College implements new password security system
The Institutional Policy Committee passed a new rule that forces faculty members to password protect their personal computers and phones, provided that they could be used to share confidential OCCC information.
The new college rule is part of the updated Information Technology Resources Acceptable Use Policy. The decision was made May 17 when faculty and students were on summer break.
“The purpose of the policy is to prevent unauthorized access to confidential information,” said Jerry Steward, executive vice president.
The added section of policy reads, “Any mobile device that contains any confidential OCCC information shall be password protected. This is to include, but is not limited to, personal computers, laptops, e-mail, telephones, cell phones, radios, pagers, or any new portable electronic device or message/communication applications such as texts, twitters, instant messages.”
The reasons for the policy change are obvious, Steward said.
“Technology is changing. Ten or 20 years ago, everyone was a slave to their desktop computer and not very many people used cell phones. Now new communication devices and applications are introduced all of the time, and our security needs to adapt,” Steward said.
Vicki Gibson, Information Technology vice president, oversaw the writing of the policy change.
“Professors aren’t supposed to communicate with students outside of their OCCC e-mail in the first place,” Gibson said. “So this shouldn’t affect any professor’s ability to teach.”
The vice presidents were asked but did not explain how this rule will be enforced.
But serious cases of faculty breaking the Information Technology policy could result in that person having computer privileges revoked, said Gibson.
Sue Hinton, journalism professor, said,“The confidential student information the school keeps on file ranges from grades, to social security numbers, to the student bank account numbers at the Bursar’s office.”
“All of that information could be very valuable to anyone who wanted to benefit from your misfortune,” said Hinton.
Other faculty members question the policy’s clarity. Math professor Jay Malmstrom said the decision doesn’t address the real challenge in securing private information.
“The wording of the policy is too vague,” said Malmstrom, who said he worked as an applied mathematician in the U.S. Navy for 18 years. There, he worked on security network information systems.
“It’s my professional opinion that the schools’ password protection doesn’t provide any real security,” he said. “The login ID and password information of everyone here is pretty obvious. The only thing that could deter a possible information thief is encryption.”
If a person stole a computer from the campus, the login information of the last user is kept on file and is available for information thieves. Password cracking software is freely available on the Internet.
The new policy is an effort to protect the school from spoofing attacks, Malmstrom said.
A spoofing attack is when a potential thief tries to lure confidential information from a victim by pretending to be someone he is not.
Dana Tuley-Williams, systems administrator for the Keith Leftwich Memorial Library, shares the opinion of Malmstrom.
“I don’t know how they are planning on enforcing this,” said Tuley-Williams. “I think these passwords can be easily circumvented, but the school is doing the best they can.”
To contact Danniel Parker, email firstname.lastname@example.org.