By Alexander Kennedy
If you haven’t heard news of cyber attacks this year, you haven’t been paying attention. Just in the month of July, a confirmed 139,731,894 records have been leaked from malicious data breaches.
Recently, these attacks have hit closer to home. On Aug. 17, Eastern Maine Community College reported a possible data security breach. According to a statement released by the college, EMCC “has not identified any direct loss of data as a result of the infection” and made this announcement out of a great deal of caution and transparency.
EMCC has begun notifying the 42,000 people who may be affected in this cyber attack.
With EMCC’s connection to SMCC — in that they also belong to the Maine Community College System — this breach brings up one question: What is SMCC doing to prevent this from happening here?
The SMCC IT department has always worked to protect data, following industry standards and adhering to federal regulations and guidelines.
But in this ever-developing cyber world, all of us need to become more security conscious and adaptable — especially IT departments.
Most noticeably, a change has been made to the wireless networks at SMCC. On Aug. 22, all students, staff, and faculty received an email with instructions for connecting to the new network called “eduroam”.
While this network provides helpful features like connecting to WiFi on other participating campuses — 14 in Maine currently — the most important feature of eduroam is the security it offers.
Eduroam uses 802.1x EAP-TLS authentication. This highly secure method forgoes the standard username/password authentication for certificates — small data files stored on a device that contain cryptographic keys allowing the device to connect to the network. All the data sent from your device is encrypted in a secure tunnel to the wireless controller.
EAP-TLS is considered by most to be the best practice when implementing wireless security at an enterprise level.
The IT department at SMCC is also implementing policy changes to improve the security of your data.
Strong efforts are being taken to ensure that the 1300+ computer resources at SMCC are up to date on antivirus versions and definitions.
New software policies are being implemented that would limit the capability of malware like EMOTET — the malicious software that EMCC encountered — should it find its way to SMCC’s network.
SMCC IT is also reviewing its own department policies regarding who or what can view or use network resources. This concept is known as access control.
As our societies becomes more more enmeshed with the cyber world, the need for security will always be at the mental forefront of IT departments everywhere — SMCC is certainly no exception.