Mark Fitzgerald, former Chief Information Security Officer at Boise State University, presented common myths about IT security. Fitzgerald explained that even if you have received security training in the past, the field changes so rapidly that ongoing education is critical to stay current. IT security is not just the responsibility of the IT staff – everyone needs to be vigilant.
Fitzgerald emphasized that data breaches can completely derail research, and that data that seems trivial even has value to attackers. As researchers gain more publicity, they can become targets for hacking and social engineering attempts.
While good security requires some extra time, Fitzgerald argued that this is minor compared to the massive slowdowns caused by data breaches and recovery efforts. The university uses various automated systems to detect threats without impeding users.
Another myth Fitzgerald discussed is the belief that research data is public when there are often access restrictions. He stressed that data has value and should be protected accordingly. Researchers should consult with IT security staff before applying for grants to ensure the university has measures in place to properly secure sensitive data.
In summary, Fitzgerald emphasized the importance of early collaboration between researchers and IT/security staff to ensure proper security planning tailored to specific projects.