How CYRISMA is enabling Buena Vista University to take control of its sensitive data and introduce accountability into the cyber risk reduction process
Buena Vista College (now Buena Vista University) in Storm Lake, Iowa, was founded by the Presbyterian Church (USA) in 1891. The transition from a college to a university was initiated in 1995, when a graduate program in education first received accreditation. The University currently has a total enrollment of 1,959, serving students on its Storm Lake campus, online, and graduate programs.
In 2000, BVU became the nation’s first “wireless community” when it provided laptops to all full-time students and faculty on the Storm Lake campus with the ability to connect to the campus-wide wireless network.
The Problem
Prior to adopting the CYRISMA platform, the main challenge for Joseph McLain, Chief Information Officer (CIO) at BVU, was protecting the massive volumes of critical, high-value data that the university handled.
With ransomware numbers in the education sector at an all-time high, even smaller universities like BVU are exposed to serious cyber threats and need to comply with stringent cybersecurity regulations. The university is held to the same security standards as much larger institutions, but has access to only a miniscule fraction of the resources.
To meet these challenges and protect data, BVU needed a reasonably priced risk management solution that would not only provide visibility into sensitive data, vulnerabilities and overall cyber risk, but also help mitigate the risk and secure data.
The Solution
The security tool the university was using earlier, Microsoft Security Center, did provide visibility into vulnerabilities and risk exposure, but not the mitigation options and actionability needed to reduce the risk. With CYRISMA, McLain and his team were able to fill this gap and see results almost instantly.
Two things set CYRISMA apart from the other solutions that the BVU team was considering – ease of use and actionability. The CYRISMA platform was “stunningly simple to use”, and allowed everyone to mitigate risk at an individual level, making it the ideal solution for Joe as the CIO.
“As the CIO, I am not responsible for cybersecurity. I am responsible for cyber risk and cyber liability. Everyone with an account – from a university student to the president – is responsible for cybersecurity. That’s where the CYRISMA partnership is so amazing.”
– Joseph McLain, CIO, Buena Vista University
Visibility into sensitive data and options to secure it
With its Sensitive Data Discovery feature, CYRISMA has given the university visibility into data that no one knew existed. Employees have been finding sensitive files and folders from decades ago and marking data for deletion or greater protection, underscoring the value of the platform. CYRISMA enables users to both find sensitive data (PII, SSNs, passwords stored in plaintext, credit cards, driver’s licenses, etc.) and choose from a range of options to secure it (delete, change access permissions, encrypt, move to a secure location).
“We’ve implemented a tool that really works for us,” says McLain. “Instead of just letting us know how worried we should be, it enables us to take action.”
Ease of use and building a cyber-aware culture
CYRISMA is also extremely simple to use and demonstrate to internal teams, allowing McLain to spend more time on initiatives geared towards culture change. “When I do my onboarding, which is ‘here’s how you use CYRISMA’, it takes only five minutes. That means I can spend a lot more time talking about why this is an important initiative and why it’s important to change the culture in how we work with data.”
Mitigation plans, actionability and accountability
The top reason why CYRISMA has been effective for the university is that scan results are actionable. All security gaps that are discovered can be acted on quickly and easily.
McLain believes that as CIO, he is not responsible for cybersecurity, but for cyber risk and cyber liability. “Everyone with an account – from a university student to the president – is responsible for cybersecurity,” he says. “That’s where the CYRISMA partnership is so amazing. In looking at our risk, I can do data scans, I can understand where the risk is, I can mitigate risk by assigning mitigation plans to individuals, and they can take action on their data directly. That’s huge.”
Already, within two months of deploying the platform, BVU is using CYRISMA to its full capacity, with McLain meeting every employee and assigning their mitigation plans to them. This has brought about greater cyber awareness and introduced individual accountability into the risk reduction process.
Risk Grades and Cyber Risk Reporting
While data discovery and mitigation plans help move the needle on risk reduction, the university’s internal leadership is generating risk assessment reports to share with the Board of Trustees. Quarterly reports, that CYRISMA can generate at the click of a button, will give the Board a clear idea of where BVU stands with regard to cyber risk reduction, and track improvement over time.
Technical support and action on feedback
McLain has also had a great experience working with CYRISMA’s technical and customer support team. Each time there has been an issue it has been promptly resolved. In cases where McLain identified opportunities for the platform to add more value, the CYRISMA team scheduled meetings in near real-time, and new features were being rolled out either soon after the feedback was provided or incorporated into the next release.
“We’ve implemented a tool that really works for us. Instead of just letting us know how worried we should be, it enables us to take action.”
– Joseph McLain, CIO, Buena Vista University