Response from Rocky Jenkins, director of network and systems services, Eastern Michigan University.
Good cyber hygiene is critical to protecting “back end data.” Regular software updates and patch management are critical in mitigating known software vulnerabilities.
Two-factor authentication is vital to hedge against phishing and other social engineering attacks. Appropriate data encryption serves to protect critical data. And, vulnerability scanning/management of the environment is key to identifying and closing all known system vulnerabilities.
Modern firewalls and end-point protection protect against ransomware and reduce the overall threat landscape. And cyber security awareness training for all users is critical to help them understand common social engineering-based threats and attacks. Assess and validate cyber security controls in place to protect data stored in any hosted/cloud-based system.
The current IT landscape is full of concerns. Anything that cybercriminals can monetize is a risk. Probably the most common problem I hear about is ransomware, which can be addressed by managing patches/updates and ensuring off-site backups are regularly completed (and isolated).