The Division of Information Technology will install software that scans for sensitive data on all University of Maryland computers and will implement more login steps for systems such as ELMS, officials said.
This two-part plan, announced Monday, will better protect information such as Social Security numbers and credit card information as part of an effort to increase cybersecurity, said Eric Denna, DIT chief information officer.
After the February 2014 security breach that resulted in the leak of 287,580 records of personal student, faculty and staff information, DIT recently found a “surprising” number of university computers still contain sensitive information, and the department needs to do more work to protect it, Denna said.
As a mean to identify and isolate sensitive data, DIT will install Identity Finder software — which sweeps computers for patterns resembling Social Security numbers or credit card information. The software gives users the option to then erase or encrypt the data, and it will also be available for students to download, Denna said.
Passwords are no longer enough to secure sensitive data, Denna said, and information is safer when more steps are necessary to access it. With multi-factor identification, users input a password and then submit additional information through another device, such as a confirmation button on a cellphone or randomly generated numbers on a security fob.
This is why DIT will launch a plan to use the tool Duo Security to begin implementing multi-factor authentication for logging in and completing transactions online, according to an email from Crystal Brown, the university’s chief communications officer.
This additional step ensures the user is who they say they are, Denna said, and is already used by financial companies such as E-Trade and universities such as Stanford.
DIT will initially only implement this multi-factor identification for Kuali Financial System, which the university uses for accounting and to store other financial information, but eventually it will be used for all university systems, Denna said.
The Kuali Financial System will be used as a way to test the process before it is implemented on a system-to-system basis, Denna said.
Eventually, they will require multi-factor identification to log onto all university systems that contain sensitive data, including health systems and Enterprise Learning Management System, Denna said.
DIT has not determined the timeline for this large-scale implementation yet, but will have benchmarks by the end of the summer, he said.
In addition to encouraging safe practices for students, DIT is launching these programs to protect security while keeping the university network available to the campus community, Denna said. As a university with tens of thousands of people accessing the network daily, the system’s openness is necessary, but security is also paramount, Denna said.
