Strengthening Cybersecurity

10 tips for when resources are scarce

Higher Ed Cybersecurity
IT Leadership

3 Reasons Why Hackers Target Higher Education

  1. Colleges and universities collect significant amounts of data, including confidential data, personally identifiable information (PII), and cutting-edge research.
  2. Security protocols and protections are often lax, unsophisticated, or nonexistent.
  3. Many institutions have cybersecurity insurance, which can result in a big payoff for ransomware gangs.

10 Tips for Strengthening Cybersecurity When Resources are Scarce

Hardly a day goes by that we do not hear about the data breaches, financial losses, and disrupted academic activities caused by cyberattacks — like the recent MOVEit attack, which experts believe signal growing cybersecurity threats for higher education.

The increasing scale and sophistication of these threats have made cybersecurity a centerpiece of every institution’s risk management strategy. But for many leaders, financial constraints and staffing challenges impede their ability to effectively address these ever-evolving threats.

As a result, more leaders are looking to strategic partnerships to fill critical talent gaps and navigate budgetary shortfalls. In this article, we’ll share ten tips you can act on today to strengthen your institution’s security posture when resources are scarce.

Tip 1: Assess and Prioritize Risk

Work with an independent cybersecurity firm to conduct an objective risk assessment that pinpoints your institution’s specific vulnerabilities and potential threats. Prioritize remediation efforts based on their potential impact and likelihood of occurrence.

Try this: An independent Risk Assessment can provide a fresh set of eyes on age-old challenges and Staff Augmentation can supply the expertise to address your most pressing challenges.

Tip 2: Support Cybersecurity Initiatives

Allocate sufficient resources to support cybersecurity initiatives. This includes budgetary provisions to provide technology, training, staff, and ongoing maintenance of security measures.

Try this: Interim Leadership and Staff Augmentation can help fill key talent gaps and shore up critical knowledge and skills to ensure cybersecurity initiatives are fully supported.

Tip 3: Stay Informed

Remain abreast of relevant laws, regulations, and industry standards pertaining to data protection and cybersecurity. Ensure your institution complies with these requirements to avoid legal and financial consequences.

Try this: An interim Chief Information Security Officer (CISO) can help your institution meet regulatory requirements while reducing and better managing risks by implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Tip 4: Plan for the Worst

Develop a robust incident response and recovery plan to include a formal disaster recovery plan that outlines the steps to be taken in case of a cybersecurity breach. This plan should include communication strategies, coordination with law enforcement (if necessary), and a roadmap for recovery.

Try This: Business Continuity and Disaster Recovery Planning can help ensure your team is ready to act if the worst happens.

Tip 5: Collaborate with Peers

Build strategic partnerships with other educational institutions to strengthen your institution’s overall security posture and share threat intelligence and best practices.

Try This: Participate in a Shared Services collaboration to pool resources and gain access to hard-to-find, expensive talent, like cybersecurity experts.

Tip 6: Educate the Campus Community

Invest in regular cybersecurity training for all staff, students, and stakeholders. Promote awareness of common cyber threats, social engineering, phishing, and safe online practices.

Try This: Interim cybersecurity leaders can provide valuable mentorship to teach your team how to operate a highly effective, secure IT organization.

Tip 7: Protect Data and Privacy

Implement data encryption, access controls, and regular backups to protect sensitive data, including student records, financial information, and research data.

Try This: Independent cybersecurity experts who are well-versed in the NIST Cybersecurity Framework can implement safeguards and best practices to ensure sensitive data is protected.

Tip 8: Always Be Improving

Cybersecurity vigilance is an ongoing, ever-evolving process. Regularly review and update your cybersecurity program to adapt to new threats, technologies, and organizational changes.

Try This: Conduct regular Risk Assessments to ensure your cybersecurity program is keeping pace with evolving threats.

Tip 9: Lead by Example

Prioritize cybersecurity and support the implementation of security measures. Encourage a collaborative and proactive approach to cybersecurity within your campus community.

Try This: An experienced Chief Information Security Officer (CISO) can help you build and lead a culture of cybersecurity awareness.

Tip 10: Communicate

Ensure transparent and open communication about cybersecurity initiatives, updates, and incidents with relevant stakeholders, including students, faculty, staff, and board members.

Try This: A strong cybersecurity leader can help create and model a culture of transparency and accountability at your institution.

Here’s to a Safer, More Secure Future

CampusWorks has been collaborating with colleges and universities since 1999 to develop and implement insightful strategies that improve institutional effectiveness and enhance the student experience. In our experience, the institutions that have been most successful in protecting their data and systems have taken a comprehensive, educated, and strategic long-term approach to defending the organization.

Want to enhance your cybersecurity efforts? Not sure where to start? Conducting a Risk Assessment can be an informative first step.

CEO Checklist: Basic Cybersecurity Protocols

Would your institution’s cybersecurity protocols earn a passing grade? At a minimum, they should include:

  • Adoption of a formal security protection methodology, such as NIST 800-171
  • Adequate firewall and or intrusion detection protection
  • Antivirus software
  • Security awareness training
  • Restricted access to data
  • Multi-factor authentication
  • Password change policies (at least every 90 days)
  • Password length policies (at least 12 characters)
  • Account lockout policies (after 3 to 5 attempts)
  • Updated operating systems and systems patching

    Get Future Issues

    About Dr. E. Wayne Rose

    Dr. E. Wayne Rose is a CIO, CISO security professional, IT strategist, and transformational culture and change executive with extensive experience in higher education and government. He is a graduate of National Defense University’s CISO program and has worked for the Department of Defense. He has served as a university VP for IT & CIO/CISO and as an interim college CIO and CISO at various community colleges. Dr. Rose has developed and taught advanced information security courses, presented on the topic of information security, and published articles, including “Are Higher Education Information Systems Inherently Insecure?”