Cybersecurity top priority for North Dakota University System
GRAND FORKS—A recent breach in cybersecurity with the North Dakota University System wasn't the first time it was hacked, but higher education leaders say keeping information safe in an ever-evolving world is a top priority.
The NDUS recently reported there was unauthorized access to an employee's email account in July, an account which contained around 9,400 individuals' personal information. Evidence indicates the account credentials were stolen through a successful "phishing" campaign, the system office said earlier this month.
No credit card or bank account information was contained in the email account, NDUS said.
A university system computer server also was hacked in February 2014. That affected nearly 300,000 past and present students.
The hack was a "catalyst" for making several changes at the university system, said Darin King, vice chancellor for IT and chief information officer with the university system.
King said when he arrived at NDUS in 2013, he and others saw that there were several policy issues he and his team needed to solve. A formalized information security team was created. The team has spent time updating their policies and procedures and standards, as well as conducting reviews regularly.
For some time, the state's two largest universities—University of North Dakota and North Dakota State University—conducted their IT separately and would offer up their services to other campuses, said Jerry Rostad, assistant chief information officer at NDUS. The IT system is now centralized across NDUS and has been making "a lot of progress over a short period of time," he said.
"The IT world has continued to evolve," Rostad said. "As the world has changed we're evolving as an organization as well."
Instead of having 11 campuses run 11 different email systems, there were "efficiencies to be gained" to consolidate email into a single operation, Rostad said.
"Risk-reduction" is important to NDUS, King said, adding they are constantly looking at what their risk is today and what they can do to lower that risk.
"It's very much focused on risk management in all of these conversations," he said.
In response to these security incidents and to help prevent them in the future, NDUS is continually modifying its systems and practices to enhance the security of sensitive information, King said. One such effort underway is to enable multifactor authentication across all of their systems.
"Every time we implement multifactor on a system we continue to reduce the risk," King said.
Protecting your information
Cybersecurity affects everyone, Prakash Ranganathan, director of cybersecurity programs at UND, said. Someone's computer, tablet and cellphone can contain information, such as email addresses, names and birthdates, that hackers and other criminals target.
It is important to keep information as safe as possible, Ranganathan said. People should install antivirus software on their computers and other devices that will protect them from known and unknown threats.
Additionally, people should keep their respective operating systems up to date with the latest security patches that may have been put in place, he said.
People also should "think twice" when using public Wi-Fi, which can be used by hackers to get personal information in an unsuspecting way, Ranganathan said.
He also encourages people to simply use "common sense" when they are browsing the web. Multifactor authentication is important for people and businesses of all sizes to protect their information, King said.