When it comes to cybersecurity, the higher education sector has a number of key risk factors over and above those that affect most other industries. These range from the obvious (the involvement of young people with less experience in maintaining their digital security) through to the more abstract (such as external threats brought about by frequent file sharing using physical storage media such as USBs). Additionally, the higher education sector still needs to deal with the disjunct between c-suite and IT that’s inherent in many industries these days.
With students having relatively free access to the network in a number of different settings, it’s vital that you have policies and procedures in place to mitigate the risks inherent in a typical higher education set-up. There are also an increasing number of attacks targeted directly at higher education campus networks, with hackers taking advantage of the flaws typically inherent in the IT systems of large education establishments.
For instance, PCs are by default set to trust USB devices that are physically plugged in to them to the point of running and even installing software from them. Great when you’re using a USB drive as a rescue disk following a failure, but a lot less great when you start to think about the journeys a typical student’s keyring USB drive will make in a typical academic year.
In addition to the library systems, many university departments have their own dedicated computer labs shared by staff and students. In addition to the risks of bad USBs and similar malware, these machines are usually in public areas ripe for shoulder-surfing passwords,
Luckily, there are a number of do’s and don’ts that can help you avoid the worst of these risks if implemented carefully. Many apply to all sectors, not just higher education.
- Do make sure your C-suite and IT department are working on the same page. To achieve this, you’ll need regular meetings and effective communication. Using tools like Convene to maintain up-to-date and secure communications channels for all of your team members can go a long way towards keeping your organization secure.
- Make sure there’s a plan in place to offer basic security training and tools to the large influx of people that join the network each year. This isn’t just students – many higher education institutions also attract researchers and visiting staff from all over.
- Make sure there’s a practical plan in place for protecting shared computer hardware from infiltration. University computer labs are notorious hotbeds of computer viruses, with everyone sharing USB sticks between machines, not thinking about how most computers inherently trust USB sticks that you plug in.
- Enforce better sign-in procedures, preferably a combination of regular password expiry, offering MFA/2FA, encouraging complex passwords.
- Promote good practice with antivirus software and firewalls, including promoting their use amongst students and staff. Universities and other higher education institutions commonly see people bringing their own devices in and using them, so it’s vital that these devices are kept secure.
- Be aware that higher education campuses are often targets for new types of attacks. The number of targets (students and staff) make them particularly attractive to hackers, so they can easily attract a high volume of attempts.
- Don’t forget, large educational institutions are just as much a target for bad actors as are any other large grouping of people. In fact, there’s always a slight risk that the backgrounds of your students and faculty could put them more at risk, providing potential access to intellectual property still in development, or personal data about senior state officials via their children.
- Don’t get complacent about security. A higher education institute includes a huge number of people who have access to the network in some respect, from permanent and visiting staff through to students and researchers from all over the globe.
- Don’t forget that the same risks that affect corporate enterprise may well target learning establishments. In fact, in some cases education organizations are more at risk than a typical commerce company.
Ultimately, the key cornerstones of cybersecurity that higher education institutes need to know are the same ones faced by commercial enterprise. In fact, it’s easy to forget that today’s large learning establishments are indeed commercial enterprises, heavily focussed on turning a profit from teaching and research.
What are those cybersecurity cornerstones? Communication, staying up to date on the digital threat landscape, and training staff and students effectively to enable them to defend against cyberattacks. As long as you take the time and effort to fulfil these requirements to the best of your ability, the rest will follow.