SU’s Information Technology and Services plans to increase Internet security on campus
Syracuse University Information Technology and Services has plans to implement additional internet security measures for all students, university employees and faculty members.
The heightened security plan includes a two-factor authorization system. In addition, ITS will require students to change their password every year, starting this fall. Both of these measures are part of a comprehensive effort by ITS to protect both student and university data from being compromised by hackers.
The two-factor authorization system would require those with a Net ID and password to have an additional piece of information in order to access certain content online. Most likely, the second piece of information will be a code that a user would have to enter in addition to their Net ID and password, according to an SU news release.
Christopher Finkle, communications manager for ITS, said examples of at risk and potentially sensitive content include grades, application information, addresses, phone numbers, credit card numbers, social security numbers, university financial information, health information, bank accounts and anything stored on SU servers.
The means through which students and faculty would obtain the code is still being worked out by ITS in a pilot program that will start in the next few months, Finkle said. Other logistical issues, like what content will be protected, for how long and under what circumstances, are also being tested in the pilot, he said.
Finkle said the pilot will first focus on administrators, since they have access to sensitive university data. Then the program will expand to include students. The end result, he hopes, will increase security while not burdening users with a time consuming and complex login process.
“Obviously it would be more of an inconvenience,” said Dana Wakeley, a sophomore advertising major, “but if it means that my information is more secure from whoever would be stealing it, I guess it would be OK.”
There is no set date as to when the two-factor identification process will be implemented. Everything depends on what the findings are and how both the SU administrators and students react to the pilot program, Finkle said.
“What we don’t want to do is write a bunch of rules and then find out that you can’t do this or it drives people crazy,” he said. “They’re going to try to either cheat and work around it or they’re going to be really angry and their productivity is going to slow down.”
ITS will also require students to change their password every year starting this fall which adds another layer of security. A stolen password that resurfaces at a later date is useless if that password no longer gives access to any personal content, Finkle said.
In the process known as “phishing,” hackers gain access to Net ID and passwords that are then “harvested” and sold to the highest bidder. This usually manifests itself in the form of an email that looks like it was sent from a legitimate source, Finkle said.
Last year alone, 23,000 phishing notices were sent out to users on campus, according to ITS estimates.
Two-factor authorization and the mandatory password changes, once implemented, intend to ensure that hackers whose phishing attacks are successful cannot log in. Both act as a way to confirm that the person logging in using a certain Net ID and password is authorized to do so.
Hailey Temple, a senior public relations and information management and technology major, said recent hacks have made the need for data protection even more important.
“I think it’s really smart to have that extra precaution there because lately computer security hacks have been a really big thing and getting access to information to use it in a harmful way has been a big topic in the tech world,” she said.
Published on September 23, 2014 at 12:01 am
Contact Rachel: rsandler@syr.edu