Hub Gerats: 'When your system is taken hostage by cybercriminals, it has a huge impact.'
In the coming months, Fontys will launch a true offensive to get everyone's attention on the importance of dealing safely with digital resources and personal data. 'Changing habits may be difficult, but it is really necessary,' says Hub Gerats.
Hub Gerats has been the corporate information security officer (CISO) at Fontys since 2017 and since then, he's been asking attention for the importance of information security. Much has already been achieved he says: Fontys renewed it's key IT-systems, everyone needs to log in with an authenticator and the network is externally monitored 24/7. But that is not enough. 'You can put locks on your house and install an alarm, but if you leave the window open ...'
The golden rules
In the near future, employees will receive tips via several media channels on how to handle data more safely. For example, a special information website has been created. There will be workshops on the "golden rules for safe digital behaviour." Key figures within the organisation, such as managers, will receive additional workshops. 'Management must also be aware of how important it is and set a good example themselves,' says Gerats.
The risks due to carelessness are enormous, says Gerats. 'Information security and privacy' are at the top of the Risk and Threat Assessment for Higher Education. Educational institutions have an enormous amount of data, from staff, students, but also, due to research, from companies or patient data, for example. In addition: it has a huge impact, if your system is taken hostage by cybercriminals.'
Better facilitation
The problem is clear only ... making an Excel sheet with your team's data and put it on your own hard disk. Creating a new MS Teams group and not thinking of setting it to "closed" ... Sharing your password with a colleague anyway ... Who is never guilty of this?
Gerats knows this happens and also that it doesn't just stop after being informed. More is needed. From the Information Security programme, we have also reviewed processes. For instance, in case of processing data. Who is allowed to access the data and where? And we also looked at how we can facilitate people better. For instance, with the introduction of the new Sharepoint Online in 2025, we will set all MS Team groups closed by default. So it will be a conscious decision to make the content public; we will also offer a password manager, among other things.'
Cybercriminals
With all these measures - in terms of technology, processes and behaviour - are we going to win the battle against cybercrime for good? 'No,' says Hub Gerats. 'That battle never stops, we will have to keep paying attention to it. But nobody can say "I have nothing to do with the digital world" anymore, we have to get rid of that. Certainly not if you use your laptop and smartphone in the meantime. Clear policy comes with that, just like the policy on finance or personnel.'
Do you have questions about the Information Security programme?
Mail
The golden rules for secure use of digital assets and data
Author: Petra Merkx