Across the country, colleges and universities are on high alert to protect against cyber attacks. From WannaCry to Petya, the recent proliferation of ransomware, malware, and distributed denial of service attacks are cause for concern, thanks to institutions’ open environments and rich stores of personally identifiable information. According to Gemalto, education-data breaches doubled in the first half of 2017.
College IT teams strive to protect their campuses, but IT pros are only part of the equation. For adequate protection, students must also play an active role in cyber safety. CDW-G’s recent survey of 250 higher education IT professionals and 300 students took a closer look at the cybersecurity efforts and concerns of both groups.
Prevention is best
The best way to protect against the potentially disastrous effects of cyber attacks is to prevent them. Yet, no matter how much work IT pros put into developing strong training programs and guidelines, if their efforts are not embraced by–or effectively communicated to–users, the value of their efforts diminishes. Eighty-two percent of IT pros surveyed by CDW-G say that they require students to take IT cybersecurity training at least once per year; however, only 35 percent of students say the same. Additionally, while 81 percent of students say their institutions’ ability to protect university and student data is very important, 74 percent of students are concerned with their institutions’ ability to do so.
(Next page: More ways IT can improve cybersecurity)
Compliance and communication
When IT pros set compliance standards for students, such as password recommendations or websites to avoid, students do not always heed their advice. Seventy-six percent of students surveyed admitted to engaging in risky behavior when connected to their university’s network. This includes using publicly available wi-fi, which 57 percent of students said they do, and visiting websites with risky or questionable security standards, which 21 percent of students admitted doing. Much like proper training strategies, compliance guidelines are of little use to a college’s security plan if they are not followed properly.
Improving compliance begins with improving communication. Of the 60 percent of institutions that experienced a data breach within the last 12 months, 91 percent of IT pros say they have communicated this news to the student body. Comparatively, just 26 percent of students were aware of any cybersecurity breaches that occurred at their college during the past year. IT pros recognize this discrepancy, citing educating users on security policies and procedures as their top cybersecurity challenge.
Closing these communication gaps takes creative thinking on the part of IT teams. Colleges can reach out to students in non-traditional ways, such as on social media or with simulated ransomware tests. What’s more, cyber training that starts before college could have a net positive effect not just on security at universities, but on organizations of all sizes. “A simple email is no longer enough,” says Jordan Cohen, a CDW-G intern and current senior at Rutgers University. “Getting students involved means meeting them where they already are: on Facebook, in an on-campus class, or starting the conversation in middle or high school.”
IT teams should also ensure fail-safes are in place. Network segmentation, endpoint protection, remote access control, advanced threat protection, regular effectiveness testing, and two-factor authentication can help secure a university’s network. Less than half of IT professionals surveyed say their institutions employ these security measures campus-wide.
Finally, there is an opportunity for students to play a greater role in their own cyber safety. Since 81 percent of students said their institution’s ability to protect student data is very important, they should engage more with their IT teams, be mindful of unsafe networks or websites, and maintain strong, frequently updated passwords.
Compliance and communication are key to creating a secure network. Students and IT teams must work together to prevent hacks and data loss.
- How we built campus affinity and student engagement during COVID - June 22, 2021
- 5 key actions to address inequities in higher education - June 21, 2021
- How higher ed is becoming more resilient - June 18, 2021