From basic campus safety including violence in the form of discrimination or sexual assaults to the ever prevalent active shooter scenarios, the need for heightened awareness of danger is an everyday occurrence. More and more lately, another issue is of utmost importance–network security.
Information Security Officers
According to Tanya Roscorla with Center for Digital Education, even campuses with Information Security Officers are working against many issues as they try to keep their campuses safe from cybercriminals. Unfortunately, small private colleges and universities simply do not have the money to hire an Information Security Officer.
They often have IT personnel who are always trying to use new tools and change their tactics to counter the cyber attacks. It’s an ever-present race they are running, as attackers find ways around the tools, switch strategies and hit different targets. Roscorla, in researching surveys and interviews, found that there are several major challenges that Information Security Officers are dealing with today.
The number one challenge is phishing (the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication). Too many people open emails that are designed to trick them into clicking a malicious link or downloading malicious software attachments.
Plan of Action
Along with phishing, user education is a problem, Roscorla added. Because professors, students, and university staff have such busy schedules, cybersecurity awareness often takes a backseat to teaching and learning.
While cloud security is a help, it takes a lot of due diligence to keep on track. Another issue is that cybersecurity doesn’t always top the list of leaders’ priorities. But since the risks and consequences are rising all the time, the leadership at private universities needs to establish a strategy for preventing attacks.
While private colleges, especially smaller ones, have limited resources for the expensive tools that the cybersecurity industry creates, they need to determine how to best ensure their security tools are as up-to-date as possible. Along with that, identity and access management is very important, Roscorla explained.
They can deal with this challenge by putting systems in place that will control who can access different applications and what level of access they need.
While all of the aforementioned issues are important to address, the number one issue for colleges is the insecure personal devices of their students and faculty. For many years, this has been the era of BYOD (Bring Your Own Device) to class. Like in a popular horror movie, one might say, “The call is coming from inside the house.”
Unfortunately, while BYOD has been in existence for more than a decade, there doesn’t seem to be a reliable way to make sure a private college can keep itself safe. Glenn Meeks notes in an article for Spaces4Learning, “Historically, IT only needed to protect the kingdom from hurtful things trying to get into the castle through the main gate (router/ firewall). Now the hurtful things are in the castle and on the ‘safe and secure’ side of the router/firewall.”
One way that has provided successful protection in previous years, Meeks continued, is to require minimum computing device hardware requirements. If the device meets or exceeds those standards, the student must log in and download the anti-virus/ malware application. The student also needs to make sure that the application is up-to-date, and if it isn’t, the device will be denied access to the network.
Newer models available with increased computing power and more powerful algorithms are constantly being put on the market. If the college purchases one of the “Next Generation” firewalls which also monitors your front gate and the secure side of the network for unusual traffic or computing device behavior, Meeks stated, the BYOD policy will be better protected. “Of course,” he added, “the unit will be expensive and come with a hefty subscription cost for constant updates.”
Boston University Lab
For private universities who have the money to spend, they might want to look at Boston University’s Student-Centered Active Learning Environment for Undergraduate Students in their BU Physics program. They merged several pre-existing labs into a single 2,200 SF lab and adjacent 2,800 SF study space designed to seat 81 students.
The technologically-rich environment merges all classroom computers and projectors onto one shared system, innovatively using the university’s extensive AV/IT data network. In this way, student laptops are leveraged into an interactive learning environment, rather than being a source of distraction.
In conclusion, network security is not something that private colleges and universities can ignore. Institutions of higher learning have been entrusted to protect institutional data and user data, including identifying information and even financial details, from hackers. They can’t fail at that responsibility.