Cybersecurity specialists joke that they can secure absolutely any device – by burying it in concrete. That’s wishful thinking for colleges and universities, which cyber attackers often view as easy targets. Higher education networks are plagued by unique security challenges, such as homegrown hackers, network visitors, countless personal devices and decentralized control centers comprised of potentially incompatible products and applications from various vendors.
These factors – combined with the open, collaborative nature of most campuses – lead to security headaches. And, once there is a breach in a university’s network, the entire campus is vulnerable. Everyone must get smart on cyber protection. University IT staff, as well as administration, faculty and students share this responsibility.
The University’s Role
Universities often request students and faculty to provide highly-sensitive details, and in the same breath they promise they will protect that data. Institutions recognize that safeguarding this type of information is imperative for several reasons, including:
Financial Security – University administrative departments must store numerous financial records such as W-2 forms and credit card transaction records. Financial gain is a primary goal for most hackers, which makes this especially sensitive information. With the rapid exchange of financial transactions facilitated online, compromised personnel files can be nearly impossible to track and regain once lost. Universities must have strict security measures in place from the beginning to mitigate the risk of these breaches.
Ethics and Integrity – Cheating and grade modification scandals cause damage to a university’s reputation. To protect an institution’s integrity, IT specialists must keep servers secure from student hackers.
Regulation Policies – Many colleges are home to major research facilities, and many of the studies conducted there are government-funded, and therefore subject to myriad regulatory requirements. Many of these facilities include university hospitals, requiring administrators to follow Health Insurance Portability and Accountability Act guidelines that protect patients and students’ health information.
Faculty and Students’ Responsibility
The student and staff sections of a campus network are usually the most hostile. These groups regularly introduce new devices into the network, share campus-only access with visitors and use the same simple passwords (such as “1234”) across multiple accounts, increasing network vulnerability. Faculty and students must share responsibility for the safety and security of campus networks:
Smart Practices – Universities must educate faculty and students on how to identify and steer clear of corrupted links – such as phishing scams – and create passwords that are difficult to decode.
Personal Devices Care – With the average student bringing seven different devices to campus, colleges have countless unmanaged personal devices to secure. Staff members and students can reduce cyberattack risks by being mindful when signing into public Wi-Fi and avoiding suspicious links.
Ace Security Today
In addition to empowering their faculty and students with cybersecurity resources, higher education institutions can take a few key steps to further bolster their defense against hackers:
Establish Flexible and Adaptive Security Architectures – Keep costs low and establish a centralized network control center. IT teams should work together with administrators to evaluate which devices do not meet network requirements, map a plan to replace these tools over time and create a timeline to purchase new products that are compatible with other campus devices.
Manage Risk and Mitigate Impact – Breaches will happen; it is inevitable. Institutions should concentrate on minimizing the potential harm of cyberattacks before they occur. Instead of the “build higher walls” mentality, focus on developing security controls on the other side of the network wall to reduce the access hackers have to servers once they infiltrate the network. IT teams should establish back-end protection and develop processes that will shorten the amount of time it takes to identify and report an attack.
Provide Services Securely to Unmanaged Devices – Inform faculty and students about safety guidelines for proper network use on personal devices. IT service departments may also require new students and staff to complete online cybersecurity training, or offer free security/ad-blocking software for personal devices.
The threat landscape is evolving and getting more complex every day. Higher education institutions can’t bury their heads in the sand – or their devices in concrete. The proliferation of mobile devices and the wide range of users accessing resources via campus networks require IT teams to get creative about how they educate users and mitigate risk.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply