In his latest video, Chief Information Officer Max Davis-Johnson talks about Boise State University’s cybersecurity journey. Cybersecurity consists of technology, processes, and people. Our campus community’s adoption of VPN and multi-factor authentication has assisted the Office of Information Technology to help keep the university’s digital assets safe.
Higher education has unique challenges, and we’re always one click away from something bad happening. We all play a role in prevention, detection, and remediation to help keep our data secure.
Watch the video (or read the transcript):
Hi, this is Max Davis-Johnson, Boise State University, Office of Information Technology.
Today I’m going to talk about our cybersecurity journey here at Boise State.
Like any technology, cybersecurity consists of technology, process, and people, and in this case, “people” is probably one of the more important aspects of cybersecurity technology.
Cybersecurity is unique in higher ed. We have literally thousands of guests coming on campus every day, i.e., students coming to campus every day, connecting to our network with their own devices, which creates some unique challenges.
We have a remote workforce that is coming in from all over the country. We have students coming in from all over the country, in some cases all over the world.
And, you know, we have a lot of regulatory things we have to deal with. Different agencies, you know, we have FERPA, we have HIPAA, we have PHI, we have
PCI. We have research that requires certain…if we’re doing Department of Energy or Department of Defense type of research they all have stringent requirements that, from a security and access control standpoint, that we have to know how to manage.
So it adds a whole level of complexity to what we’re trying to do here.
We have three core things that we try to do with our cybersecurity journey here. We do prevention, we do detection, and we do remediation, and we all have a role in all three of those. From a prevention standpoint, we rely heavily on our firewalls to filter traffic coming in and out of campus and we have an astronomical amount of traffic that just comes in on a daily basis. The idea is we let the good stuff in and we block the bad stuff from coming in.
That’s an important part of what we do in keeping all of our systems and networks current from an operating system and current release standpoint. Again, that’s critical, just as it’s critical that you keep your machines, your devices on the most current operating system. You know, that’s a role you can certainly play in this.
We now have the ability to not only see who is connected to our network, what is connected to our network, but also what they are doing. Again that’s critical in the detection and prevention. And just as we have asked you to embrace multi-factor authentication and using VPN here on campus, we’re going to be asking students to start this in the beginning of October.
And just FYI, it is much easier to use the app with multi-factor authentication. Basically, you tap it and you’re good to go once you load it.
So anyway, I just want to thank everybody for being vigilant as we move forward. As a reminder, phishing is another area that we’re fairly vulnerable in. We’ve done an excellent job over the last number of weeks…or last number of months…hopefully I’m not jinxing us, but just remember if somebody asks you for your login, your password, or they ask you to click on an attachment that you don’t know who it’s from, odds are really, really strong it’s a phishing attempt. Do not click!
Anyway, with those words of wisdom, hopefully…thank you for listening and we’ll see you next time. Bye.
Contact Max at firstname.lastname@example.org.