Overview
Get Secure is a website for Northeastern University students, faculty, and staff to learn how to better protect themselves from cybersecurity threats while using university technology services.
The Problem
Cybersecurity threats target higher education community members everywhere. Individuals with .edu email accounts are at high risk of having their credentials stolen by threat actors of all kinds, from hacktivists to cyberterrorists. Since 2009, 13,930,176 stolen higher ed login credentials have been found on the dark web (Digital Citizens Alliance, 2017). Unfortunately, the problem has only been getting more serious with time. Since 2013, .edu credentials found on the dark web have risen by 547%. Using stolen credentials, cybercriminals create emails and domains resembling those from targeted institutions in order to scam students, faculty, and staff (Casanova 2019).
Northeastern Information Technology Services has made recent efforts to protect the community from increasing cybersecurity threats by requiring enrollment in two-factor authentication. While this is a huge first step, there are many other steps students, faculty, and staff can be taking to protect themselves online. Sadly, these steps are not being effectively communicated to the community.
The SecureNU site attempts to inform the university community about cybersecurity, but in many ways, it has been falling short of fulfilling its purpose. Some key problems with the site include…
- The site’s structure and information architecture make finding the most important tips difficult.
- Cybersecurity information is mostly laid out in large blocks of text with few visuals, making the content difficult for users to digest.
- The outdated interface makes the site seem a less than trustworthy source for finding cutting-edge information on modern cybersecurity threats.
- Despite their wealth of knowledge on the subject matter, Information Security team members lack the time to consistently update the site, so content has essentially stagnated in recent years.
Preliminary research also revealed that the overall web landscape is almost completely lacking in engaging and modern higher-education-specific cybersecurity resources, leaving a huge resource gap for university community members that cybercriminals could leverage.
The Solution
Get Secure is a new Northeastern-specific cybersecurity resource website that walks users through important information in an engaging, infographic-like fashion.
Taking into account feedback from security subject matter experts on campus as well as feedback from user testing of Northeastern students, faculty, and staff, this interactive site will serve to inform the community in a modern, concise, delightful, and easy to understand manner for years to come.
Summary of Tasks
A full, detailed week-by-week summary of the creation of the Get Secure website, including links to all elements of the project’s progress, can be found here. An abbreviated summary is as follows:
- Gather as much information as I can about the problem at hand.
- Write questions for stakeholders and key audiences and plan how to recruit
- Gather as much information as I can about the problem at hand.
- Survey Northeastern students, faculty, and staff that could benefit from my proposed solution.
- Meet with and interview stakeholders to discuss common security problems faced by the NU community
- Analyze survey data and use to create key personas for user groups
- Research potential design solutions for problem, taking into account survey data gathered thus far
- Create a sitemap/content framework for proposed site
- Wireframe site
- Formulate script for usability testing and reach out to testees gathered from survey
- User-testing 5 people with low-fidelity wireframe prototype (round 1)
- Design site
- Formulate script for usability testing and reach out to testees gathered from survey
- Meet with 5 students, faculty, and staff, and conduct user-testing (round 2)
- Modify site based on user feedback gathered from user-testing
Future Opportunities
I like to think of websites as constant works in progress. This site, too, will be updated and improved in years to come. Some key ideas that fall out of the scope for the project but would be beneficial to include someday are as follows:
- SEO improvement to ensure the site can be easily found more easily with commonly used cybersecurity search engine keywords.
- A content-rich travel security page: The completion of this page was delayed due to higher-level policy concerns which need to be resolved prior to tips/information being publicized, however content for this page is certainly in the works.
- A shorter, more aesthetically pleasing URL (getsecure.northeastern.edu)
- Adding “phishy things to look out for” on the malware and phishing page so that people can educate themselves on key traits to be aware of in order to protect themselves online.
- Adding informative videos to each page for people that prefer this learning style.
- Including case-studies from people at Northeastern that have had their personal data compromised as a means of showing others the importance of taking steps to protect themselves.
Acknowledgements
Resources
Template
The template for this executive summary was created by Vertex42.com, and can be found for free download here.
Icons
Icons were all gathered for free download from flaticon.com. Links to icons and their authors’ flaticon page are as follows:
- 2FA icon made by Eucalyp
- Malware icon made by Smashicons.
- Phishing icon made by Eucalyp.
- Data Backup icon made by Smashicons.
- Mobile Security icon made by Freekpik.
- Public Wifi icon made by Freekpik.
- Travel Security icon made by Freekpik.
- USB Port icon made by Those Icons.
- Warning icon made by Freekpik.
- Phone Settings icon made by Icongeek26.
- Keep it Locked icon made by srip.
- Software Update Mobile icon made by Freekpik.
- Hard drive icon made by Those Icons.
- Cloud storage icon made by Eucalyp.
Images
The vast majority of the images used across the site were downloaded from the Northeastern University Communications Photo Archive (Digital Repository Service), which offers free for download, professionally-taken photos to Northeastern staff and faculty members for official communications purposes. Northeastern photographers for each image are as follows:
- Student on laptop sitting on wall, Matthew Modoono/Northeastern University
- Students during passing period, Matthew Modoono/Northeastern University
- Student taking photo with phone in fall, Ruby Wallau/Northeastern University
- Student in cafe on laptop, Adam Glanzman/Northeastern University
- ISEC, Ruby Wallau/Northeastern University
- Airplane at sunset, Matthew Modoono/Northeastern University
- Hand using laptop, Adam Glanzman/Northeastern University
- Data destruction day colored floppy, Matthew Modoono/Northeastern University
- Student looking thoughfully at laptop in library, Ruby Wallau/Northeastern University
- Student in ray of sunlight on laptop, Matthew Modoono/Northeastern University
Other images used include…
- One image gathered for free download from unsplash.com (Laptop and phone off while not in use, photographed by Jesus Kiteque).
- Several images (Duo phone on table, hand holding phone with authentication screen) gathered with permission from Get2FA.northeastern.edu. Original source unknown.
- Several images (outlook email on laptop, outlook email on desktop over shoulder, logging into NU SSO, choosing authentication method, authenticating with 2FA) created using self-taken screenshots incorporated into free mockups available on mockuper.net.
Research
The vast majority of the content used across the site was provided by Matt Dolan of Northeastern University Information Security, my key subject-matter-expert for this project. While I can’t provided sources for his contributed content, I kept careful track of sources used to gather information for the statistics and knowledge checker interactive modules. Sources are as follows:
Bluhm, Natalie, et al. “Why Two-Factor Authentication Matters.” Security Boulevard, 19 Apr. 2019,
www.securityboulevard.com/2019/04/why-two-factor-authentication-matters/.
Casanova, Carlos. “Higher Education a Prime Cyber Crime Target.” ITChronicles, 12 Sept. 2019,
www.itchronicles.com/security/higher-education-big-target-cybercrime/.
“Commonly Asked Questions.” Northeastern Two Factor Authentication, Northeastern University, June 2019,
www.get2fa.northeastern.edu/common-questions/.
“Cyber Criminals, College Credentials, and the Dark Web.” Digital Citizens Alliance, Mar. 2017,
www.digitalcitizensalliance.org/clientuploads/directory/Reports/DigitalCitizens_CollegeInfoTheft.pdf.
Kelleher, Suzanne Rowan. “Why You Should Never Use Airport USB Charging Stations.” Forbes, Forbes Magazine, 23
May 2019, www.forbes.com/sites/suzannerowankelleher/2019/05/21/why-you-should-never-use-airport
-usb-charging-stations/#46e784235955.
Lopez, Napier. “Google Data Shows 2-Factor Authentication Blocks 100% of Automated Bot Hacks.” The Next Web, 24
May 2019, www.thenextweb.com/google/2019/05/23/google-data-shows-2-factor-authentication-blocks
-100-of-/automated-bot-hacks/.
Powell, Matt. “11 Eye Opening Cyber Security Statistics for 2019.” CPO Magazine, 24 June 2019,
www.cpomagazine.com/cyber-security/11-eye-opening-cyber-security-statistics-for-2019/.
Sanders, Andrew, and Andrew. “15 Malware Statistics, Trends & Facts in 2019.” SafetyDetectives, 15 July 2019,
www.safetydetectives.com/blog/malware-statistics/.
SecureNU, Northeastern University Information Security, www.northeastern.edu/securenu/.
Contributors
There are many individuals that I’d like to thank for helping to make the completion of this undertaking possible. The entire Northeastern community will be safer and more secure online thanks to the aid these people provided me as I created this resource website. Sincerest thanks to…
- Matt Carrano – Thesis Advisor, CPS Lecturer on Usability; Provided me with wise guidance and advice throughout the project, helped to keep me on track
- Matt Dolan – Subject-matter-expert, ITS Information Security Analyst; provider of most important content used as a base for each page of site
- Leslie Driscoll – ITS Web Copywriter; Utilized my wireframes and content given by Matt Dolan to write site copy.
- Disha Ghatalia – Student Front-End Developer; Helped me with integrating knowledge checker using this codepen and this codepen as an inspiration and a starting place.
- Leslie Casey – ITS Marketing & Communications Manager; Acted as a sounding board. Constantly provided guidance when it came to questions on how this site would align with larger ITS Communications goals
- The many individuals who took time out of their busy schedules to meet with me for user-testing. The insight they provided was absolutely invaluable towards the final product.