3 Reasons Why Hackers Target Higher Education
- Colleges and universities collect significant amounts of data, including confidential data, personally identifiable information (PII), and cutting-edge research.
- Security protocols and protections are often lax, unsophisticated, or nonexistent.
- Many institutions have cybersecurity insurance, which can result in a big payoff for ransomware gangs.
10 Tips for Strengthening Cybersecurity When Resources are Scarce
Hardly a day goes by that we do not hear about the data breaches, financial losses, and disrupted academic activities caused by cyberattacks — like the recent MOVEit attack, which experts believe signal growing cybersecurity threats for higher education.
The increasing scale and sophistication of these threats have made cybersecurity a centerpiece of every institution’s risk management strategy. But for many leaders, financial constraints and staffing challenges impede their ability to effectively address these ever-evolving threats.
As a result, more leaders are looking to strategic partnerships to fill critical talent gaps and navigate budgetary shortfalls. In this article, we’ll share ten tips you can act on today to strengthen your institution’s security posture when resources are scarce.
Tip 1: Assess and Prioritize Risk
Work with an independent cybersecurity firm to conduct an objective risk assessment that pinpoints your institution’s specific vulnerabilities and potential threats. Prioritize remediation efforts based on their potential impact and likelihood of occurrence.
Tip 2: Support Cybersecurity Initiatives
Allocate sufficient resources to support cybersecurity initiatives. This includes budgetary provisions to provide technology, training, staff, and ongoing maintenance of security measures.
Try this: Interim Leadership and Staff Augmentation can help fill key talent gaps and shore up critical knowledge and skills to ensure cybersecurity initiatives are fully supported.
Tip 3: Stay Informed
Remain abreast of relevant laws, regulations, and industry standards pertaining to data protection and cybersecurity. Ensure your institution complies with these requirements to avoid legal and financial consequences.
Try this: An interim Chief Information Security Officer (CISO) can help your institution meet regulatory requirements while reducing and better managing risks by implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
Tip 4: Plan for the Worst
Develop a robust incident response and recovery plan to include a formal disaster recovery plan that outlines the steps to be taken in case of a cybersecurity breach. This plan should include communication strategies, coordination with law enforcement (if necessary), and a roadmap for recovery.
Try This: Business Continuity and Disaster Recovery Planning can help ensure your team is ready to act if the worst happens.
Tip 5: Collaborate with Peers
Build strategic partnerships with other educational institutions to strengthen your institution’s overall security posture and share threat intelligence and best practices.
Try This: Participate in a Shared Services collaboration to pool resources and gain access to hard-to-find, expensive talent, like cybersecurity experts.
Tip 6: Educate the Campus Community
Invest in regular cybersecurity training for all staff, students, and stakeholders. Promote awareness of common cyber threats, social engineering, phishing, and safe online practices.
Try This: Interim cybersecurity leaders can provide valuable mentorship to teach your team how to operate a highly effective, secure IT organization.
Tip 7: Protect Data and Privacy
Implement data encryption, access controls, and regular backups to protect sensitive data, including student records, financial information, and research data.
Try This: Independent cybersecurity experts who are well-versed in the NIST Cybersecurity Framework can implement safeguards and best practices to ensure sensitive data is protected.
Tip 8: Always Be Improving
Cybersecurity vigilance is an ongoing, ever-evolving process. Regularly review and update your cybersecurity program to adapt to new threats, technologies, and organizational changes.
Try This: Conduct regular Risk Assessments to ensure your cybersecurity program is keeping pace with evolving threats.
Tip 9: Lead by Example
Prioritize cybersecurity and support the implementation of security measures. Encourage a collaborative and proactive approach to cybersecurity within your campus community.
Try This: An experienced Chief Information Security Officer (CISO) can help you build and lead a culture of cybersecurity awareness.
Tip 10: Communicate
Ensure transparent and open communication about cybersecurity initiatives, updates, and incidents with relevant stakeholders, including students, faculty, staff, and board members.
Try This: A strong cybersecurity leader can help create and model a culture of transparency and accountability at your institution.
Here’s to a Safer, More Secure Future
CampusWorks has been collaborating with colleges and universities since 1999 to develop and implement insightful strategies that improve institutional effectiveness and enhance the student experience. In our experience, the institutions that have been most successful in protecting their data and systems have taken a comprehensive, educated, and strategic long-term approach to defending the organization.
Want to enhance your cybersecurity efforts? Not sure where to start? Conducting a Risk Assessment can be an informative first step.
CEO Checklist: Basic Cybersecurity Protocols
Would your institution’s cybersecurity protocols earn a passing grade? At a minimum, they should include:
- Adoption of a formal security protection methodology, such as NIST 800-171
- Adequate firewall and or intrusion detection protection
- Antivirus software
- Security awareness training
- Restricted access to data
- Multi-factor authentication
- Password change policies (at least every 90 days)
- Password length policies (at least 12 characters)
- Account lockout policies (after 3 to 5 attempts)
- Updated operating systems and systems patching
About Dr. E. Wayne Rose
Dr. E. Wayne Rose is a CIO, CISO security professional, IT strategist, and transformational culture and change executive with extensive experience in higher education and government. He is a graduate of National Defense University’s CISO program and has worked for the Department of Defense. He has served as a university VP for IT & CIO/CISO and as an interim college CIO and CISO at various community colleges. Dr. Rose has developed and taught advanced information security courses, presented on the topic of information security, and published articles, including “Are Higher Education Information Systems Inherently Insecure?”