Cybersecurity keeping SBCC safe online, protecting users and data

Photo+Illustration.

Ryan P. Cruz

Photo Illustration.

Tom Chorney, Staff Writer

City College will be implementing new cybersecurity techniques into the college’s Information Technology infrastructure to combat hacking attempts and other cyber attacks.

Director of IT Infrastructure and Security Jim Clark outlined the measures in a report delivered during the Feb. 11 Board of Trustees meeting. Several new initiatives are included in response to incidents that occurred over the past year.

“We learned that it’s important to be prepared,” said Clark. “Fortunately, when the COVID-19 emergency hit us in March of 2020, we were able to pivot relatively quickly.”

A wave of issues have come with moving operations online, notably a “Zoom bombing” incident in April 2020.  The City College IT department responded by upgrading firewalls, refining defenses against wireless intrusion and applying multi-factor authentication to accessing confidential information.

For its efforts, City College was awarded the 2021 Technology Planning Award by the Chief Information Systems Officers Association of the California Community Colleges.

“Security is always a moving target,” Clark said, “and we try to move with it as best we can.”

Cyberattacks are a regular occurrence for the IT department to handle. The two most common types are “phishing” emails, which are scam messages that appear legitimate in order to obtain information, and more sophisticated attacks that attempt to probe for weaknesses in the college’s systems.

In December of 2020, a simulated phishing attempt from the IT department, under the guise of “COVID-19 Training,” was sent via staff-wide email. 16% of those who were contacted responded. After submitting information the responders were made aware it was a test, and were provided material to spot phishing attempts in the future.

“We are constantly testing and trying to reinforce good habits over the bad habits,” said Clark. According to Clark, “paranoia is a healthy thing” when it comes to awareness of cybersecurity threats.

The report’s data security section also acknowledged the “Front Rush Incident.”

The incident saw data of 372 City College-associated individuals stored on the server for student athlete logistics company Front Rush leaked in June of last year, including the Social Security numbers of 12 students. Those affected were contacted and provided identity theft protection services.

The report states that while the leak did not result from any breach of the college’s own servers, City College consulted legal counsel in order to take appropriate action.

In addition to the measures currently in place, the college will undergo “penetration testing” in mid-2021 to identify vulnerabilities to the college’s network both externally and internally.

The California Community Colleges Information Security Center will perform the testing, and will follow up with a security controls gap analysis that was originally scheduled for 2020 but delayed due to the pandemic.

Clark credits his team for adapting the school’s infrastructure under evolving circumstances. “Security is always a moving target,” he said, “and we try to move with it as best we can.”