By Jake Tiger
College students likely know virtual private networks as the services that protect them from digital pickpockets while they bootleg their favorite content from the shadiest corners of the internet.
On the other hand, Rider and many other institutions use VPNs to create secure pathways within their network, and protect valuable data from falling into the wrong hands.
Rider Chief Information Officer Moe Rahman described VPNs as secure information tunnels that run between the university and its off-campus employees.
“There is a saying in the computer science world which is, ‘Security is by design.’ You can’t expect to secure things after the fact,” said Rahman. “When you hear me talking about security, I’m always talking about wrapping it up with policies, wrapping it up with supporting processes. Security is as good as our weakest links [which] are the humans. If you give away your password, there is nothing I can do that will stop a bad actor.”
To improve its cybersecurity, the university has begun requiring multi-factor authentication for FortiClient, the university’s new VPN, according to an email sent out on Oct. 11 by Technical Director Tim Burger.
According to Mike Reca, vice president for facilities and university operations, the security change is part of the ongoing process of modernizing Rider’s cybersecurity, as more of the university operates digitally and/or remotely.
“We have people on the outside we have to answer to with policies and procedures and things like that. We’re updating all of those as fast as we can,” said Reca. “It happens every year. … Insurance companies require certain things.”
Rahman said the university upgraded to FortiClient over the summer, stating that the service was “next generation” and more capable of handling Rider’s growing cybersecurity needs. Rider’s previous service, Cisco AnyConnect, was outdated both in terms of security and compatibility with newer hardware, according to Rahman.
“We need to upgrade ourselves … step by step,” said Rahman. “We purchased new devices, and our firewalls and VPN are next generation, so these are very smart. They can do a lot of things that our previous equipment couldn’t do.”
Rahman also said that VPNs are primarily utilized by the university’s increasing number of remote staff members who must access Rider’s resources from afar and communicate outside of its private networks.
Reca said that most of the university does not regularly need a VPN, seeing as “safeguards and protections” are built into Rider’s networks.
Multi-factor authentication gives each VPN user a second layer of security, so even if a password is misplaced and obtained by a “bad actor,” there is another measure preventing them from accessing the account, according to Rahman.
By design, multi-factor authentication makes it slightly more difficult for people to access their accounts, and Rahman said that he had received some complaints about the new process; however, the added security is a necessity.
“It’s not like we’re doing it because we’re having fun with it. We’re legally required to do it,” said Rahman. “You have to have a mechanism more than the password to validate who the people are. … That’s what the insurance companies are requiring us to do. That’s what the federal government is requiring us to do.”
Beside VPNs, the university has other digital protections as well, but Rahman could not discuss them for security reasons.
Rahman said the university can expect an email from the Office of Information Technology in the near future, communicating the office’s future plans and intentions behind its decisions.
“We figured that communication is key. People need to know a little bit more,” Rahman said.