NASIG 2023 - Open the gate: Ensuring easy authentication while mitigating cybersecurity risks
MatthewRagucci
22 views
26 slides
Oct 12, 2024
Slide 1 of 26
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
About This Presentation
The pandemic has changed almost all aspects of our professional lives. Before shuttering their doors, libraries quickly mobilized to meet the anticipated demand of content usage happening from outside the building. The ability to work remotely has been a blessing in some ways, however, library users...
Slide Content
Tuesday, May 22, 2023 2:45 PM CST Open the Gate: Ensuring easy authentication while mitigating cybersecurity risks John Felts Head of Information Technology and Collections, Coastal Carolina University David W. Green Library Systems Analyst, State Library of Ohio Matthew Ragucci Associate Director of B2B Product Marketing, Wiley https://unsplash.com/photos/jp8kEXKBVzU
Many thanks to our sponsors for making the NASIG 38th Annual Conference possible!
Session Speakers David W. Green Library Systems Analyst, State Library of Ohio John Felts Head of Information Technology and Collections, Coastal Carolina University Matthew Ragucci Associate Director of B2B Product Marketing, Wiley
Introductions (Matthew) John’s section – Lib perspective and authentication overview David’s Section – Lib perspective and action Matthew’s Section – Pub perspective and SNSI information Questions Agenda
Session Abstract: The pandemic has changed almost all aspects of our professional lives. Before shuttering their doors, libraries quickly mobilized to meet the anticipated demand of content usage happening from outside the building. The ability to work remotely has been a blessing in some ways, however, library users still face challenges. Many content providers, in response to these challenges, unlocked swathes of content to prevent barriers for remote users. Upscaling remote authentication has always been a challenge. To compound matters, cybercrime risks loom large threatening campus security, specifically targeting users who are accessing resources remotely. This has uncovered skills gaps for both libraries and users, requiring libraries to examine their authentication methods. Thankfully, there are easy ways to ensure institutional security, while also reducing barriers to paywalled content for users. Hearing from both the library and publisher perspectives, you will learn more about remote authentication challenges, library cybersecurity risks, and some solutions for protecting institutions, while still providing seamless access. Learning Outcomes Attendees will understand the different means of remote authentication available for their users. Attendees will also learn the cybersecurity risks that come with unethical resource sharing. Attendees will walk away with a best practices resource for augmenting cybersecurity practices in the library. Session Abstract & Outcomes
Finding a Balance LIBRARY USERS NEED ACCESS TO RESEARCH! BUT THE SECURITY RISKS ! https://imgflip.com/memetemplate/274348045/Open-the-Gate IS THERE A WAY TO HAVE SECURITY AND ACCESS? OPENING THE GATE! CLOSING THE GATE! OPENING THE GATE… A LITTLE!
Population - Higher Education has a huge base of users, more opportunity for phishing emails Data - Higher Ed institutions hold a huge amount of data on both current and past students, faculty, and vendors. Getting in equals a gold mine. Espionage - The research conducted at Higher Ed Institutions is immensely valuable especially medical and engineering research. Easy targets - Crippling a college or university with hundreds if not thousands of users pressures the institutions into fast, expensive solutions. It’s estimated that 75% of Higher Ed cyber attacks succeed.² Known Higher Ed Cyber attacks⁴: University of California, San Francisco Medical School - paid $1.14million³ University of Colorado Medical Center⁴ University of Miami⁴ University of Michigan, Medical School⁴ University of Utah³ University of Washington, Medical School⁴ ¹ Bresnick, Peggy. ”4 Reasons Cyber Criminals Are Targeting Higher Education” Fierce Education . March 8, 2021. https://www.fierceeducation.com/best-practices/4-reasons-cyber-criminals-are-targeting-higher-education-part-1 ² ³ D’Agostino, Susan.”Ransomware Attacks Against Higher Education” Inside Higher Ed. July 22, 2022. https://www.insidehighered.com/news/2022/07/22/ransomware-attacks-against-higher-ed-increase . ⁴ U.S. Department of Health and Human Services Office for Civil rights. “Cases Currently Under Investigation” Continuous update. Accessed on February 21, 2023 Cybercrime Why hackers target colleges and universities?¹
Did you know?
Catalysts for our conversation
John Felts Library perspective Head of Information Technology and Collections
Why Library Cybersecurity Matters Remote access to services Library technical infrastructure Information assets Privacy *Don Hamparian, Senior Product Manager, OCLC *https://pixabay.com/
Libraries as Security Advocates Libraries have the Relationships to Protect: Patron privacy Institution assets and reputation Publisher assets *https://www.freepik.com/free-photo/woman-working-computer-network-graphic-overlay_17433985.htm
What can stolen credentials access? Personally Identifiable Information Email accounts Financial information Address Phone number Institutional Assets Research Budgets Licensed content *https://www.freepik.com/premium-photo/e-learning-concept-person-is-using-laptop-computer-learn_22783490.htm
Security Concerns w. IP Authentication IP Authentication is less secure than federated authentication We provide no infrastructure for personalization services Security vulnerabilities with URL rewriting One compromised user = blocked access for institution *https://pixabay.com/vectors/attack-unsecured-laptop-hacker-7647136/
Benefits of Federated Access SAML-based: highly secure, stable, open source Federated metadata, easier maintenance Support for multiple user affiliations Improve response to security incidents Authentication at the point of need
David W. Green Library perspective Library Systems Analyst
Shared Responsibility Collaboration is Key Not an IT problem Attacks not unique to IT …or to Fortune 500 companies We’re vulnerable Worst thing to do is do nothing
Engagement Connections Seek conference and workshop opportunities EDUCAUSE SNSI Upcoming Events What we’re doing OPLIN, SEO, OhioLINK Online webinars Cybersecurity Conference
Awareness Campaign for Information Security Consider patrons, faculty, yourself Connect with IT for potential collaboration What we’re doing Open Office Hours Cybersecurity Awareness Month Weekly Cyber Security Briefs CISA
Mature Security Practices Authentication Modern authentication SAML / OpenID Connect What we’re doing EZproxy OHID (State of Ohio’s SSO) Moving away from barcodes (TODO)
Mature Security Practices Passwords Password managers Complex Unique What we’re doing No more Post-It Notes! Password Manager for all staff Multi-Factor Authentication app
Mature Security Practices
Mature Security Practices Other things Security Hygiene SSL everywhere Backup (and restore!) Electronic resources PaaS/SaaS What we’re doing Let’s Encrypt haveibeenpwned “Tested” our backup… Static websites
Have a Plan Incident Response … Cyber Attack … Business Continuity … Cybersecurity … Communications …
Matthew Ragucci Associate Director, B2B Product Marketing Publisher Perspectives on Cybersecurity
Content Protection & Privacy Security is a multi-stakeholder concern Striking a balance We can have both privacy and protection Abuse monitoring systems Robust and effective Protects content and institutions Obligations to protect user and institutional data Regulation compliance https://unsplash.com/photos/7Qe9xOLMw3Q
Download
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 22
- Slides 26
- Age 416 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
46 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
46 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
37 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
34 views
21
Know for Certain
DaveSinNM
21 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
26 views