Strategic Enabler:
Investing in our Infrastructure
NOSM University’s Information Technology (IT) team has launched various initiatives that support our cybersecurity posture and have contributed to the successful procurement of cyber risk insurance. All staff members have completed our mandatory cyber risk awareness training course, and in 2023, we will offer case-based, tabletop training sessions and phishing simulations that will measure the effectiveness of the training.
To protect our data and optimize our incident recovery abilities, we have invested in a robust backup process that includes nightly onsite server backups at each campus, plus a nightly ransomware-proof immutable backup of our entire server infrastructure that is stored offline. To support these internal efforts, we sought membership in the CanSSOC Cybersecurity Initiatives Program (CIP) to receive real-time threat intel and cloud DNS firewall services that protect our users from phishing attacks and malicious network activity.
The ORION Cybersecurity Higher Education Consortium (ON-CHEC) is another valuable membership that provides benchmarking services, shared higher education IT best practices, and weekly briefings on the latest security risks.
Effective January 1, 2023, our cyber incident insurance is provided by the Canadian Universities Reciprocal Insurance Exchange (CURIE) in consultation with its 79 university members and industry experts. Our new package provides coverage of $1 million for breach response costs, business interruption, data recovery, cyber extortion and other liabilities. Following a cyber incident, we have 24-hour access to cyber response specialists that will assess the situation, provide forensic support, and assist with our recovery. The insurance policy will also cover third-party liability up to $5 million.