College campuses have earned the unenviable distinction as a prime target for online attacks. Factors such as open networks, the use of innumerable personal devices, a treasure trove of highly sensitive information (including personal and intellectual property) all present serious security challenges and vulnerabilities that have sent administrators, technology officers, professors and students scrambling to develop protocols and solutions, hard and soft, for fortifying online college assets. Once infiltrated by the smallest breach, a university’s entire network is susceptible.
For these reasons, universities have generally remained ahead of the curve in monitoring their networks for indications of trouble and establishing levels of protection. At the same time, they have maintained the traditional openness of large segments of these networks, which are designed to support research agendas and the educational needs of professors and students alike. In the context of this delicate balance, there are still important and effective steps that colleges and universities can take. Expert recommendations diverge, but a few items consistently appear on multiple lists:
1. Minimize the damage ahead of time
In a university setting, security breaches are virtually inevitable. The only question that remains is exactly how much harm has been done. Colleges can minimize the damage by concentrating their efforts on establishing security measures that will limit to the greatest extent possible the access hackers will gain once they’re inside the university network. Technology departments should also focus on establishing measures to ensure that intruders are in for the most minimal amount of time possible before the attack is identified and reported, and serious damage is done. Communicate with IT teams from other institutions to compare the effectiveness of security protocols.
2. Educate your users
Because university network users share the risk of infiltration — the staff and student sections of a university network are generally the most vulnerable — it is highly advisable that all professors, employees, students and others associated with a college campus take pre-emptive measures to protect their own networks. The responsibility for the security and safety of a network should be considered the collective responsibility of all its users. Several publications and organizations rate and rank the best packages for antivirus protection and spyware, malware and adware defense. For a nominal investment, devices can be equipped with the most up-to-date protection possible.
3. Consider the cloud
Backing up critical data daily to the cloud ensures that this information will be available later, should disaster strike. A hybrid cloud can allow an institution to mirror both onsite and offsite services and easily move them back and forth through a private network. To ensure that cloud services are secure, it becomes critical to develop a trusted relationship with the service providers assigned to protecting the institution’s data. To achieve the best results, encrypt all information exchanged between the institution and the service provider, know where the data is stored and establish an understanding that the stored data will remain private and not be mined.
Networks constructed to achieve the highest levels of security — restricting new devices, regulating users, and establishing strict control of online traffic — are certainly suitable in a private, corporate setting. However, colleges and universities require networks designed to accommodate the highest levels of learning — to welcome the annual fall arrival of users from all over the world, almost all of whom bring with them their own digital devices to enable their participation in the ongoing tradition of sharing, studying and exchanging information with one another.
At the same time, the university networks that carry the burden of these inherent vulnerabilities must also house critically sensitive information that demands the tightest security. It’s an almost schizophrenic balance that is demanded of them, to be obligingly open, yet rigidly secure, but the oxymoron is achievable, with the proper attention paid to key details.