In his latest video, Max talks about cybersecurity at Boise State being a team sport, with the University, Office of Information Technology, and you working together to keep your personal and work data private.
Hi, this is Max Davis Johnson, Boise State University, Office of Information Technology. Today I want to talk about cybersecurity. And specifically cybersecurity here at Boise State.
Cybersecurity is a team sport. The University is one of the players, OIT is one of the players, and you are one of the players.
There are many things that you can do to help protect your own personal identity, and your own personal devices. You know, making sure that your operating system is up to date. If it’s a Boise State-managed machine, we are updating your applications, we are updating your operating system as appropriate. If it’s your personal machine, please make sure your updates are turned on, you are updating your operating system, and you are updating your applications as appropriate.
Also, at Boise State we’ve got a cybersecurity website: d25vtythmttl3o.cloudfront.net/uploads/sites/42/cybersecurity. There are daily tips, weekly tips, best practices that you as an individual can follow.
Higher ed is unique in the cybersecurity world. We run open networks, which means thousands of people, literally, come in on a daily basis, connect to our networks with their own devices. You know, obviously, students, faculty, guests to the University. That creates its own challenges. We have wide-ranging networks that aren’t necessarily controlled by everybody, so sometimes we have some inconsistencies.
There are a lot of things going on at the University that require us to be extra-vigilant. We have a lot of exposure. So, one of the things that the University does (and OIT does), you are asked to update your password, change your password, every 90 days. It’s important. I know it’s a pain. It’s a pain to me. It’s a pain for everybody that has to do it because we have multiple devices.
It is important. It is important that, from a vulnerability standpoint, that you have a strong password that you change frequently. It makes it harder for people to get into your personal information, it makes it harder for people to get into the University, and it protects not only the University assets, but it protects your assets that are online.
It’s a best practice.
Another thing that we will ask you to do at some point in the future, depending on what information at Boise State you’re going to be accessing, is something called two-factor authentication. You may be familiar with this from your bank. Basically you log in, you get a numeric code sent via text to your personal phone device, and you enter that. Another layer of security if you’re doing important things here at Boise State.
From an email standpoint, our biggest vulnerability comes in through email. We refer to it as phishing. The idea is that it looks like an official email, they ask you to download and open an attachment, the attachment contains some type of virus or malware that infects your machine. That in turn affects the network.
When in doubt, do not open an attachment if you’re not sure of the source or you’re not sure what the attachment is.
Also, Boise State will never ask you in an official Boise State email to provide your password or login. So if you get something like that, odds are really strong that it’s not from us. So do not respond.
Again, cybersecurity is a team sport here at Boise State. It involves the University, it involves OIT, and it involves you.
One of the other things that we do here at Boise State that we do get emails about, and some complaints, is the idea of timeouts, where the system will automatically log you out whether it’s myBoiseState or certain key systems like the PeopleSoft Student Center or like other PeopleSoft systems. And the idea here is that we have a lot of public computers, people get on a public computer, they do their work, and then they walk away from that machine without logging out.
We do this because it’s for your own personal protection, and it’s a best practice.
We are constantly evaluating the length of these timeouts, we’re constantly evaluating if there’s a better way to handle this, but for now timeouts are definitely needed, and we will continue to use this because it is a best practice. Especially where we’re dealing with public computers or computers in an office.
Send your feedback to Max at firstname.lastname@example.org.