Always remember, examples from sectors outside education might be helpful and relevant, as is learning from missteps organizations take.
Avoid Common Mistakes
The most common mistake I see is when people get overwhelmed – the process becomes too cumbersome and too intimidating. So, people ignore it and hope nothing happens. Too many people say “the system is too old” and “we could never do that,” but that is never the case. Don’t let perfect be the enemy of the good.
Here is a pep talk – some emotional advice to reflect on and remember as you embark on this security journey:
o It’s all about continuous improvement (just like life)
o The goal is to constantly improve
o Start where you are and get better
o Don’t get deflated – keep the momentum going
o Break through the politics and get people on board
o Most mistakes are not technical – they are management errors
To avoid these mistakes, consider the following philosophies:
o Don’t let perfect be the enemy of the good (this warrants repeating)
o Always look at how to control scope – you don’t have to do it all yourself
o Get experts in the room – do your due diligence
o Take necessary precautions – you can’t afford not to
o Do what is needed and then take it to the next level – think like hackers
Real People
Last, don’t forget that technology is still built by, and for, people.
To the first point, if a human being created the technology, a human being can hack into it.
So, your most effective solution is to have a real person take what is known about the system and try to break it from the inside out – this clear box approach requires skill and expertise that you may or may not have on your tech team.
Second, a culture of educating staff is important. The technology is for them.
Once you explain to people through lunch and learns, retreats and other internal communications efforts – give it to people in a simple way – you will be surprised at how willing they are to follow the rules and ask questions when doing something technology related.
Finally, commit. Your institution’s senior leaders – the cabinet and board – must be on board for this to be successful, just like in other areas of your institution.
Dennis Egen is President and Founder of Engine Room, a Philadelphia-based technology and security firm that builds airtight technologies and helps clients mitigate risks by identifying vulnerabilities and addressing them before they can be exploited. Egen can be reached at [email protected].
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply