As universities strive to return to a sense of normalcy amid COVID-19, IT teams have been hard at work preparing infrastructure to accommodate both on-campus and virtual learning for the upcoming August semester.
Hopefully, power management is a part of these preparedness plans, as both on-premise and remote learning require adequate power management to keep infrastructure up and running and avoid outages that could impact learning.
And while it may not be the first thing university IT departments think of in relation to power management, cybersecurity is becoming a critical consideration for power protection strategies as devices become more interconnected and new threats emerge.
When cybersecurity safeguards go unchecked, universities can face financial and reputation-related damages. According to the Ponemon Institute’s Cost of Data Breach Report, the cost of a breach in education in 2020 was above the global average at $3.9 million.
This underscores the pressing need for increased cybersecurity safeguards – especially as cyberattacks become more sophisticated – and makes it imperative for university IT departments to evaluate their cybersecurity and business continuity strategies to ensure private faculty, student and university information is protected.
In this article, we’ll discuss the importance of incorporating cybersecurity safeguards into power management strategies, as well as outline how university IT departments can safeguard equipment as students arrive back on campus.
New Demands, Greater Responsibility
Digital innovation is driving fundamental changes in education, and new technology adoption is necessary to operate in this hybrid learning environment.
On any given day students and teachers may be using new technologies in areas such as virtual or augmented reality, digital whiteboards, and the use of web-based modules to accommodate distanced learning, lab research projects, personalized learning or artificial intelligence.
Technology is revolutionizing the way students learn and these digital learning solutions have become consistently present in students’ lives.
The demand for technology integration into curriculum is putting tremendous expectations on IT to support these technologies, including powering the infrastructure that enables them.
While the idea of managing power in campus environments seems like a no-brainer, power management is essential to protecting campus data centers and network closets from unforeseen outages.
Uninterruptible power supplies (UPSs) and disaster avoidance software can help IT departments remotely monitor and manage their networks and support infrastructure, bridging the gap to generator power in the event of an outage and helping gracefully shut down critical infrastructure to avoid lasting damage.
Increasingly, power management devices themselves are becoming interconnected to enable integration with software, services and other IT infrastructure.
As more connection points are introduced, hackers have more opportunities to exploit potential vulnerabilities and execute attacks, from ransomware to malware to DDoS attacks.
IT departments are likely aware of this. Eaton’s recent Sleep and Stress survey highlighted that respondents working in education revealed their most common IT “nightmares” are usually about protecting against cyberattacks. And they have reason to be worried.
In June 2020, Michigan State University, the University of California, San Francisco and Columbia College Chicago were targeted, with hackers requesting ransom under the threat of selling information to the dark web.
For these reasons and others, IT staffs should consider cybersecurity as a factor when making purchasing decisions regarding power management equipment.
Cybersecurity Safeguards for Power Management
Building a strong, secure foundation in power management is essential to achieving operational success in the coming year. IT teams should consider this checklist as a first step to incorporating cybersecurity in their power management strategies:
- Seek out the latest certifications: If universities are planning to or have already implemented network-connected devices, it is important to make sure power management systems have the appropriate cybersecurity safeguards to match. This most commonly includes cybersecurity certifications from global standards organizations like Underwriters Laboratories (UL) and the International Electrotechnical Commission (IEC). For example, there are UPS network management cards available with UL 2900-1 and ISA/IEC 62443 certifications that have built-in cybersecurity capabilities and features. This provides IT teams with strong encryption, certificate authority (CA) and public key infrastructure (PKI) signed certificates, along with configurable password policies.
- Remember the software layer: A sound cybersecurity strategy involves not only properly securing devices, but deploying a software layerto manage those devices. Prior to making any firmware updates, IT staff can secure their power equipment by deploying power management software and working with their technology provider to ensure everything is up-to-date. Power management software also offers the added capability of providing a graceful shutdown in the event of a prolonged power outage, helping save work in progress and prevent data loss.
- Take your security solutions to the next level: In addition to protecting against ransomware attacks, organizations may also wish to deploy an “air gapped computer” which is a security measure designed to ensure a computer network is physically isolated from unsecured networks. For universities, this could include internet and local area networks, with the goal of keeping hackers’ hands off sensitive information so IT teams can focus on improving their capabilities for future students.
- Don’t forget physical security: While many of these considerations focus on digital security, physical security continues to remain key in rounding out university’s defense strategy. This could be as simple as putting smart security locks on IT racks so that only authorized personnel have access to these components.
Protect Against Downtime with Business Continuity Planning
In addition to taking these steps to avoid becoming a victim of ransomware and other cyberattacks, universities should have a comprehensive resiliency plan in place. First, and most important, is to make sure files are regularly backed up. While this may seem fairly simple, it can be of immense cost-saving value in the event of an outage as it allows victims to recover data at no cost.
The Michigan State University, University of California, San Francisco and Columbia College Chicago hacks previously mentioned are a sobering reminder that cyberattacks can include a ransom demand and threat to publicly release information if payment is not made.
Universities must always encrypt their data to avoid giving hackers this opportunity. Likewise, retaining a copy of data in a separate location is essential in preparing for the unexpected.
Toward A More Secure Future
As students return to campus, university IT teams can stay ahead by having a holistic strategy in place to protect against potential cybersecurity threats. The rapid digitalization of campuses underscores not only the vital role power management plays in maintaining operations, but digitalization also brings about additional risks that highly encourage the implementation of cybersecurity safeguards.
From certifications to software and beyond, IT teams have multiple resources at their disposal to bolster the security of their power management systems.
However, it is always important to remember that cybersecurity is not just a one-and-done project. It is a continuous effort by dedicated IT professionals to keep a watchful eye on the network and evolve their strategies for A-plus, end-to-end protection.