With 60% of higher education organizations experiencing a data breach within a 12-month window, the US Department of Education is increasing the pressure to meet basic cybersecurity standards. A KPMG report indicated that a failure to enforce controls around the identity layer is a common attack vector, reinforcing the need for stronger user access controls and user education.
This October, the 15th annual National Cyber Security Awareness Month (NCSAM) challenges academic institutions and students to address the “shared responsibility” of cybersecurity. In Part 1 of this series, we talked about common endpoint management challenges in higher education, including the need to safeguard the private information and intellectual property of students, faculty, and staff. Outside of improving security and access controls, educational institutions have a mandate to help educate the workforce of tomorrow.
Right now, there exists a large educational gap for cybersecurity training in higher education. 82% of IT professionals say they require students to take IT security training at least once per year, yet only 35% of students say the same - reinforcing that training is being overlooked by most. Further compounding the issue, 76% of students admit to engaging in risky behavior while connected to their university’s network.
The preparation for the digital landscape of today and tomorrow begins in K-12. Early educators are focusing on Digital Equity and the basics of STOP. THINK. CONNECT., messaging which can be incorporated into higher education as well. IT professionals in higher education often note that educating users (students, staff) on security policies and procedures is their top cybersecurity challenge.
The Higher Education Information Security Council provides some resources specifically tailored to educating college and university students. Such materials can be integrated into handbooks and student orientations or can be run as specific campaigns during NCSAM highlighting topics such as phishing, ransomware, identity theft, and basic privacy precautions. We’ve seen some very creative ways to engage students about security, including the UMass Amherst social media posters.
In addition to user behavior, education can focus on transparency about campus-wide layered security and endpoint management precautions. At this level, knowing what security options are in place can help educate students on best practices they can leverage in personal and later in professional practice.