While corporate data breaches grab media headlines, colleges and universities are certainly not immune to security challenges. In fact, five of 2014’s biggest cyber security breaches occurred in higher education. Among the malfeasance: student information was exposed, Social Security numbers were stolen, and staff records were compromised.
Forget Sony, Target, and Home Depot – some of the biggest threats are right here in our classrooms, labs, and dormitories. Colleges and universities are ripe for cyber threats, thanks to the sheer number of devices on campuses and the expansiveness of access granted within and throughout educational institutions. Combine that with an educational environment filled with technology-savvy students that have the skills, access, and perhaps even the motivation to seek access to data, and suddenly network security has become a key part of every administration’s studies.
Further, the more tech-savvy students become, the greater the likelihood that they’ll adopt the skills that allow them to access proprietary data. Not all of these attempts will be malicious – in fact, it’s likely that most will be completely innocuous. But the insider threat that hounds corporations is just as real on college and university campuses.
Combatting these threats falls squarely on the shoulders of college and university IT administrators. It’s certainly a massive task, as is evidenced by the aforementioned 2014 breaches. But it’s not impossible, so long as administrators work with IT and equip them with the proper weapons.
Ensuring IT staff is well-trained one of the most important components of any school’s network security arsenal. Sam Musa, a cyber security adjunct professor at the University of Maryland, once wrote “while 10 percent of security countermeasures are technical, 90 percent of security measures rely on users and other stakeholders.”
But this doesn’t just apply to IT. Working with IT to institute an information security awareness program for all faculty and administration is critical. The program should include training on how to protect and manage personal information, authorized devices, and network access. Schools may even go so far as to institute classes for students on the ethical use of devices and campus networks. Ideally, this training should be refreshed and given once a year. It’s a great way to cut down on insider threats and raise awareness of the potential for external hacks.
(Next page: Tips for security collaboration 3-4)
The training should be complemented by access to, and use of, tools that allow IT administrators to monitor even the most vast and complex of school networks. Network monitoring solutions, which automate security and alert administrators when something is amiss, have become absolutely indispensable in providing complete visibility into network activity. Patch management solutions ensure that all software remains up to date and immune to the latest known viruses. User device tracking and monitoring helps scan for unauthorized devices that may be on the network – a useful tool on today’s ultra-connected campuses.
Perhaps most important to the security toolkit is the deployment of security and information management (SIEM) software to detect and mitigate suspicious network activity. With SIEM, administrators can log and manage events and equate them to potentially suspicious activity. This activity can be combined with detailed threat intelligence data to help identify and automatically thwart suspicious activity.
Having an automated system in place is essential in today’s environment, where network complexities and threats are growing but budgets and resources remain somewhat limited. Automation allows time and budget constrained IT administrators to focus on other essential things – such as ensuring their networks are equipped to handle the growing demand of online educational resources, such as video, digital text books, and more.
Access to and delivery of all of these materials will increase the potential for cyber threats – thus also increasing the need for a sound security posture. As important as it is, that’s not an initiative that is going to come from the office of the Dean. It’s going to fall under the purview of IT to ensure that their schools networks remain secure.
School IT professionals must work with the rest of the administration to make sure that security skills and knowledge are brought to the forefront throughout the organization, and supported by solutions that keep information safe.