Information Security Update for the Campus Community

04/30/18

Contributed by David Weil

The purpose of this announcement is to provide you with an update regarding changes underway that will impact how you connect to many of the college’s information systems, including email.  These changes are necessary due to a significant increase in information security related criminal activity targeting higher education institutions including Ithaca College.

One of the most visible changes will be the phasing in of Multi-Factor Authentication (MFA) for access to college email and other Office 365 applications (see below).   

In February we posted general information about things that you can do to be more secure online (see “IT@IC Update - It’s About Security”). This message contains specific steps IT is taking to increase information security for you and the college. In addition to the summaries below, on Tuesday, May 8, from 11 – Noon and Thursday, May 10, from Noon – 1, we will be holding two open information sessions in Job Hall room 312 to talk more about these initiatives (no registration is required).

Already in place:

  1. In January, the college Senior Leadership established the Information Security Governance Council (ISGC) to provide guidance and policy support for the college’s information security protections. ISGC consists of the Executive VP and General Counsel, Provost, VP for Finance and Administration, AVP for IT and Chief Information Officer, Information Security Officer, and Executive Director for Applications and Infrastructure. The ISGC was instrumental in reviewing and approving the changes described in this document.
     
  2. The “Report as Phishing” button has been added to Outlook email clients, allowing you to easily report suspicious emails. Clicking the button moves the message to your junk mail folder and sends a copy to IT for investigation.
     
  3. We have implemented Microsoft’s Safe Links feature in Office 365 email to help protect against malicious web links in phishing messages. See “Ithaca College Email - Safe Links Phishing Protection”. Although less visible, we have also implemented Microsoft’s Safe Attachments feature, which dynamically checks attached files for malicious activity before delivering them.
     
  4. Numerous other behind the scenes technologies and processes to improve the security of our information systems.

Coming soon:

  1. Multi-Factor Authentication (MFA)

    MFA (also called two-factor authentication) has gained wide-spread adoption across higher education and other industries to improve security. MFA helps verify that the person logging into your account is actually you. After you successfully enter your username and password, MFA then implements a secondary verification step via one of the following methods:

    - Using a message sent to a previously registered app on your smartphone
    - A verification call to a pre-registered phone number
    - A numerical code from a small security token in addition to your password

    In general, you are only prompted for the second factor on a device about every 14 days.

    Since January, three hundred of your colleagues have been using MFA for access to the college email system and other Office 365 applications. Starting later this summer, all faculty, staff and students will be able to opt in. Mandatory use of MFA by faculty, staff and students will be phased in over the course of the 2018/19 academic year. More details will be forthcoming early this summer.

    MFA will also be enabled for other campus applications over time, and we strongly encourage you to activate MFA for your personal accounts wherever it is offered by your banks, personal email providers, social media accounts, etc.
     
  2. On-line Information Security Courses

    At least once each year, all faculty and staff members will be required to take a short on-line information security course. Similar to the annual Workplace Harassment Prevention Training from HR, this course will help you to protect yourselves, your families, and the college against information security attacks.
     
  3. Automatic restart of computers

    When necessary for installation of security updates, college managed Windows and Macintosh computers will automatically restart. You will be prompted, and have opportunity to delay the restart. IT will handle exception requests for individual computers that need to be restarted manually or on a specific schedule. Without this automation, many systems are not restarted for extended time periods and remain vulnerable to attack.

In addition to the above, numerous initiatives, both visible and behind the scenes, are underway to help protect your information stored within the college’s information technology resources. Additional announcements will be made over time as appropriate.

We invite you to attend one of the information sessions to learn more about these initiatives. If you are unable to attend, please feel free to reach out to the Service Desk at 607-274-1000 (servicedesk@ithaca.edu) or myself if you have any questions or concerns.

We thank you for your cooperation and understanding as we take these prudent steps to increase the security of your data in the college’s information technology systems.

David Weil
Associate Vice President and Chief Information Officer
Information Technology
Ithaca College
607-274-3098
cio@ithaca.edu

Individuals with disabilities requiring accommodations should contact Shelli Mekos at cio@ithaca.edu or (607) 274-3098. We ask that requests for accommodations be made as soon as possible.

0 Comments


https://www.ithaca.edu/intercom/article.php/20180430122417243