Published January 12, 2021
At research universities like UB, we create and share knowledge and information in good faith—and we’ve been using the internet to do it since before it was the internet. But what it means to be online is changing, and as we put our information security strategy into place, we’re taking those changes into account so UB can keep sharing the right way.
Information security is a practice. While that requires each of us to be mindful on an individual level about how we engage with technology, we in UB’s Information Security Office can make that practice easier by offering sensible protections to accommodate those who work at UB.
The introduction of Duo two-step verification in 2019 was a major step in the right direction. Duo is effective because it recognizes one way the internet is changing—i.e., in an age where millions of stolen passwords are routinely offered up for sale on the dark web, a strong password is no longer enough—and responds by building an extra layer of security into your existing login process. There’s a reason every major university in the U.S. uses two-step verification: it instantly and dramatically reduces the chances of being compromised.
Protecting UB’s people, and their access to UB’s systems and data, is the foundational layer of our larger information security strategy. The next step is extending those protections to better cover those systems and data, ensuring secure access for the right people while keeping the bad actors out.
UB’s firewalls are a critical piece of this strategy. Firewalls provide the kind of “always on” protection we’ve come to take for granted. Included with every operating system and home internet router, we often assume a firewall is actively protecting us and our work, even when it may not be. If we assume our connections are secure when they are not, it opens the door for malicious actors to step in and do what they will, effortlessly… no “hacking” required.
In 2021, a university-wide committee will take a close look at our network design, and ensure it’s up to the task of information work in the 2020s and beyond. New internet protection rules will be implemented to stop malicious outsiders by default, while the vast majority of our community will notice no change in the way they do their work.
Over the next year, we will put these and other new and important protections into place. We’ll be expanding secure remote access with our VPN, adding protections for sensitive data in our documents and better automatic detection of suspicious links in email. What these changes all have in common is that they represent a sensible approach to meeting the changing landscape of the internet while respecting the unique position we are in as a large research university.
UB is a community of communities, and, while each of us may do different work, we all value the open sharing of knowledge and information as intended. When we’re protecting UB’s identity, data and devices, and evolving with the threats, then we’re fulfilling our mission of keeping UB safe.
Mark Herron is UB's Information Security Officer. He has more than 20 years of experience in information technology, security and compliance; his expertise includes risk assessment and mitigation, as well as compliance and governance.