While corporate data breaches grab media headlines, colleges and universities are certainly not immune to security challenges. In fact, five of 2014’s biggest cyber security breaches occurred in higher education. Among the malfeasance: student information was exposed, Social Security numbers were stolen, and staff records were compromised.
Forget Sony, Target, and Home Depot – some of the biggest threats are right here in our classrooms, labs, and dormitories. Colleges and universities are ripe for cyber threats, thanks to the sheer number of devices on campuses and the expansiveness of access granted within and throughout educational institutions. Combine that with an educational environment filled with technology-savvy students that have the skills, access, and perhaps even the motivation to seek access to data, and suddenly network security has become a key part of every administration’s studies.
Further, the more tech-savvy students become, the greater the likelihood that they’ll adopt the skills that allow them to access proprietary data. Not all of these attempts will be malicious – in fact, it’s likely that most will be completely innocuous. But the insider threat that hounds corporations is just as real on college and university campuses.
Combatting these threats falls squarely on the shoulders of college and university IT administrators. It’s certainly a massive task, as is evidenced by the aforementioned 2014 breaches. But it’s not impossible, so long as administrators work with IT and equip them with the proper weapons.
Ensuring IT staff is well-trained one of the most important components of any school’s network security arsenal. Sam Musa, a cyber security adjunct professor at the University of Maryland, once wrote “while 10 percent of security countermeasures are technical, 90 percent of security measures rely on users and other stakeholders.”
But this doesn’t just apply to IT. Working with IT to institute an information security awareness program for all faculty and administration is critical. The program should include training on how to protect and manage personal information, authorized devices, and network access. Schools may even go so far as to institute classes for students on the ethical use of devices and campus networks. Ideally, this training should be refreshed and given once a year. It’s a great way to cut down on insider threats and raise awareness of the potential for external hacks.