When people or organizations think about cybersecurity, their minds often turn to the technical infrastructure and protocols protecting their networks, devices and data.
But a user’s general awareness is just as important – if not more important – since human error is what typically opens the door for unauthorized users or criminals to access what is supposed to be private information.
That was one of the key takeaways the team at TechBuffalo learned from its recent partnership with the Cybersecurity Clinic at Rochester Institute of Technology’s ESL Global Cybersecurity Institute.
This free program, which is funded through Google and just entered its second year, gives students opportunities to work on real-world problems and systems for under-resourced community organizations such as nonprofits, small businesses, schools, hospitals and municipalities.
Prior to the spring 2024 semester, TechBuffalo applied for and was accepted to participate in the 15-week project. While the original goal was to minimize email spam and phishing attempts, the project quickly shifted to a full cybersecurity analysis.
So a team of four senior RIT cybersecurity students audited TechBuffalo’s administration platform, which proved to be perfect timing since it was in the process of finding a new service provider.
“I’ve always worked on the finance side of things, so I never dove too deep into cybersecurity,” says TechBuffalo Finance & Operations Director Cameron Smith, who met with the students virtually once every other week for status updates and to answer any questions. “Working directly with them, it was interesting to learn about their perspectives because it was something that I was aware of, but now I have an enhanced knowledge across the board.”
The students assessed TechBuffalo’s admin portal setup throughout the semester and then presented its findings and recommendations to Cameron and TechBuffalo President & CEO Sarah Tanbakuchi.
TechBuffalo received a strong score, and the main result was to focus on user awareness. The students designed a playbook and training module for new and existing employees that is going to be implemented starting next quarter. Some of the topics include instructions on how to add a domain to a block list and run a virus scan, as well as detailed breakdowns of how to identify phishing scams and the benefits of multi-factor authentication.
“I was blown away about their past experiences, their internships, their skill sets,” Cameron says. “It was very impressive to see them split up on their individual roles and then come back together, and it was a great opportunity to teach them about the workforce, especially in Buffalo.”
As the number of cyber attacks and costs associated with them continue to rise across all industries, the takeaways were both valuable and easily applicable for community organizations that have current cybersecurity needs but may not have a dedicated line item in their budget, an IT staff member or a third-party service to help them implement safer practices.
“With how many nonprofits we have in the area, having a free program like this can be very helpful,” Cameron says. “It’s the best approach for any local business to do a full security audit. It makes you ask questions about your weaknesses and flaws and how they can be turned into strengths. It’s also another great avenue to help draw connections to the rest of the ecosystem and create entry points for talent.”
Interested in participating in RIT’s fall 2024 program? Applications are due by July 15. Click here to apply.
