Universities as a whole are very open institutions, said Shari Baraniuk, the chief information officer on campus, “because universities are in the business of both creating and disseminating information. Data needs to be accessible and able to flow freely.”
That openness—combined with potentially unsafe online practices—can create an easy path for criminals to access secure personal data.
“Each contact point could be an entry way into data being compromised at all levels,” she said, adding that the wealth of data at universities—ranging from HR and payroll information to research data and student records—are all potential targets.
Front and centre is the new IT security policy, authorized by the Board of Governors last December. This policy sets forth certain principles and procedures relating to the responsible use of IT infrastructure and management of information by the university community.
Additionally, more thorough security measures, such as additional firewalls and network architecture, will be implemented across campus.
“What we have in place now is perimeter protection that provides a level of defense at the edges,” she said. “However, based on the level of sophistication that cyber criminals are using to get access to the data we’re trying to protect, we need to put in additional safeguards within the perimeter so that we have multiple levels of defense and can minimize potential data losses or compromise when the perimeter is breached.”
Baraniuk identified a number of recent breaches at Canadian universities, as well as the recent ransomware attack affecting the U.K.'s National Health Service, where significant amounts of data were compromised and IT services were disrupted.
“We could wait until something like that happens here and address it then however there could be unrecoverable loss of data, significant service disruptions, and potentially reputational risks” she said. “Or, let’s try to be proactive and prevent this.”
Five tips to better IT security
While ICT is putting a number of increased security protocols in place, there is a role for everyone on campus to play in improving our security posture.
- Set a strong password and change it often. A strong password is the best defense against potential data breaches. “We always want people to update their passwords as often as possible and to avoid reusing old passwords while preventing the need for people to use sticky notes to remember them,” said Baraniuk. Password guidelines can be found under My Profile in PAWS.
- Back up and protect your data. There are a number of services available to faculty and staff to use to safely store their data, such as Cabinet, Jade and Datastore.
- Use email and the internet safely. Of particular concern to Baraniuk is phishing, where scammers disguise themselves via email and attempt to obtain sensitive information such as usernames and financial details. She suggests looking at who or where the email is coming from and asking why someone would ask for your credentials to begin with. And if you’re prompted to enter credentials, ensure the website is secure or encrypted. Please note that ICT will never ask for your NSID or password in an email.
- Use anti-virus software. While there are licensed anti-virus products for university systems, Baraniuk noted that there are also free anti-virus programs for personal systems.
- Keep up with security patches and updates. Not only will they keep your operating system up-to-date, but they are a strong defense against malware. Campus computers are updated automatically, but “you want to make sure to keep your home computer is updated as well,” said Baraniuk.