Community colleges face some pretty unique challenges when it comes to cybersecurity.
According to the Verizon Data Breach Investigations Report, just released in April 2018, colleges faced 292 cybersecurity incidents last year (101 with confirmed data disclosure). Of these 292, 81% were external and 19% were internal.
Of course, community colleges face some of the same issues that nearly every type of organization struggles with:
- Older technology and computer systems/devices
- Lack of incident response plans
- No budget line item for cybersecurity
- Difficulty keeping up with emerging threats
But there are several unique cybersecurity risks that confront community colleges, too. Here, we’re walking you through the five most prominent – along with potential solutions that can help.
1. Hiring and Retaining Staff
Problem: The salary resources available to community colleges can make it hard to find and keep talented cybersecurity staff. Although many community colleges have great IT departments made up of capable employees, IT and cybersecurity tend to run in two different circles. The focus of IT departments tends to be on uptime and network operations (trying to make things run as smoothly and quickly as possible, and troubleshooting problems as they arise).
Cybersecurity experts, however, focus on doing whatever it takes to secure data and information – even if that means making it a little harder or slower to access. (In some cases, chief information security officers – CISOs – may not even report to or be part of the IT team.)
Solution: The best way to address this issue is by conducting a staff skills assessments. Where do existing IT employees excel? What do they struggle with? What are they unsure about? Don’t panic if you find talent gaps – it’s expected. Once you pinpoint the expertise your team is missing, you can fill those gaps through training, education, and partnering with third parties when necessary.
2. Testing and Measurement Software Systems
Problem: In addition to personal student and staff information, community colleges also have to protect other types of information, including testing and measurement data. Today’s learning management systems (LMSs) not only serve as the hub for grades, announcements, syllabuses, and faculty-student communications, but they also host online classes and employee training (diversity, sexual harassment, emergency response, etc.).
The information housed in an LMS can prove whether a community college complies with regulations for staff/faculty training and education. The data in an LMS also determines students’ futures based on grades and faculty evaluations. When a grade is entered into the system, it’s crucial that the data is accurate – and isn’t altered or removed.
Solution: Unauthorized code can manipulate software applications, giving unapproved users the ability to access, change, or delete data. Application software security can ensure that the software you use is as secure as possible. Through post-deployment security tests, applying patches and upgrades, and monitoring program performance, you can use application software security to protect software from internal and external threats.
3. IoT and BYOD
Problem: Wireless environments are a given on college campuses, which increases security vulnerability. According to Campus Technology, more than half of college students bring at least two connected devices with them to campus. Another 22% bring three or four devices. (We think these numbers are even higher when considering smartphones, tablets, Chromebooks, smart watches, activity trackers, laptops … the list goes on.) Because their tastes in applications and devices frequently change, it’s hard to know what devices are being used on your campus and connecting to your network.
And don’t forget about all the other devices that connect to community college networks: surveillance cameras, wireless access points, lighting systems, and even things like washers and dryers that are remotely monitored and provide an alert to student smartphones when they’re available to use.
Each connected device provides cybercriminals an opportunity to infiltrate – especially since many of these devices don’t have adequate security controls.
Solution: As much as possible, try to inventory the devices on your campus (the ones you know about, anyway). Once complete, the inventory can pinpoint potential areas of weakness (you can look for known technologies being used on campus and their susceptibility to attack.) It’s also important to make sure these devices are properly patched and don’t use the default password provided.
Although you can’t control the devices students, staff, and faculty bring to campus, you can make recommendations about their purchasing choices, as well as provide education to teach them how to secure their devices. Some campuses also chose to provide free access to security software downloads.
4. Computer Labs
Problem: The computer labs in community colleges are often bigger and more complicated than the computer systems used in enterprises. (And some college computer labs don’t have computers in them at all – instead, students bring in their own devices and connect directly to the network inside the lab.)
These labs make great places for hackers to do their work, whether that involves sitting down inside the lab or remotely gaining unauthorized access to the lab’s devices and using a lab computer as a workstation to jump from.
Solution: To prevent this situation, there are many things you can do to create secure configurations for hardware and software. Establish, implement, and manage proper security configurations of computer lab devices to prevent cyberattacks – and maintain standard documented security configuration standards for all of your systems and software.
5. Student Turnover
Problem: According to a recent report from CDW-G, most campus IT departments report a data breach to students, staff, and faculty when it happens – but the majority of students say they don’t know when these types of events occur. The bottom line: They’re not paying attention to (or overly concerned about) cybersecurity – and understandably so.
From your perspective, however, it can be frustrating. It’s hard to educate and keep tabs on a student body that constantly changes, with a new class of incoming students every year.
Solution: Account monitoring and control solutions allow you to prevent and detect unauthorized activities that may lead to data loss or breach. Make sure you control who has access to sensitive information – and that you have a way to immediately detect attempted unauthorized access. Factors like password-complexity requirements, strong authentication requirements, and lockout after failed login attempts can also help.
Need help with a plan on how to address some of the cybersecurity issues specific to your community college? Or just want to see where you stand? A vulnerability assessment is a great place to start. If you have any questions about how the process might work, we’re happy to help!