20 Sep New UW position focusing on Internet security
Madison, Wis,. – A new position at the University of Wisconsin-Madison will focus on raising campus awareness about the rising tide of hacking, phishing, viruses and other cyber-threats to personal privacy and financial security.
James Lowe, who began this month as UW-Madison’s new chief Internet technology security manager, intends to bring a campus-wide approach to the problem. As decentralized environments that thrive on the free flow of information, universities need to recognize their vulnerabilities but also maintain their unique culture, Lowe says.
“It’s starting to affect the way we do business,” says Lowe of the increasingly sophisticated scams showing up online. “Everyone has a computer and uses e-mail, so we have to take it more seriously.”
To that end, Lowe will take the lead on a new Internet security effort through the Division of Information Technology (DoIT). The campaign centers around an online security page – found at http://www.wisc.edu/security – that helps students and employees “practice safe computing in four easy steps.” It will serve as a one-stop resource for free anti-virus software, operating system patches, primers on phishing scams and copyright rules of the road.
“Identity management is clearly an overarching goal,” says Lowe, who was chief information officer at UW-Eau Claire before coming to UW-Madison. “We need to be coming up with the tools and the techniques that will help people manage the issues for themselves, so they develop a feeling of trust in the network.”
Like most technology issues, extra security will only be useful if it’s simple to implement, Lowe says. So many of the strategies are emphasizing easy access and use. For example, the anti-virus and firewall software is free and only requires a few minutes to download. The operating system patches for all types of computers are also easy to install, and will protect computers from the latest spyware threats.
“If we can make the end product both easy to use and secure, then people will just start doing it naturally,” he says.
In his first month, Lowe is already investigating the development of standardized password policies that will emphasize making passwords tougher to hack. Some systems have requirements on the total number and type of characters in a password, while others have little or no standards. The goal would be not only better passwords, but consolidating more access points so that fewer passwords are needed.
The growth of scams perfectly parallels the growth in Internet commercial usage, he says.
“A decade ago, people were busy trying to just get plugged into the Internet,” says Lowe. “Now we’re busy trying to build in the security after the fact. As all good criminals do, people are finding a way to work the system.”
Not every solution is a technology one, however. Lowe says the best defense against phishing – or fraudulent attempts to steal people’s passwords by masquerading as legitimate institutions – is better education on the practice. The simple understanding that banks never request password information by email, for example, could help counter even the slickest-looking scam.