How to Foster End-User Behaviors that Encourage Security
Cybersecurity is a push and pull between institutions and the hackers who would infiltrate their networks and make off with valuable student data.
While both sides are in an arms race to improve their digital arsenals, there is a layer of protection that many institutions have not done a sufficient job addressing: negating human error.
As technology becomes more advanced, cybercriminals’ methods are sure to become more advanced, and while investments in the latest protections can help keep hackers at bay, having a staff educated on the danger signs of an imminent breach can end a threat before it begins.
There is a serious lack of knowledge on the proper methods for protecting data in the higher education sphere, and IT professionals must be aware of the gaps.
SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!
Explain the Reasons Behind Proper Security Actions
A recent CDW Cybersecurity Insights Report found only 30 percent of IT professionals are extremely confident in processes and people to stave off a cyberthreat. While investing in high-tech cybersecurity processes can put you at an advantage, institutions cannot underestimate the power of a well-educated network of end users.
“An organization’s people are its first line of defense. Conversely, people can also be the weakest link,” authors of the CDW report write. “Employees need to know what to do when faced with a threat. They also need to know how to take preventive measures to prevent malware from impacting the business.”
One way to boost cybersecurity proficiency is to engage professors and students. By explaining why certain actions are important, instead of just how to take them, users can develop a deeper understanding of what appropriate actions to take in the face of a threat.
“It’s easy to talk to employees about safeguards and best practices, but once they understand why, including the ramifications of breaches, engagement and success skyrockets,” the report’s authors explain. “Good training starts with fostering more interest.”
At Duke University, students and professors are able to access materials designed to teach end-user best practices.
Meanwhile, the University of Michigan keeps students and faculty informed with a constantly updated list of reported phishing emails so that users can better identify a threat.
Focusing on personal security can also make it easier for end users to expand that training to their lives on campus.
Test Users to Keep Their Cybersecurity Skills Sharp
Once staff members have a grasp on the core concepts and ideas of cybersecurity, it is time to exercise those skills with assessment tools.
According to an IBM X-Force report, “malware, malvertising, phishing and SQLi-based incidents were some of the more prominent attack vectors used to compromise information and communications technology network.”
Carnegie Melon has introduced mock phishing campaigns to test users on their cybersecurity practices.
By testing students and teachers with these tools, they are able to better internalize and maintain best security practices.
For institutions with a smaller budget, EDUCAUSE Review has created a guide on how to create effective phishing tests without breaking the bank.