Bilhiemer says colleges can build a solid defense against network hackers by following three risk principles:
Standardization: This step encourages colleges to condense their systems and models of what an AV space looks like, and how to go about protecting it.
“Everyone says “my needs are unique,” and I’m sure that’s true, it’s definitely a challenge,” says Bilhiemer. “You have to maintain functionality. But from a network model, systems aren’t that different. They maybe have different vendors, but with how they interact, there is not a lot of variance.”
Automation: This step encourages colleges to automate their processes, meaning that the system processes will work with same way across the board. This also means users will have an easier time working with the system.
“There are always going to be some manual elements,” Bilhiemer says. “But, the more manual elements you have, the more you’re going to have human errors, and are going to compromise more.”
Redundancy: This step encourages colleges to realize that redundancy doesn’t always mean compromising data; it can also mean inaccessibility to data.
Bilhiemer says that losing the ability to access data can be just as painful as losing data.
“Especially with time sensitive data, a breach can destroy five years of work by losing access for one day,” he says. “It doesn’t matter if that data is confidential and pristine if you can’t access it.”
Bilhiemer says that once a college has these risk principles under control, they should:
• Incorporate security into system requirements, and accept the likelihood of a breach.
• Develop internal data protection models and processes.
• Anticipate and plan for future breaches.
• Transfer risk when possible, such as through cybersecurity insurance.
“I promise you, you’ve been infected,” Bilhiemer says. “Instead of trying to prevent an issue, the best way is to mitigate and lessen the impact. In order to do that, you need team members who [might] be outside your boundaries, and you’ll do this forever.”