Prior to the start of the pandemic, chief information officers on higher ed campuses across the country developed a reputation for discouraging the use of new tech tools because of security concerns. But that has changed due to the pandemic, says Brian Kelly, director of the Cybersecurity Program at Educause.
“The cybersecurity officer, the chief information security officer, who used to be the office of ‘No,’ as in, ‘No you can't do that.’ Or, ‘No, you're not doing it correctly,’ or ‘Don't do it,’ has really moved to be the office of K-N-O-W,” Kelly says. “We want you to know how to do it securely.”
More communication between cybersecurity officers and instructors necessitated by the pandemic has led to a cultural shift in which instructors now see those officers as facilitators rather than gatekeepers, and go to them with questions about how to safely implement new tech tools, Kelly says.
This increased spirit of collaboration is one of many ways campus cybersecurity has evolved since March 2020.
More Flexible Threats and a More Flexible Defense
The pandemic moved college classrooms off campus and even though institutions have since reopened, students, professors, and staff have gotten used to connecting to school networks from wherever they are whenever they want. “Our institutional assets now are all over the place,” Kelly says.
Keeping these remote-learning and remote-work friendly networks safe has led to increased emphasis on preventative cybersecurity strategies, such as endpoint detection response (EDR), which is the process of monitoring endpoint activity in real time while identifying and halting digital threats.
With these new threats in mind, Educause offers several resources to help cybersecurity professionals, including the:
- Higher Education Community Vendor Assessment Toolkit A questionnaire framework specifically designed for higher ed to measure vendor risk.
- End Detection and Response (EDR) Resources on EDR include a roundup of what you should know about EDR and a research case study conducted at Boston University.
What Can IT Professionals Do to Combat Cyber Threats
For IT professionals, Kelly says it's important to maintain a dialog with campus stakeholders about IT policies and get feedback, noting that these policies should be formed in a collaborative way.
Beyond fostering collaboration on campus, cybersecurity professionals should remember that practice makes perfect.
“If we use the college analogy, most of our sports teams are practicing many times a week before it's game day,” Kelly says. Similarly, cybersecurity teams should be practicing what to do in the event of a ransomware attack or some other breach. “Going through those steps really helps to show the best practices to maybe point out where there's gaps in your strategies, and then you make policies and tweak from there.”
What Can Instructors Do to Protect Against Cyber Attacks?
Keeping those lines of communication open isn’t just the responsibility of the information security professionals on campus. Faculty and staff members should also make an effort to connect with and get to know their institution’s cybersecurity experts. For example, if a professor is interested in using a new tech tool, they should ask questions of their IT team and reach out to fellow instructors.
“We all use Yelp before we go out to a restaurant,” Kelly says. “Not to quote Ted Lasso, but be curious about the applications you’re going to use with your students, be curious about what type of data that application is collecting, how it's stored. Then ask and seek those professionals on campus for guidance, because they're there to help.”