Ensuring information security is part of the everyday life of all university staff and students. Starting in the early spring of 2022, the University of Helsinki IT Security Test will be taken annually to help degree students in their everyday life. We talked about introducing the IT Security Test at the university with Vice-Rector Paula Eerola.
Different threats to information security are commonplace at the university as well. The most visible sign of this are the phishing messages that university staff and students get in their inbox. However, each student and member of staff can contribute to information security by considering it in their everyday life. To support these efforts, the university is introducing the University of Helsinki IT Security Test for students. The test focuses on factors and procedures that matter in terms of information security.
Vice-Rector Paula Eerola, where did the idea of an information security test for university staff and students come from?
“The general idea behind the test is that we are constantly facing greater and greater information security threats. There are attempts to hack university accounts as well as username and password phishing attempts. A few years ago, in autumn 2018 if I recall correctly, there was an exceptional wave of phishing attempts, and many people at the university were deceived. Because of this, we considered it very important to raise awareness of information security issues. The matter was also brought up as a recommendation in the university's report on information security issues. From there, we started thinking about how we could make people at the university more aware of information security issues.”
The University of Helsinki IT Security Test is mandatory for university staff, and starting in the early spring of 2022, the test will also be mandatory for degree students. Why is the test carried out this way?
“I have a background as a researcher at Cern, the European Research Organization for Particle Physics, which has given everyone a regular information security test for a long time. I was used to taking the test, and I had a pretty clear view of what the University of Helsinki test should look like – not 5-credit course, but 5–10-minute test. However, we came to the conclusion that we can’t make the test voluntary, because university staff and students are busy and might not make the test a very high priority. After all, when you get a university username, you commit to a lot of things. It felt natural to make the information security test a regular part of the process, just like changing passwords.”
In your opinion, what are the strengths that university staff and students have as a community when it comes to preparing for and responding to information security threats?
“We have a lot of expertise and responsibility: systems work under the hood, and we have a very knowledgeable community that understands the modern world and the risks associated with things like information networks and social media.”
However, Eerola points out that threats such as phishing attempts are constantly becoming more complex and difficult to identify, so the information security test and information security messaging play an important role.
“The risks are, overall, very significant. We all know what would happen if e-mails or the student register were hacked on a university-level, for example. It would be a disaster. We simply can’t afford something like that. The information security test is by no means intended to harass university staff or students. It’s meant to protect all of us and to ensure that the university can continue to function. Everyone must play their part in the university's information security.”
The University of Helsinki IT Security Test in a nutshell:
- The test is taken on Moodle and takes about 15 minutes.
- The test will be introduced to degree students in the early spring of 2022. Students will be informed of the exact time during December.
- The test comprises five questions that are selected from a question database. To pass the test, you must earn a minimum score of 80/100. The test is also accompanied by solid background material which you can go through before taking the test.
- You can retake the test as many times as necessary to pass it.
- The times for taking the test are staggered throughout the academic year and are assigned based on your username. You will be informed about your test schedule via e-mail. You will receive the first e-mail two months before you need to take the test.
- If you do not take the IT Security Test by the assigned date, your user account will be locked.
- Students can read more detailed instructions about taking the test and find a direct link to the test on the “Instructions for students” page. Instructions for staff taking the test can be found in Flamma.