Fall Classes Are Starting – How Secure Is Your Campus Going To Be?

By Bob Turner | August 19, 2022

The Summer of 2022 is closing out and the first year students are gearing up with their array of networked technologies to start the next chapter in life at a college or university. In addition, campus administrators will also be adding these fresh identities to campus databases. Nearly every student will engage in cyber commerce on and off campus, and faculty will continue teaching in a world where students are already “experts” in social media, influencing friends online, and dealing with learning management systems.

What those first-year students may not be ready for are the policies and security controls which campus Chief Information Security Officer and the IT department have put in place.

Cybersecurity is still at the top of mind for higher education IT leaders. And, with strong voices, education IT and cybersecurity leaders must be clear in their expectations. Helen Norris is the chair of the EDUCAUSE Board of Directors and current Chief Information Officer at Chapman University. She recently testified before a Senate education focused committee and noted the “cybersecurity threat landscape has grown and transformed over the years.” Colleges and universities are convenient targets for hackers and struggle against threats of ransomware, hacking, phishing and social engineering. Managing sensitive research and student data exposes the difficulties that small and resource-challenged colleges and universities face in protecting against ransomware. On the topic of cybersecurity talent, Norris noted universities are also “at a disadvantage in competing with employers in the tech sector when hiring information security professionals.”

Others are quick to point to the importance placed on their institution’s public image in order to attract new applicants. Cyberattacks can easily impact a school’s reputation and have a chilling effect on recruiting students in addition to financial implications of an event which also challenge tight budgets.

Identifying cybersecurity as a “Top of Mind” issue does not always equal action. The Collegis Education ebook, Higher Ed Cybersecurity Landscape: 2022, states, “While there’s no magic bullet to prevent all incidents, understanding widespread vulnerabilities, common types of cyber-attacks and how to prevent them can help your institution develop solid security strategies to safeguard data and resources.” The education CISO should drive the necessary actions and tools to effectively deliver an acceptable return on the security investment.

As higher education emerges from the pandemic and the disruptions to the traditional education and campus environment, many colleges and universities are eager to get back to the model that has students on campus for the college experience to enhance learning. Others argue that educators need to keep online options open. Pursuit of further innovations in pedagogy such as podcasts, pre-recorded a la carte lectures, and learning experiences outside the classroom must be augmented with secure remote access to the campus. All of these innovations come with cybersecurity challenges.

Higher education IT leaders are continually evaluating needs in learning and research while looking to normalize hybrid work and online learning. Moving forward, some institutions may expand remote work policies to include a range of scenarios, from flexible weekly schedules to 100% distributed working environments. CISOs need to keep these changes top of mind as these activities result in expansion of the attack surface.

Many international students at U.S. colleges and universities opted to stay on campus during the pandemic. Those who returned home, as well as many prospective international students, could not get a visa or were unable or unwilling to travel as universities began to open up last Fall. This year, education administrators believe that although getting back to normal campus life is important, it is not likely to return to pre-pandemic levels.

In the new normal, remote learning is increasing in relevance. Effective cybersecurity in higher education include campuses “going global” with more online learning opportunities developing in the field. For example, Georgia Tech, University of Maryland, New York University, Penn State, and Purdue University, and are among many online institutions that are offering online cybersecurity degrees. While campuses are likely doing this to recover revenue from reductions in the US based college age population, more remote learning also helps many adult learners who are not close enough to a campus to seek undergraduate and graduate degrees that will move their careers forward.

Campus security leaders, the CISOs, are coming in to Fall 2022 trying to define “normal” for Academic year 2022-2023. They should be playing to their strength as communicators as they talk to the CIO and campus leaders (Chancellor/President, Provost/COO, CFO, Legal, Risk Management, Deans and Directors, etc.) and should focus on providing tailored “Cyber Threat Briefs” for September.

CISOs should be sending their own “Welcome Back” note to faculty, researchers, and staff. A separate note to students addressing their cybersecurity needs is also effective when combined with the forecast of events for the Fall term. (CISO to CISO, this is a great opportunity to tee up Cybersecurity Awareness Month plans for October!). Now is the time to update incident response protocols and plan on testing and improving incident response time as a safety related metric.

Practicing better communication with IT and cybersecurity staff must include a follow-up plan for promoting the wider understanding. Find a way to connect those conversations to reduce the mean campus time for detection and remediation. Finally, early fall is the best time to start your budget “wish list” and socialize those needs to cybersecurity teams, IT leaders across campus, and the Deans, Directors and other influencers.

 

Find out how to enable digital learning resources while ensuring physical and digital safety of networks and students.