In higher education, security can get a bad rap. IT teams can be seen in direct conflict with the environment of openness that universities often embrace. For IT pros, when data vigilance is interpreted as an emotional control issue, it makes their job that much more difficult.
It’s a Tough Crowd
Students, faculty and researchers are a tough bunch of folks to manage from an IT perspective. They expect ubiquitous connectivity in every corner, on every device they own, loaded with every app they deem useful to their academic and personal lives.
And it can be hard to grab their attention to have them focus on a topic like cybersecurity. There’s enough to learn and memorize as it is, and ultimately, cybersecurity is not going to impact their GPA or tenure track.
Students, as millennials, grew up with the Internet and are usually less concerned about getting hacked. They are not nearly as diligent as others. They are young, relatively trusting, and pass along information like logins more freely with others. And some students tend to share almost anything on their social accounts.
Making this all the more complex, a school’s population feels less beholden to IT than corporate employees do. They tend to feel intrinsically safe within their own special microcosm, and that feeling bleeds over into cyberspace.
At the end of the day, the security and privacy of data is only as secure as the weakest link in the chain, and in higher education, there are lots of links to worry about.
There’s No Less Data to Protect and Govern
A higher education network starts to look more corporate when you dig into the information it must protect. Admissions departments process financial aid applications, the school bookstore holds credit card data, and the school’s health center manages personal health information. This is all valuable, personal information that must be secured.
Factor in other areas of the college community like research teams working on innovative projects creating valuable IP, and staff processing grades and academic records. All of a sudden, every bit and byte starts to seem as important as the rest.
Given all the different types of data flowing through the network, universities and colleges are far from exempt from compliance.
Higher education is just as burdened to meet PCI and HIPPA as anyone else who processes financial and health information. On top of this are regulations unique to academia like the Family Educational Rights and Privacy Act (FERPA), protecting the privacy of student academic records.
Additionally, university networks tend to be flatter and less segmented to keep them efficient and easier to manage. Fewer walls means a smooth path for malware to travel, and more vulnerable data at stake.
Take the Right Approach
If you are going to place a number of sensible restrictions on end users who may have fewer sensibilities, you are going to drive them to the path of least resistance. They’ll cut corners and avoid making changes that are not enforced.
IT teams at universities or colleges should feel both emboldened and creative in their approach by getting to know their end users. Then they can structure realistic programs that are more likely to be followed, and easier to enforce.
Having password management hygiene on the books doesn’t mean that it’ll get studied before the exam, especially when the exam takes the form of a phishing attack.
Considering the population, what needs to be protected, and other unique challenges like budget and staff, IT teams in higher education could do themselves a favor: get an enterprise-grade, inexpensive password management tool that absolutely everyone can use.
A campus network deserves the same commercial tools as the rest, like LastPass for example, which provides the following:
- Packing for Internet2 Members: Whether managing accounts at the administrative level or providing self-enrollment for students, Internet2 members packages are tailored to simplify password management for the entire community. These help students, faculty, and staff to remember their passwords and login to every web account while following best practices for password security.
- Simplified Deployment: LastPass offers streamlined fulfillment tools and educational resources to simplify a campus-wide rollout. Users are led through a self-enrollment process prompting them to create their LastPass account and redeem their school-sponsored upgrade. This process ensures an easy experience for users, and reduces onboarding time and support costs.
- Secure Faculty & Staff with Enterprise: Deploy LastPass at the administrative level, offering turn-key integration with AD and LDAP, central management of accounts through an IT portal, and team password sharing features.
- Offer LastPass Premium to Students: The LastPass Premium package is ideal for individual use for students. Offer a student perk that makes them more productive and secure both at school, and at home.
Take advantage of the winter break around the corner, and start to take the steps you can to improve security while maintaining the kind of openness that makes a university community so great.