End-of-Year Cybersecurity Program Update

The Cybersecurity Enhancement Program (CEP) team and steering committee members worked diligently in 2024 to make progress against the prioritized security gaps and minimize future vulnerabilities. We are proud to share important updates and what you can expect in 2025. 

As a reminder, CEP was initiated by the Executive Leadership Team in February 2024 to address the 4 major security gaps found in the 2023 Oculus IT audit. These gaps were identified as the most likely to occur and greatest impact – each costing the University more than $5M to recover from cyber threats to safeguard you and Trinity's data.​

Progress on our 4 projects:

Data Leakage

Significant progress was made regarding data leakage prevention.

• Trinity purchased a tool that allows the University to identify when sensitive information is removed from the network via USB.
• The CEP steering committee approved our 2025 path forward.

What to expect in 2025:

• ITS will coordinate with faculty and staff to install the tool on network devices.
• You will not be prevented from using a USB or saving the file(s). However, you will receive a message to ensure you’re notified of the risk.
• Be on the lookout for communication in 2025.  

Intrusion Prevention

This is a behind-the-scenes project to help ensure our “house” isn’t broken into. 

• The University moved to "role-based" access where any devices that connect to the Trinity network will need to authenticate and will be assigned the appropriate level of access.  

What to expect in 2025:

• Personally owned devices will require a web browser guest login or registration. Example: When you are using your personal cell phone and want to send an email through Tmail, you will be required to log in and authenticate. The same process applies if you plug in your laptop on campus.

Identity and Access Management

The focus was on improving multi-factor authentication.

• As a result, DUO changed to better identify security risks. You may have noticed being asked to input a code versus “push to accept.”
• An Access Review Policy is drafted and will be under review.

What to expect in 2025:

• Recalling a house analogy, Trinity needs to make sure our valuables are in a secure location. In 2025, ITS and CEP teams will work with faculty and staff to sort the items in our “house” so you know where to store different types of documents and other data.
• The team anticipates seeking steering committee approval and implementing a revised Access Review Policy. 

Data Management

The focus was on the University-wide file scan.

• Trinity purchased an automated tool that looks for patterns in Trinity's data and flags it for high-risk security gaps, e.g., social security numbers, health information, personnel records, and financial data.
• The results of this initial file scan of our internal network drives (not Google or One Drive) identified sensitive data across the University.
• No action is required unless you are notified. 

What to expect in 2025:

• The team will continue to use the automated tool to scan files, including Google and One Drive.
• You will be notified if any action is required. 

Please know that though there will be changes due to this program, the CEP’s focus is not to make your everyday tasks more difficult. Rather, it is to ensure that those who access and share sensitive information can do so safely. 

Stay informed on the program website and reach out to @email with any questions. We will continue to provide updates as CEP projects progress.