Considering the high volume of online communications and study materials in higher education, it is essential that college students have easy and safe access to a secure and stable network. Such a vast challenge, however, rarely runs smoothly for the university IT department when trying to maintain network security in such an open operating environment.
Now, with so many campuses becoming virtual and moving online, the college network is more important than ever. Yet, with wide-spread work-from-home directives, event cancelations and general uncertainty, there is more opportunity for scammers to take advantage of vulnerabilities.
Data Breaches Are a Growing Threat to Higher Education Institutions
The growing number of cyberthreats targeting colleges and universities is a startling reality. Last year, there were multiple breaches of personally identifiable information at reputable institutions, including Oregan State University and Missouri Southern State University. Network vulnerabilities, hacked email accounts, and phishing incidents potentially exposed sensitive data of thousands of university employees and students. The data breaches yielded their names, birth dates, addresses, email addresses, phone numbers, and social security numbers.
Cyberattacks continue to threaten higher institutions because it’s considered a lucrative market for these modern-day criminals. These attacks have the potential to damage universities financially and harm their reputation among prospective students, alumni, and the greater community.
Remote Network Access for Students and Faculty
Many professors take working sabbaticals for a term, or more, and need continuous access to their files without visiting their office. Similarly, students may need to access their university email server to turn in a paper while away from school. In recent weeks, WFH has even become a necessity. This is why remote access must be addressed in your governance policy.
Current Cybersecurity Best Practices for Higher Education
What should your university or college be doing to mitigate risk? Here are some key preventative measures for network security.
1. Build Strong Network Security Governance
A detailed, comprehensive, and actionable information security policy is necessary to define responsible network use. Then, an active culture of shared network responsibility must be built and supported on campus. To increase buy-in around campus, consider developing a cybersecurity awareness campaign to distribute material and examples about cybersecurity.
With increased networking risk, it’s necessary to make sure that everyone is doing their part to keep data secure, for everyone’s benefit. Combined with regular staff, faculty, and student training sessions, you can feel more confident when implementing a strong information security policy.
2. Provide Instruction & Support
With so many students and faculty working remotely, the university needs to be clear about shared responsibility. Provide information to all users to raise awareness regarding increased threats.
- Warn the community about the high amount of spam, hacking scams, and phishing emails currently in circulation online.
- Remind staff and faculty of policies and practices related to the transmission of sensitive data.
- Tell users where they can find official information related to remote working policies and campus announcements.
- Identify sources for reliable information and future announcements.
- Instruct network users not to download from non-reputable sources and avoid malicious websites and suspicious links.
- Let users know where they can turn for help. Provide contact information for the IT department or help desk and make it easy for students and faculty to report suspicious activity and unsolicited messages.
3. Identify Vulnerabilities
Preparedness is founded on an accurate assessment or audit of the IT environment. Evaluating organizational policies and practices, assessing implementation and the university’s technology infrastructure is the only way to gauge risk level. Once risks and vulnerabilities have been identified, only then can they be addressed.
4. Follow National Guidelines
Nationally recognized standards, including NIST, provide practical frameworks for universities to develop and improve their cybersecurity programs and policies. It helps higher ed institutions address things like encryption, port access, and multi-factor authentication.
5. Maintain Security Updates
Most universities provide users with virus scanning software free of charge. Just as the IT department must keep patches up to date, users also need to keep their software current. Now is a crucial time to address vendor vulnerabilities. Encourage the campus community to update their software, antivirus program, and operating system.
6. Set a Backup Schedule
The university’s disaster recovery plan should already have a set backup schedule. In case of a ransomware attack, crucial data storage can be restored quickly. Cloud-based solutions make this process automatic and help mitigate the risk of downtime and data loss.
7. Secure Network Access
Faculty and students should understand the importance of using the virtual private network when connecting university systems hosted on campus. Network encryption adds an extra layer of security for remote operations.
8. Enforce Password Changes
Users should be required to use strong passwords and change them each semester. Stressing the use of unique passwords decreases the risk of malicious attacks using account credentials stolen from social media and other service providers. Recommending or providing free password manager services can be helpful in enforcing this policy.
This video by Cisco provides some helpful best practices you can adopt to help secure remote employees and students without overburdening your staff.
Factors to Consider When Protecting Network Security for Higher Learning Institutions
No matter how small or large your higher learning institution, you likely face a unique set of challenges. IT departments are responsible for shepherding a massive, tech-savvy student body, as well as supporting access to a wide range of online resources.
A CIO’s responsibilities at the collegiate level are staggering, considering all the population sectors—including students, faculty and staff—the different types of devices, remote access, and the storage placement you use, whether on-site or in the cloud.
Populations Using the University’s Network
Your student body and faculty probably take up the greatest part of your network usage. With students, you must account for those living in dormitories and those working remotely from home or off-campus housing around-the-clock. Your job managing your student body is your largest responsibility, by far.
Educators make also use the network heavily, although they are more likely to relegate their network usage solely to work tasks, including research, email correspondence, online classroom platforms, and video conferencing.
Your staff may comprise adjunct teachers, teaching assistants, administrative professionals, custodial workers, security officers, and more. Those who have access to the network, should be assigned different levels of security.
Universities also provide secondary guest networks for visitors on the campus. Traffic tends to spike during specific periods; for example, when hosting conferences, sports activities, and alumni events. A separate network makes it possible to welcome guests by letting them use the internet while keeping the college’s proprietary data safe from malware attacks and other potential data breaches.
Devices Accessing the University’s Network
Knowing all the types of devices being used to access the network will help you when drawing up your information user policy. This type of policy is critical in protecting the internal university network where all the most sensitive data is stored. Take stock of all the digital device possibilities, which include:
- Desktops and laptops,
- Smartphones and tablets,
- Other smart and Bluetooth devices,
- Gaming consoles and televisions.
Learn more about our 100% Remote IT Security Assessments & Compliance Attestations.
Enterprise Risk Management Applies to Higher Education
I.S. Partners, LLC. works with organizations in various industries to help develop risk management programs and information security policies that address specific networking concerns. Please reach out to us by calling 215-675-1400 or request a quote so we can help your higher education institution to prevent data breaches and malware attacks.