Oftentimes, cyberattacks result from human failure, meaning training can greatly help minimize cyber risk. The training program should include topics related to social engineering, as well as how to spot phishing/smishing/spear phishing attempts, the importance of securing home networks, and common-sense approaches to passwords and physical security of devices.
2. Invest in the future and your data. The likelihood of a breach is nearly 100 percent, and it is no longer a matter of “if” but a matter of “when” a breach will occur. There are some relatively simple tactics that can prevent the next breach. For example, multi-factor authentication is one option, and while it does not prevent all breaches and is not fool proof, it will stop 99.9 percent of automated attacks.
Traditional passwords are now becoming a thing of the past and are frequently the weakest link in the security chain. In fact, 61 percent of breaches involved the unauthorized use of valid credentials. With this in mind, passwordless authentication methods are a beneficial option to better protect the institution’s data.
A Zero Trust Security model, also known as perimeterless security, can also be adopted by colleges and universities to increase their cybersecurity program. This method suggests that no device should be trusted by default, but verified with each use. While it is important to note that Zero Trust is not solely a technology solution, it also requires process and procedure investments and is a journey that will inevitably evolve over time.
Once a breach has occurred, the institution must have a well thought-out and thoroughly tested response plan. You will likely find holes within the plan during your response process, which should be fixed during a detailed post-breach evaluation. As cyberattacks become more advanced, your plan should advance in parallel with ongoing updates and revisions over time.
3. Re-prioritize and re-organize. Only about 42 percent of higher education institutions have a Chief Information Security Officer (CISO) role, a miniscule number considering that 2020 marked a record year for cyberattacks against schools. It’s critical that colleges and universities see the benefits that a leader in data and security can have within an organization.
As the number and cadence of cyberattacks increase, preventing those threats should be prioritized and made the primary responsibility of a leader within the institution. This position should also have direct access to the president and their cabinet to ensure they have full support of and transparency with the decision-makers. A CISO is the key to setting information security policy and protecting against the next attack.
The future of institutions relies on cybersecurity
Improving the institution’s cyber posture is not an insurmountable task. There are important steps that must be taken in order to better inform and rely on staff and students in protecting institutional data, including annual training, investing and building an organization that treats cybersecurity with the importance that it deserves.
While it seems like a heavy lift, it’s never been more important that higher education institutions put in the necessary work to ensure cybersecurity. And although it’s an ongoing effort, it’s worth it in the end.