Photo courtesy of WCPO | Students, faculty and staff have until Feb. 27 to change their passwords and will need to update them every 180 days. The new policy aims to address an increase in cybersecurity threats as well as raise awareness.
Among other measures, Xavier is now enforcing changes in passwords to counter cybersecurity threats to the university. Students, faculty and staff have until Feb. 27 to change their passwords and will be required to change their passwords every 180 days, or approximately every six months.
The changes are the result of repeated attempts to gain faculty, staff and student information. According to Jeff Edwards, associate provost and CIO of the Information Technologies division, 338 faculty and staff gave up their credentials in phishing or malware attacks during the fall semester.
Other examples of harmful effects of the attacks include an instance in which bank account information was lost.
In addition the campus-wide password change, the requirements for the passwords themselves are changing. Passwords must now be at least 12 characters rather than eight. Edwards said this is an important step to strengthen safety because it will make it more difficult for people to guess passwords.
Changing passwords and password requirements is part of a larger strategy that seeks to emphasize education about cybersecurity for both faculty and students. According to Edwards, the university is working on plans to ensure the security of websites as well as decommission those that are deemed insecure.
Currently, faculty computers are scanned to ensure that there is no malware, and their hard drives are encrypted so as to maintain their security. Furthermore, all faculty and staff received training in the fall semester on cybersecurity information and measures. However, only 10 percent of the student body watched the training video on cybersecurity offered to them.
Reactions to the new policy amongst the student body vary — some are frustrated, some are understanding and some express a combination of both. One concern raised by first-year Katie Nichols is that students could simply use variations of the same password, and she wondered what impact this will have on strengthening Xavier’s cybersecurity.
Nevertheless, she feels that cybersecurity education is necessary because students have become “so accustomed” to technology, yet many remain unaware of the “harm that it can have.” Given the potential for the “huge impacts” that can come about because of a lack of awareness, Nichols suggested the necessity of “creative solutions” to engage students.
Edwards suggested that students share information amongst themselves about cybersecurity. Similar to Edwards, Nichols highlighted the importance of creating education that “directly impacts each person” to emphasize cybersecurity’s place on campus.
In the meantime, Edwards stresses the importance of remaining cautious when it comes to one’s password and account information.
By: Alex Ackerman ~Guest Writer~