we are instituting DUO 2-step authentication for all O2 interactive logins on November 26, 2018

DUO 2-step authentication for Office 365:

We are working with Harvard University IT to implement DUO for our O365 accounts. Initially we will be rolling this out to individuals with access to sensitive systems, such as finance and HR, but will turn this on for individuals whose email accounts have been compromised.

Improved network authentication

In the coming months we will be making changes to our wireless networks in order to strengthen our verification and authorization mechanisms, and will introduce a new guest portal.

Discovery of vulnerable systems

HMS IT has become increasingly aware that there are vulnerable laptop and desktop systems on our network. Of course, we should all be regularly installing security updates for our computers. However, this doesn’t always happen for a variety of reasons. These systems exist in a state where they can be leveraged against us by malicious actors. In order to discover these systems, HMS IT will be running some lightweight discovery scans to detect and address these systems.

Continued roll out of Cyber Essentials

Cyber Essentials is our bundle of security software that we install to help manage and secure all laptops, desktops, and servers here at HMS. HMS IT are increasing efforts to install these tools on all eligible systems.

For more information about Cyber Essentials, visit our Cyber Essentials page.To request information security talks or training for your group or department, contact HMS Information Security at iso@hms.harvard.edu