In the wake of Equifax, CIOs across the country are not only checking to make sure they have downloaded the appropriate patches but they are also developing plans to prevent this kind of oversight within their organizations. Colleges and universities are said to have more high stake data than financial institutions, so it bears the question, ‘What are university CIOs doing to prevent this type of event on their campus?’
There isn’t one CIO worth their salt who doesn’t have a cybersecurity plan for their network and data systems. But, in some colleges and universities, the CIO doesn’t manage all servers and data systems on campus. Shadow IT has been a long standing challenge on university campuses. When faculty or centers obtain grant funding they can essentially purchase what they need to support the grant and they may or may not go through central IT to make the purchase.
Even though shadow IT folks may care deeply about managing their slice of IT heaven, they may not get all of the information they need to provide the security necessary to protect the entire campus network. CIOs have a duty to ensure the network is secured and although it may be easier to set up your own IT shop when you have department or grant funds it may not be the wisest decision.
The challenge universities already face with recruiting and retaining students, not to mention attracting world class faculty, will only be made harder when security breaches become public. Perhaps now is the time to recognize it may be best to empower the CIO to secure the entire network and all of the data systems so that the misery Equifax is feeling doesn’t land on a university doorstep.
In celebration of Cybersecurity Month, take the time to look at the plan for cybersecurity already in place on campus and determine if all of the necessary departments and offices are aware of the plan, and be on the lookout for more on cybersecurity from CDE this month. The risk of uninformed stewards is too great.