Penn State has about 100,000 students across 20 physical campuses, plus an online World Campus. Then there are the faculty, staff and administration.
What do all of those people have in common? Computers. Technology. A rushing stream of information moving invisibly through and around devices and servers around the clock.
It’s amazing. And if you are charged with keeping that information safe, it might be downright terrifying.
The U.S. Department of Homeland Security wants everyone to be aware of that right now. October is National Cybersecurity Awareness Month.
Penn State is certainly aware of it. In May 2015, the school confirmed hacking of the College of Engineering. In June, the school revealed more attacks on the College of Liberal Arts.
“It’s clearly a problem where everyone has to be part of the solution,” said Andrew Sears, dean of the College of Information Sciences and Technology and the university’s chief information security officer.
The Office of Information Security was created last year after the hacks.
“In today’s world, information security is no longer the sole purview of IT — it permeates every facet of a university, a company, organization or institution,” said Provost Nick Jones as he made the announcement.
That is why Sears says the responsibility has to be shared across departments.
“It’s been an interesting process getting everyone together,” he said. “We’ve been able to build some great relationships across the university.”
But the most critical component are those thousands of end-users.
“Individual users are absolutely critical to this. We can do a lot of work in the background, look for things that are problematic, but there are a lot of things they can do, simple things like making sure they have strong passwords, unique passwords, two factor identification. They can make sure the systems they are using are updated,” Sears said. “Many of the incidents are originally a result of something that came in through email. It’s a very simple mechanism for people to use.”
The biggest problem is that cybersecurity isn’t one problem. It’s not even a moving target. It’s an evolving nest of issues that develop as fast as the technology to counter it, making communication and vigilance critical.
“Security begins with awareness,” Sears said. “People need to be aware of their own behaviors and how that can contribute. If the end users aren’t engaged, that makes our job harder.”