Ethics Anonymous Reporting Hotline

Auburn University has contracted with an outside provider, Ethicspoint, Inc. of Portland, Oregon to receive reports regarding concerns over financial irregularities (and similar ethics related matters) and NCAA violations. To file a report, click the Ethics Hotline link or read the FAQ for more information.


Kevin Robinson
Executive Director
Kevin Robinson
Monthly Newsletter
Case In Point:
Lessons for the pro-active manager
Vol. 7 No. 9

This month we turn our attention to a very substantial risk for all of higher education: cybersecurity. October marks the start of National Cybersecurity Awareness Month so we want to use this month's Case-in-Point to discuss practical ways that you can better manage these important risks. I've asked Robert Gottesman, Information Systems Auditor to provide us with guidance on these issues.

* * * *

According to the online database located at, 297 breaches were publically reported during the 2014 calendar year resulting in the exposure of 67,924,685 records containing personally identifiable information. The media dubbed the year 2014, "The Year of the Data Breach." Perhaps we should reconsider applying the moniker to 2015 since already this year, there have been over 132,000,000 records containing personally identifiable information exposed. The largest data loss on record, so far this year, falls to the U.S. Office of Personnel Management (OPM). In two separate breaches, the personally identifiable information of over 21.5 million federal employees and contractors was exposed in what is being attributed to nation-state hackers. Weaknesses in OPM's network security and neglected basic security guidelines played a part in these breaches.

As end-users we alone cannot prevent our institutions from experiencing a breach, but we must each be vigilant to prevent a breach resulting from our own bad habits. For example, one common cause of data loss is lost or stolen devices. Each of us has a role to play in preventing the loss of University data by ensuring that portable devices (laptops, flash drives, smartphones) are properly secured. Take inventory of devices you utilize to ensure they are password protected, encrypted and do not contain sensitive data. If necessary, contact your IT professional for help.

Similarly, we each have a responsibility to protect our authentication information. Make sure your passwords are strong and avoid password reuse. In July of this year, a commercial adult website was breached and over 30 million accounts were exposed. Like many websites, to access the site you log in using an email address and password. Hackers were able to decrypt 11 million of the exposed encrypted passwords in short order using a brute force dictionary attack. Many of the email accounts used as the user name for this site were user's work email addresses. If the passwords were also their work passwords, this represents a huge risk to their employers. Think about all the websites you visit that require you to create a user name and password. If you use your University credentials you put the University at risk should any one of these third-party websites be compromised. Consider using a password vault on your (password protected, encrypted) smartphone that stores passwords locally and create different credentials for each site you visit. (The October 2015 monthly Security Awareness Newsletter from SANS covers more information about password vaults.) Wherever possible, if a website offers two-factor authentication take advantage of this to further protect your account from unauthorized access. This is becoming more popular and many banks and social media sites now offer this option.

Finally, continue to be suspicious of unsolicited emails, especially those which ask you to verify your login credentials or ask for any personal information.

* * * *

While cybersecurity issues are very important, the number of risks we face within higher education are vast and diverse. We again encourage you to review the issues we've observed over the prior month across our industry and think about whether you have any similar issues that may need pro-active attention and management. As always we encourage your comments and feedback.


Latest IT Security News

Google adopts single sign-on for more desktop, mobile apps10/13/2015
The most important security question to ask users10/13/2015
Fake LinkedIn profiles lure unsuspecting users10/12/2015
Don’t blame Linux for the XOR botnet10/12/2015
Bossies 2015: The Best of Open Source Software Awards09/16/2015
Bossie Awards 2015: The best open source networking and security software09/16/2015
Review: How to protect top-secret data08/31/2015
7 top tools for single sign-on06/19/2015
Review: Portnox, Extreme lead NAC pack03/31/2015
InfoWorld's 2015 Technology of the Year Award winners01/26/2015


Last Updated: September 30, 2015

Internal Auditing | Auburn, Alabama 36849 | (334) 844-4389 |
Website Feedback | Privacy | Copyright ©