Security is everyone's responsibility

UD employees, faculty must collaborate to protect private, high-risk, sensitive information.

TEXT SIZE

10:33 a.m., Oct. 24, 2014--As part of National Cyber Security Awareness Month, the University of Delaware continues to educate the campus community about the risks and responsibilities of information security. But UD isn’t just pushing employee training. The goal is to cultivate a security culture that embraces efforts and awareness on all levels.

John D’Arcy, assistant professor of accounting and MIS, whose research covers the factors influencing information security breaches, emphasizes that it’s important for the security culture at UD to change. 

FYI Stories

June 6: UDid It! Picnic

All UD faculty and staff members are invited to attend the annual UDid It! employee appreciation picnic, set from 11 a.m.-1:30 p.m., Monday, June 6, on The Green.

2FA protects you

If you are using two-factor authentication (2FA), even if a hacker has your password, your information is probably safe.

“People need to understand that their behavior with data has a larger impact beyond themselves,” he said. “And the majority of people that are dealing with data aren’t fully educated on its value and the ramifications if that data were to be breached.”

To put things into perspective, data breaches can cost an organization up to $200 per record. Scale that up according to the number of files compromised in a breach, and the total cost could easily rocket into the millions just for the data itself.

Sensitive data

UD's sensitive data isn’t all paychecks and student grades. Naturally, the University manages employment and education records (tens of thousands of each at any given time). In addition, UD, like most universities, offers medical, wellness and counseling services to students and employees. Those service units maintain records, so healthcare data is added to the mix. As a research university, UD also has to protect an enormous range of proprietary research data, including intellectual property. 

Every file exposed could potentially mean somebody’s research, Social Security number, bank account numbers, human subject data or health information is in someone else’s hands. This information is tremendously valuable, not just to the University but also to individuals.

All this data makes UD a prime target for hackers. Motivated by the value of our information, they continually attack UD systems and accounts in order to find a weakness. Those phishing email messages may appear to be a trivial annoyance, but each one represents a very real threat to the University. 

The majority of campus computer security incidents, including those that result in loss, occur when someone clicks a malicious link on a non-business related website, downloads infected attachments or reveals account information.

Implementing safe practices

As a precaution, UD Information Technologies (IT) is currently identifying and encrypting departmental files containing sensitive information such as SSNs (a process that has already secured hundreds of thousands of files), but the responsibility for protecting UD's information goes beyond IT. Initiatives like Secure UD training are meant to bring these daily responsibilities and threats to employees’ attention. Faculty and staff must develop and maintain safer computing and information processing practices.

University Executive Vice President and Treasurer Scott Douglass said, “It’s important for us all to understand that information security isn’t just an extra responsibility. It’s already part of our workday routine, even if we sometimes don’t realize that.” 

During recent meetings with University administrators, Douglass emphasized the importance of cooperation among administrators, units, and faculty in developing security plans and in holding themselves and one another accountable for information security at UD.

Karl Hassler, associate director of IT System Security, echoed the sentiment: “Units have a responsibility to develop and implement information security standards that safeguard the information in their care.” Hassler said the goal is to develop an organic information security culture that draws upon both University-wide policies and individual units' data needs.

In order to cultivate that security culture, UD relies on efforts from all employees. It’s not a job that gets passed down from executives or pinned on administrators. It’s a collaboration that involves everyone learning and working together for a common goal: developing good information security practices for all data, online or in print, across all of UD’s colleges, departments and units.

Article by Alex Lindstrom

Graphic by Christian Derr

News Media Contact

University of Delaware
Communications and Public Affairs
302-831-NEWS
publicaffairs@udel.edu

UDaily is produced by
Communications and Public Affairs

The Academy Building
105 East Main Street
University of Delaware
Newark, DE 19716 | USA
Phone: (302) 831-2792
email: publicaffairs@udel.edu
www.udel.edu/cpa