It seems like almost every week you read stories about giant hacks and millions of personal records lost or stolen. Yahoo! recently unveiled that data associated with 3 billion customer accounts was stolen. Equifax was breached and the personal information of 145.5 million people was compromised. MySpace, LinkedIn, eBay, Target – the list of companies from which hackers stole or compromised valuable personal data is long and seemingly always getting longer.
Like the rest of the modern world, Texas State University is not immune to such digital attacks. Using phishing, malware, ransomware and a host of other tactics, criminals from around the world are frequently trying to breach the university’s security to steal data about university students, staff, and faculty. In the face of these constant threats, the team in Texas State’s Information Security Office works diligently every day implementing security measures to protect the university, stopping the attacks they find, and offering education and advice to campus about how to protect themselves and the university both now and into the future.
In late 2016, the Information Security Office became a standalone unit of the Division of Information Technology, with Chief Information Security Officer Dan Owen reporting directly to Ken Pierce, the Vice President for Information Technology. The department was previously known as IT Security and was lower in the structure of the division. The change was meant to ramp up digital security effectiveness at Texas State and raise the level of knowledge and discussion about information security on campus. Information Security’s mission is two-fold: safeguard campus information resources and data, and educate faculty, staff, and students about the best ways to protect both their own and the university’s information resources, including protections from identity theft. At the time of the change, Pierce said, “I believe very strongly that we must have a safe and secure campus information infrastructure.” Texas State is constantly under attack from malicious actors. Would-be criminals make frequent attempts to gain access to everything from faculty and staff NetID credentials to federally protected student and health records. While the attacks are not new, the tactics are ever changing. In 2017, the rate of attacks was on the rise – and the tactics, particularly phishing attacks, have begun to shift their aim to the students.
“It’s a constant battle,” admits Owen.
This year, the security office has taken many steps to help in the battle against cyber criminals; revamping the Information Security website with a new, more user-friendly interface, designed to make it easier to find educational materials, campus outreach events, and other resources. They also developed their first online training course and increased educational outreach both to the information security and university communities through dedicated social media channels, @infosectxst on Twitter and InfoSecTXST on Facebook, with the help of the IT Division’s social media expert Nicholas Dunlap.
By Nicholas Dunlap