One of the driving goals of SJSU IT is to make San Jose State University the safest campus in the country. Our strategy for getting there is to make security easier. We use a layered approach to put extra barriers between attackers and your data. One of the simplest but most effective protections is good password management — having strong passwords unique to each site you use that you change regularly. But that can be a pain. With dozens or hundreds of accounts all over the web, it’s almost impossible for us to keep track of what passwords we’re using where and when we last changed them. A password manager simplifies that whole process for you, making everyday security easier.
I first let campus know about our plans to bring LastPass’ enterprise password management to everyone in our campus community at no cost back in October 2020. LastPass will suggest, store, and autofill extra-secure random combinations of numbers, letters, and symbols for all of your accounts. Because LastPass encrypts all of your passwords, it’s much more secure than keeping them on a notepad or Google Doc and more reliable than trying to remember everything.
The SJSU IT Information Security Office will continue to keep you updated on when it’s ready for you.
I want to thank Ravi Pisupati, Michael Hastings, Nikhil Mistry, Tristan Orlino, Andy Trembley, Bruce Gardner, and Jason Ferguson for working on bringing LastPass to our community.
Next week, our Information Security Office will begin their Phishing Awareness Program in support of our Technology Recovery Plan, building on our cybersecurity layering strategy.
As part of this program, our staff, faculty, and students will periodically receive simulated phishing emails that imitate real attacks. These emails are designed to create a realistic experience without putting employees or the university at risk for a security breach. Employees who respond to the fake phishing attempts are directed toward training and resources to help them recognize phishing attempts in the future without shaming anybody. We’ve run this program multiple times over the last few years and the results have been great. The Information Security Office will now operationalize this procedure quarterly because a knowledgeable user base is a strong defense against cybercriminals.
This program is critical because many of our faculty, staff, and students are working and learning remotely, where security safeguards are not as robust as on our campus network.
Faculty and staff were notified about the program in a campus-wide email on April 22 and prior messages. We’ll send out five such email phishing simulations over the next six months, timed to avoid the first two weeks of school, finals, and other critical events on campus, as part of our normal business process.
1. Staff Only: June 30, 2020
2. Staff Only: July 30, 2020
3. Faculty & Staff: September TBD
4. Students Only: October TBD
5. Faculty & Staff: November TBD
SJSU IT will redact the identifying information on those that responded and offer security training for departments with higher susceptibility rates. If you have any questions, please let me know.