Cyber Security Enhancements
To: The Caltech Community
From: Vice Provost Kaushik Bhattacharya and Chief Information Officer Jin Chang
Date: December 2, 2021
In an effort to enhance Caltech's cyber infrastructure, the Institute will implement a series of new security measures for email and Office 365 systems during the 2022 calendar year. The measures, which were recommended by the Institute Computing Advisory Committee, are in response to a significant increase in both the scope and sophistication of phishing and malware attacks across the country and within the university community.
In accord with the committee's deliberations, the following measures will be implemented over the next year:
- Caltech users will be required to adopt multi-factor authentication (MFA) for email and Office 365 systems. MFA provides an extra layer of security before logging in to an online service and helps to ensure that an authorized user is the only person who can access an account, even if the password has been compromised or stolen.
- We will be establishing a cyber security committee with representatives from across campus. This group will help assess, evaluate, and mitigate future risks and identify opportunities to enhance the Institute's cyber security infrastructure. Among other steps, the committee will consider whether
- Phishing exercises should be periodically conducted to identify and monitor for potential vulnerabilities.
- An annual cyber security training module will be shared with all members of the community through access.caltech.edu.
Beginning in January 2022, IMSS will host workshops and training sessions to help introduce individual community members, divisions, and departments to the new MFA process and the Institute's enhanced security measures. We will also work closely with the divisions and administrative units to support the phased transition of full user groups to the MFA system and to understand and address individual concerns and questions throughout the process. In the meantime, members of the community may send comments or questions to [email protected].
The Institute's guidance on security best practices—including information on MFA, password management, backing up data, and software updates—is available on the IMSS website.
We thank you in advance for your support and partnership in helping to ensure that Caltech's cyber infrastructure is as secure as possible. Together, we can ensure that all users are positioned to protect Caltech's sensitive information and critical research computing environments.