ITS Continues to Implement New Information Security Measures
Security threats to higher education are on the increase. In the last year alone, more than 3 million data records have been reported exposed at colleges and universities nationwide, and millions more have been exposed at other organizations and businesses. Syracuse University has seen attacks increase, and their nature is increasingly malicious. Information Technology and Services (ITS) is taking steps to increase protection of SU’s information.
The Board of Trustees Audit Committee has directed regular reporting of security assessments , vulnerabilities and remediation steps, and ITS will continue to develop and implement measures designed to harden defenses and to enlist the willing participation of the entire SU community to protect the University’s and each individual’s digital assets.
Among the next of these measures will be the implementation of two-factor authentication, or 2FA, on some of SU’s online systems. 2FA requires “something you know” (your SU NetID and password) and “something you have” (a random, one-time code, perhaps) in order to access selected sensitive systems. Testing and evaluation is underway now, and a pilot 2FA program will be implemented in the coming months.
Also coming soon will be implementation of an annual SU NetID password change requirement, wherein the password you use to log into your SU desktop, MySlice, Blackboard, email (including SUMail) and other University systems will only be good for one year, and will need to be changed before it expires.
“These new protections will provide strong support to the other positive steps ITS has taken to improve SU’s information security,” says Sam Scozzafava, interim CIO and VP of Information Technology and Services. Those steps include new mobile security standards put in place in late 2012, and longer NetID passwords enabled in the fall of 2013.
SU champions National Cyber Security Awareness Month each October, and last year started offering all faculty and staff the “Securing the Human” series of security training videos via Blackboard. ITS’s monitoring of phishing attacks intensified in 2013, and almost 23,000 notifications were sent to members of the SU community. ITS’s Information Security group works aggressively to identify vulnerable systems across campus, and to work with the schools, colleges and departments that own these systems to improve IT security.
And this work is paying off. Since last July, both the number of vulnerabilities and the number of vulnerable systems has declined by almost two thirds.
Christopher Croad, SU’s Information Security Officer agrees. “Regardless of the protections we build into our systems, our best defense against unauthorized disclosure of data and other security threats comes from informed faculty, staff and students who understand and follow good security practices,” he said.
For more information about information security, visit the ITS information security website.