University emphasizes technology security measures in wake of SC data breach

OCTOBER 29, 2012

The following statement was issued to all faculty, staff and students today in response to the Oct. 26 announcement of a serious data breach at the S.C. Department of Revenue.

TO: Faculty, Staff and Students
FROM:    Fred Miller, Chief Information Officer
SUBJECT: Technology Security

The recent announcement by the South Carolina Department of Revenue that a major data breach of its computing systems has occurred is a reminder that no system is immune to cyber attacks. This would, of course, include Furman’s own systems, and I write today to inform members of our University community about measures we take to prevent such attacks.

Information security and privacy are vitally important, for students, faculty, staff, and alumni alike, and Furman takes the security and privacy of information seriously. We know that hackers probe Furman systems looking for vulnerabilities, and we need to remain vigilant.

University auditors routinely check to ensure that Furman follows industry best practices for information technology security, including the use of internal and external firewalls, intrusion prevention systems, and scheduled scans of systems for vulnerabilities. We require strong passwords for all systems, and all users are required to change their passwords at least every 160 days. Users with access to systems with highly sensitive information are required to change their passwords at least every 90 days.

In addition, the university never stores credit card information on Furman servers, and requires service providers to comply with the stringent security terms in university contracts. While we do store social security numbers on Furman systems, only personnel with a need to know have access to them. The University stopped using social security number as an identifier years ago, in favor of a seven digit Furman ID. We now use social security numbers only to comply with federal financial aid and tax regulations.

Dexter Caldwell, our Director of Systems and Networks, has been serving as the University’s information security officer, and ensures that the university systems are continually monitored and kept up-to-date. We continue to explore additional security measures, such as advanced data encryption techniques and two-factor authentication, to protect Furman’s highly sensitive data.

In closing, I remind everyone that one of the best ways for each of us to protect our information is to never share your passwords with another person.

If you have questions about Furman’s information security, please call the Information Technology Service Center at (864) 294 3277.