Today’s colleges and universities face unique challenges when it comes to protecting staff and students from cybercrime. What’s causing the industry to lag behind, and what can be done to fix it?
The internet has completely transformed the educational experience, offering students access to more information than any campus library could ever hold. Indeed, research indicates that 75% of college students believe web-connected technology has had either a “positive” or “significantly positive” impact on their academic success. That explains why 54% of students bring at least two internet-connected devices to campus, and why another 22% of students bring three or four internet-connected devices to campus.
But these connected devices that make life so much easier for students has only made it harder for university IT teams. Of the seven industries profiled, higher education received the second-lowest risk assessment and cybersecurity assurance score on the 2017 Global Cybersecurity Assurance Report Card, trailed only by government.
Failures on Multiple Fronts
Research released last month by CDW-G revealed that 60% of the IT professionals surveyed said that their institution had experienced a data breach in the last year, 29% of which resulted in a documented data loss.
One of the reasons colleges and universities are so vulnerable to cyberattacks appears to be a general lack of preparedness. Less than half of the campus IT teams surveyed reported implementing critical cybersecurity measures like network segmentation (46%), endpoint protection (45%), remote access controls (44%), and two-factor authentication (39%).
Institutions also seem to be doing a poor job of educating students on proper network usage, as 76% of students admitted to engaging in risky behaviors like connecting to unsecured public WiFi, visiting potentially unsafe websites, or opening emails from unknown senders. Despite (or perhaps because of) this risky behavior, a vast majority of students (74%) are concerned with their campus IT team’s ability to protect both school and student data.
A Fraught Relationship with Cybersecurity
As worrying as many of these figures are, the fact that cybersecurity is lacking on college campuses is anything but new. Educational institutions have always had a strained relationship with cybersecurity, precisely because they pride themselves on being champions of free and open communication.
As Harvard Chief Technology Officer Jim Waldo points out, “Building an infrastructure for IT that is based around [the assumption of free information exchange] is pretty different from the kind of things that can be done in a corporation where you can dictate to your customer base what they can and can’t do.”
Consequently, many universities opt to exercise little to no control over the devices students, staff, and faculty connect to their networks, rendering all the data housed on university systems vulnerable to attack. Despite being configured in a manner similar to “free love” environments like hotels and coffee shops, university IT systems are home to highly-valuable information like research, credit card numbers, social security numbers, and medical records.
The Way Forward
To improve security, campus IT teams must accept that their long-standing standards for cybersecurity are largely misguided. “There’s a definite idea in schools that security equals constraint and that constraint is anathema to the open exchange of information,” explains cybersecurity strategist Richard Bejtlich. “[They] have to get over this idea that security is going to prevent you from achieving your mission.”
One easy way for schools to bolster their network security without compromising their ideological commitments is to provide better user education. Judging by the CDW-G study, that effort must begin with improving communication.
Over 90% of campus IT professionals whose institution experienced a breach claim to have communicated news of the breach to students, yet only 26% of students at these institutions report being aware that a cybersecurity breach occurred at their school. Similarly, 82% of campus IT professionals say that students are required to complete some sort of cybersecurity training at least once a year, a requirement of which only 35% of students are aware.
At Turn-key Technologies, we understand that preaching the value of good cybersecurity — let alone designing a network that practices it — can be a major challenge in an open, expansive environment like a college or university. Fortunately, we have over two decades of experience helping schools provide internet access that is as fast and reliable as it is secure. Turn-key Technologies has the expertise necessary to help any school deliver a highly-connected educational experience to each and every student.