Teaching Data Security to Tomorrow’s Professionals | Information Technology | University of Pittsburgh
!

Teaching Data Security to Tomorrow’s Professionals

In April, the Office of the Provost announced that 2021-22 will be the Year of Data and Society, encouraging the University community to focus on the importance of data science in our daily lives. One project in particular under the Data and Society umbrella has been underway for quite some time. The School of Computing and Information (SCI) is working to educate the broader Pittsburgh community on the importance of data and how we can keep our data secure … and Pitt Information Technology is an eager participant.

Creating a Better Curriculum

The Security Assured Data Science Education and Training project—also known as SADET—aims to create a foundational and interdisciplinary data science and cybersecurity curriculum for local high schools. SADET is supported by the National Science Foundation and hopes that by collaborating with local high school teachers and administrators to create a security-assured data science curriculum, students will develop stronger digital literacy skills and a desire to pursue data science during their college and professional careers.

“Every person has a role in data security and should be aware of it. It should be taught to all middle and high school students,” says Balaji Palanisamy, associate professor at SCI and the leader of the SADET project. 

Pitt IT Helps Teach the Teachers

Pitt IT staff have been involved with SADET since its start in 2017. Over the years, the project has hosted three full-day workshops where technology experts—including several from Pitt IT—give presentations to local high school educators and administrators about various topics in data science.

At this year’s virtual workshop, Pitt IT’s Ric Fera and Jeff Walzer gave a demonstration of Splunk. That service uses machine learning algorithms to collect and analyze data from various computer, system, and network logs. Fera and Walzer used dummy data to show how the system works to detect data security threats.

Fera and Walzer utilize the software continuously in their roles on Pitt IT’s Information Security Team to identify potential data security threats at the University. It helps find anomalies, such as increased firewall activity. “Splunk has a really powerful search tool—it's like Google for security. It helps you look for a specific needle in a stack of needles.” Once they detect a potential threat through Splunk, they build a timeline of events based on the data Splunk provides. They then reach out to the appropriate department’s security administrators to begin an investigation and resolve the problem.

Eric Allen, a Pitt IT lead network engineer, also gave a presentation on how to successfully secure a network. Allen encouraged participants to understand the data assets they are looking to protect and also gave insight into how Pitt IT secures the University’s networks. “A lot of organizations place a firewall at the edges of a network, when you first log on. But once you get in, it’s a free-for-all and you have access to anything you want. Pitt IT segments the sensitive data and then implements internal firewalls to secure it. We assign roles to each user and restrict access to protected data accordingly,” says Allen.

4 Tips to Secure Your Data

Palanisamy, Fera, Walzer, and Allen all agree: End-users are the number one line of defense against data breaches. Security-assured data isn’t just for large networks and organizations like Pitt IT—data security begins on an individual level. Here are some of their top suggestions on how you can secure your data on a day-to-day basis.

1. Create Crack-Proof Passwords

It's important that everyone change their passwords frequently, the longer they are, the better, and include a mix of alpha-numeric and special characters. Pitt Passport allows you to use 14 characters when creating a password—make sure to use them all. Walzer suggests using my1login’s password strength detector to see how long it would take for a hacker to crack your passwords. Fera also suggests using Pitt Password Manager (LastPass), especially for creating longer passwords, or using an alpha-numeric passphrase like “ILove2Puppies!”.

2. Use Multi-Factor Authentication

Turn on multi-factor authentication on any online services that support it. It may be an extra button to press or code to type in, but it is also an extra layer of security that can protect sensitive data, such as bank information, from people who want to steal it. Pitt Passport integrates Duo for multi-factor authentication to access many University services.

3. Turn On Automatic Updates

Automatic updates contain important security updates that are best installed sooner rather than later. To see if you are up to date, select the Windows icon > Settings Cog icon > Update & Security. Click “Check for Updates” if necessary. To check if your updates are paused, click “Advanced Options”.

4. Trust Your Gut and Ask for Help

If you receive an email or phone call that seems sketchy or too good to be true, it probably is. Trust your gut and don’t be afraid to do research or ask for help verifying a message from someone claiming to need your information. If something does happen and your data is compromised, be sure to reach out to the 24/7 IT Help Desk for assistance right away.

“Don’t feel silly or stupid if something happens that compromises your data security. Hackers and scammers have become so sophisticated these days that even security-conscious people can fall for their schemes,” Fera says.

For more information about cybersecurity, see the Pitt IT website’s Security section.

-- By Mary Rose O’Donnell, Pitt IT Student Blogger