In an effort to raise awareness on cybersecurity risks and preventative measures and to protect employees and students, the BYU-Idaho Information Technology Department has launched a long-term security-awareness initiative.
I.T. Director of Process Improvement Anne Stott says that maintaining a safe technological environment for everyone on campus is a top priority for their department. Stott believes a safe environment enables university members to have a positive experience at BYU-Idaho.
"We care deeply about everyone on campus and that they are protected," Stott said. "We are here trying to serve as a way to help them protect their information, their accounts, their systems, and our systems. That takes a vigilant effort on everyone's part. Ultimately it is so that we can have a safe university, and that everyone can have an incredible experience."
The security initiative consists of various procedures geared towards protecting the university. I.T. employees actively seek to remain up to date on security risks to maintain effective procedures.
Steps taken in the initiative include: communication efforts, website updates, password expiration, 2-factor authentication, protecting accounts and systems, and updating security policies and standards.
Cybersecurity is more than a one-step process, according to I.T. Solutions Identity Architect Matt Wolfley.
"When it comes to security, a lot of people don't really realize that it's a layered approach," Wolfley said. "It is important to understand the need to be aware of the kinds of threats that you can run into, especially from an educational standpoint."
Students and employees have an added layer of protection with the procedures created by the I.T. Department. Steps such as 2-factor authentication, implemented last summer, can offer protection even when they seem inconvenient, according to I.T. Solutions Managing Director Joe McWilliams.
"We recognize that it isn't always convenient," McWilliams said. "It's not convenient to have to do a 2-factor authentication on your cell phone, or remember a new password, or any number of things. It's a balance between usability and protecting, ultimately, the students and employees and their information."
A major aspect of the security initiative is communication. The I.T. Department seeks to maintain active communication with university members. Through their communication and awareness efforts they hope to empower university members to be in control of their own safety, according to I.T. Communications Coordinator Jordan Davidson.
"One of the biggest benefits of this initiative is in proactivity vs reactivity," Davidson said. "It is giving people the information that they need in order to arm themselves against problems, so that a lot of those problems can be eradicated before they even happen. It's empowering because it's telling people that they are in control of their own cybersecurity."
Communication efforts include a new website, launched during the Fall 2017 Semester. Valuable information can be found within the website's six sections: Prevention, Viruses, Accounts & Passwords, Change Your Password, 2-Factor Authentication, and Policies. In order to provide the most current material, the website is constantly updated.
"We update and look at the website almost every day," Stott said. "As far as the site itself and new content, we update that weekly, but we are looking at it every day to make sure it is accurate."
The steps that have been taken are a part of the first phase of the security-awareness initiative. University members can expect more messages and training from the I.T. Department in the upcoming year.
"We will be doing even more in-depth awareness and training for the university," Stott said. "This will be continually ebbing and flowing and new things coming, depending on the needs of the audience and the university."