Skip to main content
Link to news home page
News

Position to help sound alarm on campus IT security

September 20, 2005 By Brian Mattmiller

A new position at UW–Madison will focus on raising campus awareness about the rising tide of hacking, phishing, viruses and other cyber-threats to personal privacy and financial security.

James Lowe, who began in September as UW–Madison’s new chief Internet technology security manager, intends to bring a campus-wide approach to the problem. As decentralized environments that thrive on the free flow of information, universities need to recognize their vulnerabilities but also maintain their unique culture, Lowe says.

To that end, Lowe will take the lead on a new Internet security effort through the Division of Information Technology (DoIT). The campaign centers around an online security page that helps students and employees “practice safe computing in four easy steps.” It will serve as a one-stop resource for free anti-virus software, operating system patches, primers on phishing scams and copyright rules of the road.

“It’s starting to affect the way we do business,” says Lowe of the increasingly sophisticated scams showing up online. “Everyone has a computer and uses email, so we have to take it more seriously.”

“Identity management is clearly an overarching goal,” says Lowe, who was chief information officer at UW-Eau Claire before coming to UW–Madison. “We need to be coming up with the tools and the techniques that will help people manage the issues for themselves, so they develop a feeling of trust in the network.”

Like most technology issues, extra security will only be useful if it’s simple to implement, Lowe says. So many of the strategies are emphasizing easy access and use. For example, the anti-virus and firewall software is free and only requires a few minutes to download. The operating system patches for all types of computers are also easy to install, and will protect computers from the latest spyware threats.

“If we can make the end product both easy to use and secure, then people will just start doing it naturally,” he says.

In his first month, Lowe is already investigating the development of standardized password policies that will emphasize making passwords tougher to hack. Some systems have requirements on the total number and type of characters in a password, while others have little or no standards. The goal would be not only better passwords, but consolidating more access points so that fewer passwords are needed.

The growth of scams perfectly parallels the growth in Internet commercial usage, he says.

“A decade ago, people were busy trying to just get plugged into the Internet,” says Lowe. “Now we’re busy trying to build in the security after the fact. As all good criminals do, people are finding a way to work the system.”

Not every solution is a technology one, however. Lowe says the best defense against phishing – or fraudulent attempts to steal people’s passwords by masquerading as legitimate institutions – is better education on the practice. The simple understanding that banks never request password information by email, for example, could help counter even the slickest-looking scam.

Lowe has been involved with university technology for 22 years professionally, and he relishes the free and open exchange that technology helps foster. Of course, that’s also what makes security a challenge.

“Universities are built around a culture of scholarly exchange of information and ideas,” says Lowe. “Security can run somewhat counter to that idea, because you are locking systems down to ensure that information is being shared only with the intended parties. So there’s a little cultural change we want to promote.”