Earlier today The Pennsylvania State University announced a sophisticated series of attacks to the network within its College of Engineering. It is a disturbing occurrence on so many levels — primarily from the fact that this has become the new normal for us in Higher Education. Notice I didn’t just say Higher Education IT — this is an issue that belongs to all of us. Our networks and the access they provide is the critical life blood to accessing the knowledge and colleagues that empower us to teach, learn, make discoveries, and connect with the world. A good friend of mine once told me, “when we lose our connection to the Internet we cease being a research institution.”
If you want to know what keeps CIOs up at night the list starts with information security challenges. To that end, I want to make this as clear as possible … it is time we all make information security a priority in our work. While we are committed to a strong IS stance, we can do things that are low hanging fruit here at SBU — strong pass phrases instead of weak passwords, changing pass phrases on a regular basis, don’t leave your work station logged in when you walk away, update your operating system when prompted, question links in emails, keep virus protection software up to date, and in all the instances when you are unsure of the legitimacy or threat ask a colleague who might have an answer.
It constantly amazes me at how much doing just those things systematically can positively influence our overall security stance. I am asking for your help and your cooperation to take personal responsibility for assisting the campus and to make it a conversation about all of us and not one about information security against us.
From PSU President Barron in a message to the community …
“In the coming months, significant changes in IT security protocols will be rolled out across the University, and all of us as Penn Staters will need to change the way we operate in the face of these new and significant challenges. University leaders are developing a detailed plan that will include even more robust monitoring for malicious activity across Penn State. Over time, individual users also will see changes including the implementation two-factor authentication on major university systems, stronger password management practices, and enhancements to system and software administration.”
It’s unfortunate that it takes a crisis in “our world” to push for a common understanding. For example, the data breach of two rather big commercial companies still didn’t push for better safeguards in the public sector. “After all, our data is public” doesn’t take into account our constituents’ data to which we are stewards. Great explanation Cole and good luck.