Greg Flanik – Baldwin Wallace University

Run, grow and transform. It’s the mantra for Baldwin Wallace University’s Chief Information Officer Greg Flanik.

It must be, because the university’s typical client is 18 to 22 years old and expects a practical, world-class education aided by cutting-edge tech. So every three years, Flanik is given the reins to reassess and plan for IT needs at the small school with a rural feel in the Cleveland suburbs not far from Akron.

Greg Flanik | Chief Information Officer | Baldwin Wallace University

“Based on the way financials are done, and the way our leaders are fiscally responsible, gives me the ability to leverage and innovate,” Flanik says. “They know we need to be strategic in IT to keep it running, to grow capabilities.”

Having started as an analyst, rising to CIO and now with a seat in the president’s cabinet, Flanik credits the administration with a long-term vision to invest in strategic IT initiatives that drive student success.

That’s created an aggressive work plan for Flanik in 2020 that includes fitting out the brand-new, $25 million Knowlton Center, housing STEM programs and dedicated to education in computer science, robotics, engineering, physics and mathematics, opening next year.

Gasps

Founded in 1845, Baldwin Wallace University is a private, independent liberal arts and sciences university. Flanik ensures the data is flowing for nearly 3,000 undergraduate and 600 graduate students. While that includes practical changes like a revised campus portal slated to be ready in 2020, it also means managing cybersecurity.

“Unless they got hit recently, colleges and universities tend to be a little bit like Mayberry: ‘Nothing ever really happens to us here. It’s a nice safe place.’ But we’re in a position to really change that mindset,” Flanik says.

That might be because of his “15 minutes of fame” within the annual Fall Conference address to the campus this past fall when he told the community about a sophisticated spear phishing attack that had just targeted institutions across Ohio.

An individual had sent a phishing message that some users clicked, giving away their usernames and passwords. The phishers waited, then logged in later to change rules in Outlook redirecting all emails from the Payroll Office. The scammer then planned to send emails from the Payroll Office directing vendors to change their direct deposit information.

“I told this story to faculty and staff and the gasps and attention it received were phenomenal,” Flanik recalls. “Soon after, we were able to implement multifactor authorization around campus.”

Two pillars

But that was just the beginning of the fight for an institution with huge responsibility in the areas of intellectual property and student privacy.

Flanik’s mandatory security education program is based on two pillars: “The first is: Protect yourself,” he says. “This is not about the institution. This is your personal credit card and bank accounts, your line of credit, all the accounts you should be managing even if you don’t want to have a digital identity.”

“The second pillar is: Why wouldn’t you want to protect BW the same way? You protect your home, your spouse, your children. Now we’re entrusting you to do the same in your area. So if you’re in custodial services and you’re changing out the recycle bin and you see Social Security numbers, you know you have a responsibility.”

It turns out there was a third pillar of that campaign, as well: The IT team started phishing the campus, using a platform called KnowB4.

Starting to click

IT started sending users biweekly email with questionable links, using KnowB4 reporting data that allowed them to start compiling lists. “The clickers and the non-clickers,” he says.

Clickers get a pop-up screen that notifies he or she committed a security error. “But did it get your attention?” Flanik wants to know. “Did you read the follow-up as to what you did wrong?”

Clickers go on to get suspect emails more frequently, along with more training. Non-clickers get more complex emails with a higher degree of difficulty, “not to try and get them to click,” Flanik says. “It’s more, ‘You’re smart. Let’s try to educate you more.’”

“You keep clicking,” Flanik says, “and we’re keeping score.” It’s an adaptive learning technique that’s sophisticated and relatively low-cost when compared to a data breach and resulting lawsuit.

“I told our president: as long as you have people in the clicker group, you’re one click away from needing a disaster and business continuity plan,” Flanik says.

Etched in stone

But the real bedrock achievement for Flanik and his team is the Knowlton Center, which includes 3D printing technology, a cybersecurity program and data visualization. For students of medicine, speech pathology and nursing there’s the mobile Microsoft HoloLens augmented reality anatomy laboratory.

Inside the Knowlton Center’s intentional design, departments share hallways and lab space and students have their own center for data visualization. That means, when a student walks down the hall, the math professor is across from the physics professor and next to the engineering professor.

“I applaud the four departments for collaborating,” he says. “They made the decision not to have a math wing, an engineering wing. They said, ‘They’re gonna mix themselves up and commingle.’”

The technology will allow students unparalleled speed and access to information anywhere in the world in real time.

To defend from hype, Flanik has designed the tech backbone with enough flexibility to go back to segregated classrooms and to wired data in addition to wireless transmission, to drive high bandwidth applications.

But at Baldwin Wallace, it seems neither the time nor place to go back.

“It’s great this building is coming at the right time,” Flanik says, “for this university, for this job market, and as Cleveland continues to evolve from a manufacturing mindset to a technology, financial and health care services mindset.”