Cybersecurity top priority for North Dakota University System
A recent breach in cybersecurity with the North Dakota University System wasn't the first time it was hacked, but higher education leaders say keeping information safe in an ever-evolving world is a top priority.
NDUS recently reported there was unauthorized access to an employee's email account in July, an account which contained around 9,400 individuals' personal information. Evidence indicates the account credentials were stolen through a successful "phishing" campaign, the system office said earlier this month.
No credit card or bank account information was contained in the email account, NDUS said.
A university system computer server also was hacked in February 2014. That affected nearly 300,000 past and present students.
The hack was a "catalyst" for making several changes at the university system, said Darin King, vice chancellor for IT and chief information officer with the university system.
King said when he arrived at NDUS in 2013, he and others saw that there were several policy issues he and his team needed to solve. A formalized information security team was created. The team has spent time updating their policies and procedures and standards, as well as conducting reviews regularly.
For some time, the state's two largest universities—UND and North Dakota State University—conducted their IT separately and would offer up their services to other campuses, said Jerry Rostad, assistant chief information officer at NDUS. The IT system is now centralized across NDUS and has been making "a lot of progress over a short period of time," he said.
"The IT world has continued to evolve," Rostad said. "As the world has changed we're evolving as an organization as well."
Instead of having 11 campuses run 11 different email systems, there were "efficiencies to be gained" to consolidate email into a single operation, Rostad said.
"Risk-reduction" is important to NDUS, King said, adding they are constantly looking at what their risk is today and what they can do to lower that risk.
"It's very much focused on risk management in all of these conversations," he said.
In response to these security incidents and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information, King said. One such effort underway is to enable multifactor authentication across all of their systems.
"Every time we implement multifactor on a system we continue to reduce the risk," King said.
Cybersecurity at UND
There have been a number of fundamental shifts in technology over time, especially with the rise of social media and electronic commerce that people rely on to make everyday purchases, said Prakash Ranganathan, director of cybersecurity programs at UND.
UND has started a program in cybersecurity for undergraduate and masters students to take part in. The program is interdisciplinary, bringing in subjects like psychology, mathematics and electrical engineering, to give students a well-rounded curriculum to help them become a cybersecurity expert, Ranganathan said.
The program not only covers the technical aspects of cybersecurity, but also the human factors as well.
Social media is a target for stealing information, Ranganathan noted. It is a nontechnical strategy cyberattacker's use that relies heavily on human interaction and often involves tricking people into breaking standard security practices. Today, social engineering is recognized as one of the greatest security threats facing organizations, Ranganathan said.
Protecting your information
Cybersecurity affects everyone, Ranganathan said. It doesn't involve just businesses and the government, UND's program notes. Someone's computer, tablet and cellphone can contain information, such as email addresses, names and birthdates, hackers and other criminals target.
It is important to keep information as safe as possible, Ranganathan said. People should install antivirus software on their computers and other devices that will protect them from known and unknown threats.
Additionally, people should keep their respective operating systems up to date with the latest security patches that may have been put in place, Ranganathan said.
People also should "think twice" when using public Wi-Fi, which can be used by hackers to get personal information in an unsuspecting way, Ranganathan said.
Ranganathan also encourages people to simply use "common sense" when they are browsing the web. Multifactor authentication is important for people and businesses of all sizes to protect their information, King said.