Over the last few months, there has been a lot of attention in the media regarding cyber security incidents. The universities of Maastricht and Antwerp were subject to cyber-attacks and it was revealed that the Citrix system -used by many Dutch governmental organisations- showed severe security weaknesses.
We would like to inform you of the efforts the University of Twente to protect ourselves against these sort of criminal activities. Also, we would like to make an appeal to all staff and students, as you may play a vital role in keeping our systems and data safe.
Professional cybercrime
The recent events show how professional current cybercriminals operate in gaining access to systems and data, and systemically scan for opportunities to expand their access. We need to accelerate our initiatives to secure our digital safety. It is like a cat-and-mouse game in which hackers are becoming increasingly proficient and organisations need to improve their safety measures to keep up.
Joint responsibility
Safety and security of our data and systems are not just a technical matter. Sensible behaviour when it comes to the use of IT is just as important, if not more important. Using our systems wisely is not only in the interest of the organisation, but also benefits your personal security. We would like to ask you and your fellow staff members and students to be extra alert.
- Please note and report suspicious activity at the Computer Emergency Response Team (CERT) of the UT, via email to cert@utwente.nl. Mails which urge you to take action are in particular suspicious.
- If you do not trust an email, for instance, if they contain requests from a bank or delivery service, do not click on the links in the email. If you think action is required, go to the website of the company by using your internet browser and log in there.
- Only connect trusted (storage) devices to your equipment.
- Do not prevent updates from being installed and make sure that your devices always have the latest security updates installed.
For more information on cyber safety and security measures that you can take, please visit the UT website: https://www.utwente.nl/en/cyber-safety/.
University of Twente’s approach
We have been taken our digital safety and security into consideration carefully over the last few weeks. Measures were taken where needed. Our colleagues at Maastricht University have been transparent on their findings during and after they were hit by a cyber-attack. We are very grateful for that, as it will help us and other universities to take adequate action against cyber criminality. The Dutch universities work closely together in this matter, as we cherish our open-minded attitude and scientific collaboration.
The lessons learned from Maastricht will be integrated into our safety policy further in the coming months. We built upon the solid work that has been done over the years. It is important that we focus not only on measures that will minimise the chance of being hit by a cyber-attack, but also at measures that will reduce their impact as well as plans and actions secure the continuity of our key processes in case a cyber-attack does take place.
Safety versus user-friendliness
Within Shaping2030, we have committed ourselves to the highest standards for safety and security (compliance), as it is of eminent importance to the university. Continuously, we need to balance between securing our safety and ensuring we can do our work as efficient and effective as possible. Not every measure that needs to be taken will add to the user-friendliness of our systems. We ask for your understanding for this. We have chosen to not allow outdated software or systems that do not receive security updates anymore, on our network. This may lead to some inconvenience, but is a necessary step in keeping our systems and data safe.
