Fall semesters are starting across the country, and freshmen – with their variety of networked technologies in tow – are preparing to begin their next phase of life at an institution of higher learning.
Students will take part in cyber commerce on and off campus; campus administrators will add these new identities to campus databases; faculty will keep teaching in an era where students are already social media experts, influencing friends online, and using learning management systems.
The regulations and security measures your campus’s chief information security officer and the IT department have set up may not be something those first-year students are prepared for.
Cybersecurity challenges in higher ed
The primary concern for IT leaders in higher education continues to be cybersecurity. These education leaders in cybersecurity and IT must be firm and clear about their expectations. As Helen Norris, the current CISO for Chapman University and head of the EDUCAUSE Board of Directors, recently told a Senate committee focused on education, “the cybersecurity threat landscape has grown and transformed over the years.”
Higher education faces risks from hacking, phishing, ransomware and social engineering and is an easy target for attackers. Managing private student and research data reveals the challenges that small and resource-constrained schools have in defending against ransomware. And as Norris highlighted, higher ed is “at a disadvantage in competing with employers in the tech sector when hiring information security professionals.” As it is, there’s a significant cybersecurity skills gap – to the tune of a shortage of 2.7 million skilled cybersecurity professionals, according to the latest reports from ISC(2).
Cyberattacks can easily harm the school’s reputation and make it harder to attract new students, in addition to having financial repercussions that put a strain on slim budgets. Having cybersecurity on your priority list doesn’t necessarily translate into action. While there isn’t a magic solution to stop every occurrence, knowing the common types of cyberattacks and how to avoid them can help your institution create strong security measures to protect data and resources, according to the Collegis Education publication, Higher Ed Cybersecurity Landscape: 2022. The education CISO needs to promote the cricial actions and tools to successfully offer an acceptable return on the security investment.
A complex cyber-ecosystem
As we emerge from the COVID-19 pandemic, most schools have returned at least in part to having students on the physical campus – but there’s still a demand for access to online learning models. This isn’t likely to go away. Secure remote access to the campus must be a part of the pursuit of innovations in instruction like podcasts, on-demand lectures and learning opportunities beyond the classroom. These innovations all present cybersecurity difficulties.
Remote learning is becoming more important in the new normal. Robust education cybersecurity involves campuses expanding their reach globally via the number of online learning possibilities available. New York University, Penn State, Georgia Tech, and Purdue University are just a few of the colleges and universities that offer cybersecurity degrees online. Remote learning can enable students who aren’t close enough to a campus to pursue degrees that will advance their careers and it can also create more accessibly for students who may not be physically able to attend a class in person.
Preparation and planning for the win
The CISOs, who are in charge of campus security, are attempting to define what’s normal for the coming academic year as they speak with the CIO and other campus leaders (e.g. chancellor, provost, CFO, COO, risk management, deans and directors) and offer customized Cyber Threat Briefs.
CISOs ought to issue a “Welcome Back” greeting to academics, researchers and employees. A similar greeting should go out to students as part of the schedule of events for the fall term, addressing their online needs. Cybersecurity Awareness Month is in October, so this is a great time for CISOs to set up plans for this important occasion. Update your incident response procedures right away and consider experimenting with and enhancing incident reaction time.
The cybersecurity threat landscape continues to grow in size and sophistication–right along with the expansion of the educational landscape–and it doesn’t help that higher education is a prime target for attackers. The cybersecurity skills shortage and tight security budgets add to the challenge, but wise communication and planning will save the day. Early fall is the ideal time to begin developing your budget “wish list” and communicating your wishes to the deans, directors and other influential people on campus.
- How higher ed can set students up for successful internships - September 27, 2023
- How to prioritize data protection this school year - September 26, 2023
- Creating a positive campus for the new academic year - September 25, 2023