Bee Cyber Fit: Simplifying Cybersecurity for Everyone
Bee Cyber Fit: Simplifying Cybersecurity for Everyone
Building a Cybersecurity Culture: Yale University's 2024 Cyber Awareness Journey
Unlock the secrets to building a robust cybersecurity culture at Yale University with our latest episode of the Bee Cyber Fit podcast.
Join us as we uncover a year of remarkable achievements and transformative strategies in our cybersecurity journey throughout 2024. From the groundbreaking "New Year, New You" campaign to the vibrant monthly challenges that followed, discover how we've turned cybersecurity awareness into an engaging and essential part of the Yale community's daily routine.
With the debut of "Bee Cyber-Fit at Yale: The Essentials to Working Securely," our innovative self-paced training module launched during Cybersecurity Awareness Month, we bring vital knowledge to your fingertips, making the journey into cybersecurity both informative and entertaining with the help of Boola the Cyber Bee.
As we celebrate the conclusion of our third season, we are grateful to all who have contributed to safeguarding Yale's digital environment.
Our community of cybersecurity ambassadors has been pivotal in driving forward exciting initiatives like the "menu of services," offering tailor-made tools and strategies to boost cyber resilience across departments.
With engaging elements like interactive games and our Bee Cyber Fit series, we've successfully fostered a culture of cyber safety. As we look forward to an exciting fourth season in 2025, we remain committed to building connections and reinforcing good cyber habits both at Yale and beyond.
Thank you for being part of this incredible journey, and here's to a future brimming with security and innovation.
Calls to Action:
- Read our November awareness tip about safe online holiday shopping.
- Read our December newsletter, Warm Up Your Cyber Defenses.
- Be the first to know about our New Year, New You campaign, Kickstart Your Digital Defenses, that launches in January. Sign up to receive alerts so you can get in on the cyber action.
Learn more about Yale Cybersecurity Awareness at cybersecurity.yale.edu/awareness
Never miss an episode! Sign up to receive Bee Cyber Fit podcast alerts.
Wendy: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone. Where we cut through confusing Cyber Speak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles.
James: And I'm James Tucciarone. Together, we're part of Yale University's Information Security Policy and Awareness team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research.
Wendy: Ready to get cyber fit with us?
Hey, everyone. Welcome to another episode of the Bee Cyber Fit podcast. We're excited you're here and hope you're ready to get cyber fit with us. If you're a new listener, welcome aboard. This is the place to come for information and some cyber inspiration to stay safe online and outsmart cybercriminals. This podcast is one of the many tools in our toolkit that we use at Yale University to help our faculty, staff, and students build their cyber muscles. James, can you believe that it is almost the end of the year? It has flown by so fast. How is that even possible?
James: It really has gone by quickly. As we look back, I think we're going to find it's pretty amazing to see all the accomplishments that we made this year. So, today we're here for a special episode, wrapping up 2024 and also celebrating a year full of cybersecurity progress at Yale.
Wendy: Oh, yes, we are. And we have all of you to thank for listening, participating, and helping protect Yale’s data and systems. Your efforts have made a really big difference, and together we've made some big strides this year as James mentioned.
James: But before we dive in, let's hear a quick preview of our buzzword of the day.
Have you ever seen or used a decoy? Have you ever heard of decoys designed to mislead a cyber attacker? In the world of cybersecurity, there are digital snares called honeypots. Stay tuned to find out more about honeypots and how they're used to thwart would-be attackers.
Wendy: Well, James, you alluded to the fact that we have made a lot of progress this year. And as you know, every year we are trying to advance our efforts with Yale faculty staff and students to build their cyber awareness, to build their cyber knowhow, to equip them with the information they need to make the best possible decisions when they think about cyber safety at Yale, when they think about protecting our data and systems.
This is the third full year of our program, and I feel like this year has been the most impactful with the things that we've been able to do. And when I feel like we've moved from just basic awareness into other areas, into training, into connecting more fully with people within departments. And we're going to talk about all of that in our episode today with some of our most important highlights.
James: One of the exciting things that we did this year, Wendy, was tying our engagement to cyber-safe habits. And we did something really exciting by testing out the idea of challenges. During February for our New Year New You campaign, we tried an interactive challenge to give people fun, engaging ways to build cyber awareness and kept that going throughout the year. What we learned is that it's a great way to engage people and also that an extended challenge where in February we tried 21 days of challenges might have been just a little too much. So, as we continued these challenges throughout the year, we decided to tone it down a little bit and do weekly challenges over the course of a month, which we found to be really, really successful, and seems like people really enjoyed them.
Wendy: I totally agree and I think it is so cool we did this because it was such an organic thing. We had no idea when we decided to have this challenge during New Year New You, that it would turn into something even bigger and we could take this concept and then apply it at other times during the year. And I feel like that's part of continuous improvement with our program is that we're learning, we're growing, we're trying things. Sometimes things work, sometimes they don't, but you adjust, and that to me, James, is such a great example of how we tried something new. We tweaked it right when went to the weekly challenges and it ended up becoming something that we can continue to do and sprinkle in periodically. So, I'm just giving you the high five because I think it's really cool that we tried this and we're fine-tuning it. So yes, I'm completely in agreement with you.
I want to add in the next thing, to me that was a big highlight for the year and it's something that we have worked on for quite some time. When we started the program in 2021, our awareness program, we created a roadmap. And one of the things on the roadmap was to create cybersecurity awareness training. So, we knew we couldn't do it right away. It was in our three-to-four-year plan, we had to build the support for it internally. We had to get the funding to do it. Then we had to find the appropriate vendor to create it for us.
I'm really excited because in October, during Cybersecurity Awareness Month, we introduced our first-ever awareness training, Bee Cyber Fit at Yale: The Essentials to Working Securely. And I know some of you listening are like, “I took that training. I know that training.” For others of you, this might be the first time you're hearing about it. We want to encourage you to take this training. But the training really goes through our five foundational awareness topics, the essential things we think you need to know to help protect Yale data and systems.
And James, we did it, if I'm not mistaken, at least in my opinion, we did it in this engaging and interactive way. It's self-paced, it's in workday learning that everyone is familiar with. What I think is super cool is that you can start it, maybe you have to go to a meeting, you can go back and pick up where you left off, wherever that might be, whatever module. But I just thought it was such a great way to give everyone at the university the same important information but deliver it in a way that even features Boola the Cyber Bee. So, to me, that felt like a really big win in our program.
James: I definitely agree, and I really appreciated that we were able to tie it back to our branding using this idea of Bee Cyber Fit and Boola the Cyber Bee. I also really thought that the style of the training was fresh and approachable and really fun and not boring.
Wendy: Totally, 100%.
James: Wendy. I want to talk also a little bit about our ambassador program. And for those of our listeners who don't know about our ambassador program, it is basically a collection of champions within Yale University who foster cybersecurity awareness with their teams and departments. And I'm glad that I get to bring this up right after training because one of the things that we found was that of everyone who took the training here at Yale, almost 50% were people from departments or teams that have an ambassador. And this year, the size of our ambassador program grew by almost double, which is really great.
One of the things I'm really excited about moving forward is that we're going to be opening up our ambassador program more widely to Yale University and encouraging people to submit their interest to join us as an ambassador to be one of those people who can champion cybersecurity awareness for their teams and departments and really be a Yale Cyber hero.
Wendy: It was super cool. I love the fact that we have expanded and that we have amazing, creative people who have joined this team. They're all volunteers. You know they're doing this in addition to their regular job, and it doesn't take a huge amount of time. But what I think is so cool, James, is that we've got some very creative people who are connecting to their departments in really innovative ways. Some of the emails that people have sent to encourage their colleagues to participate are really fun. I am very excited about this idea and the possibility of expanding it into the future, James with more new people from the Yale community.
James: Absolutely. We're really building a fantastic little family or community. And I will also just add kudos to our existing ambassadors for all of their support of our program, all of their hard work, and all of the success that they've realized from being a part of the program.
Wendy: 100%, James, 100%. So, we talked challenges, we talked training, we talked ambassadors. The next thing that I want to mention is this idea that has been a seed we've planted, and I feel like it's starting to grow. There's, of course, a lot more room for future growth. But part of what we've wanted to do is to really build connections across Yale. We wanted to build relationships in departments, both with staff and with supervisors, to talk more about the programming that we offer, really with this idea that working with supervisors especially, we can help them empower their teams to be cyber-safe.
And one cool thing that we started this year that I think is awesome, James, is that we started this menu of services. We offer all these different options that a supervisor or a leadership team in a department could choose. So, we can kind of customize cybersecurity awareness for teams. And when I say a menu of services, let me tell you all about some of the things we're talking about. We mentioned the Bee Cyber Fit training as one. We have self-paced games and puzzles that we can customize for departments that can be used in different ways. We can do more traditional presentations about cybersecurity awareness, the latest topics, trends, that kind of thing. We also offer Kahoot’s. So, this trivia game that we play, has been a fantastic way to engage teams. We can schedule a consultation with leaders in a department to talk more about their concerns around cybersecurity, where they feel like there are gaps, where they want to see their team grow. So, I love that we have many different ways.
Not to mention James, I forgot this, but our Bee Cyber Fit series can help people sign up for our Bee Cyber Fit series in departments, meaning the podcast. That people are listening to now, our monthly tip that comes out the second Wednesday of the month and also our quarterly newsletter. I would say that we are feeling our way through how we can be partners and collaborate with the community, and I feel like that's unfolding in a really good way. We took some good initial steps, and I feel like we can build on that in the coming year.
James: I completely agree. And one of the things that I also really like about our awareness menu is that it recognized that engagement with teams and departments isn't necessarily one size fits all. So, people can engage with us in the way that is most comfortable for them and in the way that best fits with the culture of their teams. And I'll add as well, I think that a lot of the options we have are really fun. We've done a number of these Kahoot trivia games over the past few months with various teams and departments. And Wendy, I think you and I have had a great time. But even better, the people who have joined us seem to have really enjoyed themselves.
Wendy: They really have. And you know what's really interesting, James? They're really competitive in a friendly way, of course, but they seem to really thrive on some friendly competition. And that's what the Kahoot is about. So, I feel like it's both interactive and fun, but also a really powerful learning tool. I like the fact that we're figuring out how we can combine many different things to build awareness. And I'm going to say it's not like we know all the answers and this is all perfectly done. I don't want people to think like, “Oh, okay, they're, they did so great.” No, this is just planting the seeds for all of these initiatives. And our goal is really to grow from these as we go into 2025 to see how can we expand, how can we make them even better for doing a lot of new things. I feel like that's been an excellent start.
James: And one other new thing that we introduced this year is Boola the Cyber Bee as an official cybersecurity mascot at Yale University. So, during the summer, at the IT summer picnic, Boola made their first appearance. So, we have a full life-size version of Boola, who you may have found buzzing around campus at different events, sort of spreading the cybersecurity awareness joy. I'll add that this is also one of the items on our awareness menu for larger events and gatherings around campus, people can request that Boola and Boola’s Beekeepers come and join them for some photo opportunities, for some meet and greets, and just you know a general good time.
Wendy: It was fun, I have to say, parties, picnics. Boola, got around to your point, and it just brightens everything up. People seem to really love it, meeting Boola. So, I do like that we've added that to our menu. It's just another option for people to use. So, you can see that we've done some things. We've grown this year. There is, of course, plenty of opportunity to really build this even further, especially James, with the idea of connecting with departments and supervisors. That's probably what I am most excited about that and the training, because I feel like those are compelling ways to, one, get people's attention, two, to help them think about what it means to form good cyber habits, and three, to think about it in terms of Yale, but also their home life.
Because I think we've also gotten a lot of traction in that conversation about both Yale and home and getting people really tuned into, “Where can I boost cyber behaviors? Where can I add in cybersafe behaviors at home?” Because the thing about Yale, as we know, is that there are a lot of tools in place that help us keep everyone safe. A lot of things happen that people don't even know about that we do to filter out emails and phishing emails, that kind of thing. But most of us don't have those same things set up at home. It's not nearly as robust in our Gmail account as our Yale email accounts. So, there's so much that we can also do at home with our families, our kids, our parents, our grandparents to be cybersafe. So, I do also love that we're making that connection. Even though our presentations are about Yale, they ultimately are also about our home lives, too, because now they're so intertwined, as we know, all that to say, baby steps toward increased cybersecurity awareness at Yale and at home for our amazing Yale community. And with that, let's listen to our buzzword of the day, Honeypot.
[music]
James: Here's the buzz on a proactive defense known as honeypots. Imagine setting a trap for a thief. You set it up using something enticing as a lure and then wait for them to take the bait. Once they're hooked, you can study their behavior and learn from their tactics. That's essentially what a honeypot is in the digital world. It's a system or network resource that's designed to attract and trap malicious actors. A honeypot is a controlled environment where attackers can roam freely thinking that they've struck gold. And while they're busy exploring, security analysts are monitoring their activities and learning about their techniques to thwart future attacks.
By deploying honeypots, organizations can gain valuable insights into the tactics and techniques used by cybercriminals by analyzing the behavior of attackers as they exploit a honeypot. Organizations can improve security defenses, develop more effective countermeasures, and stay ahead of emerging threats.
Honeypots can also be used to distract attackers from critical systems, to reduce the likelihood of successful breaches. Now let's take this a step further and discuss the different types of honeypots.
A honey net is a network of honeypots that mimics a real network to attract a wider range of attackers. A honeytoken is a fake piece of data designed to lure attackers into downloading malware or revealing their own sensitive information. A honey file is a fake file designed to attract attackers who might be interested in specific types of data. So, the next time you hear the term honeypot, remember it's a clever strategy to outsmart cybercriminals at their own game.
If you'd like to continue expanding your cybersecurity dictionary, check out our past episodes for more of our featured buzzwords. And keep listening to the Bee Cyber Fit podcast where we help you to be aware, to be prepared, and to Bee Cyber Fit.
Wendy: James this was such a fun episode. It was fun to walk down memory lane. It was fun to revisit what we've done this year. It's fun to think about what's in the future, 2025 is literally just around the corner. We'll be here in a heartbeat. And I don't know about you, but I am looking forward to seeing what 2025 brings and how we can build on our success from 2024. Plus, I'm going to mention to all of you, this is a wrap up of Season Three of the Bee Cyber Fit podcast because you know what that means, Season Four is just around the corner. But before we get to that, you know, James, we can't wrap up an episode of the Bee Cyber Fit podcast without calls to action for our amazing Yale community, and today we've got three of them.
First, we want you to check out our November Awareness tip. It's about safe online holiday shopping because you know you're still shopping and there are so many traps for us to fall into when it comes to cybercriminals and the holidays that we want you to steer clear of. And you can find the link to that tip in the show notes.
Two, we want to make sure you read our chockfull of information December Newsletter for the latest cybersecurity updates and tips, all kinds of really helpful information so that you can move into the winter season on top of your cybersecurity game, because you know cyber criminals never take a vacation. Even when it's recess at Yale, they are still going strong trying to trick us.
And number three, please mark your calendars for our New Year, New You Cyber Challenge. It's kicking off in January and it's a great way to jump-start your Cyber Security Awareness for 2025. And we have some cool events and opportunities planned to engage you and help you start off the year on the right foot with those good cyber habits. And when you sign up for our alerts, you will be the first to know more information about what is coming. So, our Season Three, James, it's pretty much a wrap and before we know it, we're going to be launching Season Four.
James: We sure are. And I hope 2025 is just as exciting as 2024.
[music]
So with that, I want to thank everyone for listening and hopefully we'll see you back here in January when we launch Season Four. Until then, I'm here with Wendy Battles. And I'm James Tucciarone. We'd like to thank everyone who helps make this podcast possible. And we'd also like to thank Yale University where this podcast is produced and recorded.
Wendy: Thank you all for listening both to this episode and to the Bee Cyber Fit podcast all year long. We really appreciate it and your willingness to build your cyber fitness. And remember, it only takes simple steps to Bee Cyber Fit.
[Transcript provided by SpeechDocs Podcast Transcription
