What Are CIO’s Top Security Priorities?

By Anjli Jain on 7 Oct 2018

Recently, I came across an article, highlighting many vulnerabilities of IT and Information Security. It pointed out some thought-provoking questions, challenges and examples exposing the further advances in cyber threats and data breaches.

Reading about how large enterprises have become an easy target of cyber threats, made me remember a recent conversation I had with an old friend (who is a CIO of an established university here in the States) about the increased number of cyber threats in the education space. While they take every possible measure to protect individual data and information, there is still much awareness to be raised on what makes these threats to take place.

If you have not been paying attention, then you should know that the number of system breaches are shooting up every year and that too at quite an alarming rate. A previous survey showed 14 million breached records between 2005 - 2014. The number of compromised data shot up by 164% in the first half of the year 2017, as per Campus technology reports. The breaches have doubled and increased by 103%, with 118 attacks within those 6 months.

Security Measures To Follow

Reminiscing all the conversations around security and the endless challenges in the education space I have personally encountered during the past decade and the rate at which these threats have been increasing has made me take the liberty to present to you how these small steps have helped redeem many institution's security walls.

Funded by EVC Ventures, QuickLaunch an Identity and Access management platform, took the initiative of securing the web links with deep links to help institutions avoid exposing them on their website thereby saving them from any security breach.

These are well-tested security measures and are the top priorities on every CIO's list. Let’s take a look at them:

1) Multi-Factor Authentication At Login: Multifactor authentication is there to provide you additional security in case someone tries to break into the system and steal important information. As institutions have highly confidential data, they need to ensure that only legitimate users can access the institutional systems and software. This is the top most priority for any CIO.

2) Privileged User Management: An institution cannot limit thousands of users to access only one system, software or an application. They all need to access multiple numbers of apps and it is important to keep a check on who gets what level of access to protect any unauthorized break in. With privileged user management, the institutions can now enable role-based access control with role-based multi-factor authentication.

3) Default Passwords: Default passwords are an old-age practice of assigning passwords to first-time users. This can cause security risk as many of these first-time users may never even initiate to change the password given to them. Rather, self-service first time user registration should be employed to make sure that the user set and defines their own password for all the apps and software.

4) No Password Storage: In case of usual password wallets/managers, credentials are vaulted or stored. However, that is not devoid of a security breach. It’s always best to not store passwords anywhere as they are synchronized with the active directory.

The Bottom Line Is

These are the few of the security measures one can take to protect user based security leading to institutional security as most of the breaches exposed are directly related to the systems used by students. Recently, it was disclosed by the Mississippi education officials that an unauthorized user gained access for 663 students at Tupelo and Jefferson County causing exposure of student data and information.

This led to many actions; a corrective plan, outside security audit and reset of passwords. Although the data released was not very harmful, still, it does make us think of how small and effective measures can save an institution from such threats. It is always better to be safe than sorry.

Don’t take any chances when it comes to your security. Learn more about a platform that can adapt to your institution's infrastructure here.

For more such update follow Anjli Jain on LinkedIn, Twitter and EVC Ventures Blog