Tuesday, October 15

Keshav Tadimeti: UCLA must implement preemptive stringent cybersecurity measures

(Courtesy of Coolcaesar via WikiMedia)

(Courtesy of Coolcaesar via WikiMedia)

You would have to be a yahoo to still be using Yahoo. And this time, that’s not just because Gmail is superior.

If you haven’t heard, Yahoo announced last week there was a massive security breach of its servers, resulting in hackers stealing email account information for over 500 million users. In other words, there’s over a 50 percent chance that your Yahoo account has been compromised. It’s sad to say, but Yahoo has goofed so badly that you probably have a better chance of your account information being leaked than you do of flipping tails on a coin.

While Yahoo’s hackers were only able to get their hands on encrypted versions of users’ passwords, that’s barely comforting, considering users continue to have passwords like ‘1234’, ‘password’ and ‘iloveyou’ for their accounts – passwords that can be easily brute-forced and guessed by auto-generated ‘rainbow lists,’ lists consisting of thousands of simple passwords.

While word of state-sponsored hacking hovers uncertainly in the Yahoo breach tale, it is becoming increasingly clear that no one can wash their hands of cybersecurity – and that includes UCLA’s administrators and students.

As such, UCLA administrators need to take the initiative in bringing UCLA up to speed by holding mandatory cybersecurity best practices for incoming and existing students and enabling basic security features for students’ UCLA-provided accounts – features that include things like two-factor authentication for MyUCLA accounts.

After all, it wasn’t so long ago in 2015 when hackers broke into the UCLA Health system and had access to as many as 4.5 million patients’ records – data that includes everything from patients’ names to their Medicare or health plan ID numbers. A year later, the headache still persists, with UCLA facing a slew of lawsuits from patients because of the data breach.

[Related: UCLA Health faces lawsuits for privacy breach in 2015 cyber attack.]

While there are a number of reasons everyone should invest in heightened network and internet security, it’s especially important that college campuses be leading the charge in that initiative. And that’s not just so administrators can tout their campuses’ cyber infrastructure, but also because college campuses are hotbeds for cyber-attacks.

With access to unimaginable amounts of private information, such as students’ dates of birth, bank accounts, social security numbers, credit card information and health records, it’s no surprise that universities are exceptionally viable targets for cybersecurity attacks.

These problems aren’t without solutions, however. While no attacks are known to have been made on UCLA’s students’ accounts – namely MyUCLA – the time is ripe for the administration to take proactive steps in preventing cyber-attacks. By implementing mandatory cybersecurity best practice sessions into students’ orientation curriculum – or even into introductory, zero week activities – UCLA can make a huge dent in securing its students’ accounts.

Yahoo’s users can mitigate the fallout from these hacks by engaging in better account security practices, such as enabling two-factor authentication protocols, having stronger passwords and enabling email notifications for suspicious login attempts. Likewise, by providing for these kinds of features and educating students about them, UCLA would be much better poised to withstand a breach of its systems – a seemingly inevitable occurrence for all institutions and organizations.

To be fair, the UC has made strides in advancing its cybersecurity infrastructure. When news broke early this year that the UC Regents secretly installed high-powered network monitoring devices that were capable of collecting campuses’ network data – including emails – and storing them up to one month for inspection, UC President Janet Napolitano pointed to how such a system would enable better detection of campus data breaches.

That’s correct, but it’s naive to think such a reactionary and passive form of security – one that can at best detect an attack, but not prevent it – can withstand in today’s ever-changing cybersecurity landscape.

That’s especially true for universities: from 2006 to 2013, over 550 universities reported some sort of data breach, and there have been 32 in this year alone. In 2014, Symantec, a leading internet security company, reported in its annual Internet Security Threat Report that 10 percent of all data breaches occurred in the educational sector. And while that amount dropped to 6.6 percent for 2015, educational institutions still ranked as the third-highest target for sub-sector breaches, surpassed only by the business and health care industries.

As such, it is in UCLA’s best interest to invest in taking pioneering strides in implementing better account security for its students. By implementing active security policies, such as enabling two-factor authentication systems for student and faculty accounts – which adds an extra layer of identification to the login process – there is a much higher chance that it can withstand data breaches and possibly even prevent them.

Rather than being reactionary and waiting for an opportune time to up its cybersecurity game, the UCLA administration needs to be proactive in implementing and educating students about better security policies – especially now, while it still has the time to contemplate.

Otherwise, if it finds itself in the same hole that Yahoo is in, it won’t have that luxury.

Share on FacebookTweet about this on TwitterEmail this to someoneShare on Google+Share on Reddit
Senior staff columnist

Tadimeti was the Daily Bruin's Opinion editor from 2017-2019 and an assistant Opinion editor in the 2016-2017 school year. He tends to write about issues pertaining to the higher education, state politics and the administration, and blogs occasionally about computer science. Tadimeti was also the executive producer of the "No Offense, But" and "In the Know" Daily Bruin Opinion podcasts.

Comments are supposed to create a forum for thoughtful, respectful community discussion. Please be nice. View our full comments policy here.