While large corporations such as Home Depot, Target and JP Morgan grab the biggest headlines in terms of security issues, no organizations, including higher education institutions, are immune from threats.
A simple click on an attachment or a web link by one person can lead to wide-spread consequences. Though many situations are preventable, more people need to be aware of simple precautions. October is National Cyber Security Awareness (NCSAM) month, and MSU is getting the word out about the role we all play in keeping the MSU’s digital assets and community protected.
“Emerging cyber threats require engagement from the entire community,” says MSU Chief Information Security Officer Rob McCurdy. “This month is a time to educate the MSU community on the importance of staying safe online.”
NCSAM is a coordinated national effort held in October focusing on the need for improved online safety and security. This year’s theme “Our Shared Responsibility,” aims to remind everyone that the Internet and technology is a shared resource and securing it is our collective duty. All users of MSU’s Internet, MSUnet, should do their part in making it safer.
To protect the confidentiality, integrity and availability of information in today’s highly networked environment, MSU is asking all of its Internet users to:
- Understand their roles and responsibilities related to securing institutional data as posted at msu.edu/sid/.
- Understand the organization’s information technology security policies, procedures, and practices; specifically those listed at msu.edu/guidelines-policies/.
- Gain knowledge of the various management, operational, and technical controls required and available to protect the IT resources for which they are responsible.
- Stay informed and get involved by regularly visiting http://tech.msu.edu/secureIT/.
“Hackers have a lot of time and money to find one vulnerability,” says Joanna Young, MSU vice president and chief information officer (@jcycio). “As an institution, optimally we have to find and fix all vulnerabilities, and reduce our risk. A primary example of risk reduction is MSU’s planned implementation of two-factor authentication for enterprise university systems.”
MSU’s Implementation of Two-Factor Authentication
Cyber-attacks on computer systems and networks to obtain personal information and other confidential data take place on a daily basis. Passwords alone no longer provide a sufficient degree of safety. To maintain the integrity and security of MSU’s data, the university is taking steps to increase the level of protection by implementing two-factor authentication.
When using two-factor authentication, an individual pairs something they have (e.g., a token) with something they know (a password). It is similar to how an ATM card works. Individuals are able to withdraw money from an account because of something the person has (e.g., a bank card) and something they know (a PIN). If one of these items is lost, stolen or otherwise compromised, a wrongdoer is unable to withdraw money since they are unlikely to possess both factors. Two-factor authentication is a much stronger authentication method than a user name and password alone, and it provides protection for both the individual and the community.
MSU’s Enterprise Business Systems (EBS) will be the first group for which two-factor authentication will be applied in spring 2015. The decision to start with these systems was made due to the amount of sensitive information they hold and to help protect MSU. Once implemented for EBS, two-factor authentication will be added to additional university applications.
Learn More about Cyber Security
SecureIT, tech.msu.edu/secureIT, is Michigan State University’s cyber security awareness initiative to keep the MSU community informed of essential behaviors for protecting themselves online so personal and university information remains secure.
Stay Safe Online, staysafeonline.org, provides news, tips, advice, and resources about cybersecurity and online safety issues from the National Cyber Security Alliance.
SANS Securing the Human, securingthehuman.org/resources/ncsam, offers videos, webinars, informational resources