Cyber security requires a combination of technology, awareness

Posted October 21, 2015

October is National Cyber Security Awareness Month and with technology becoming more entwined with people’s daily lives the importance of cyber security becomes more important.

If a person is not careful their information ranging from passwords to home addresses could potentially be stolen. At UW-River Falls a handful of students have been targeted by “phishing” attempts, which often is defined as attempting to gain sensitive information from someone by pretending to be a trusted entity in an electronic communication.

The Division of Technology Services (DoTS) is responsible for making sure that those on campus can safely interact with devices and services around campus without having to worry about information being stolen. Chief Information Officer Stephen Reed explained via an email interview that phishing is a significant national problem, not just a local problem.

Problems like phishing are just one part of a wide range of problems that can occur and DoTS has set up precautions to help prevent these problems.

“We have several technologies implemented to protect data, students and employees at UWRF,” Reed said.

Reed said he believes that DoTS does a good job in protecting data on campus, but it can be expensive.

“Unfortunately, information security is costly and when trying to provide the highest level of security, it reduces flexibility,” Reed said. “It is a fine balance.”

Even with these technologies designed to protect data on campus, there is only so much DoTS can do. According to Reed, the most important part of protecting data is user awareness, as a majority of breaches that occur are due to user negligence. If a user downloads a malware or a virus there is little DoTS can do to prevent that.

“IT (Information Technology) cannot control what information people provide,” Reed said.

IT is just one layer of protection. Another is awareness. Making sure people are aware of the risks of handing out information online and knowing how to securely do so is important, and is the best way to prevent problems like phishing.

According to a 2014 BitSight study, higher education institutions rank far below the retail and health care sectors when it comes to preventing security breaches. Reed said much of that is due to financial resources and the right of academic freedom. With the budgets that schools face it can be tougher to invest in cyber security compared to other sectors.

The lack of resources has affected the plans DoTS was pursuing to raise awareness this month. DoTS is using its service center to help raise awareness, though the department was planning on a larger initiative.

“DoTS takes information security very seriously and have implemented several processes to protect data, employees and students,” Reed said. “We have several processes implemented that many other UW campuses don’t.”