The more technologies we continue to use, the better higher education must be prepared to secure that tech. Trying to bring any new technologies into the fold without considering the security risks is a recipe for future disruption.
It’s also no longer enough to rely solely on security technology to keep networks secure. Staff must be trained to use the latest tools and keep them updated as threats evolve.
Securing a college or university in 2023 is a complex problem that demands innovation, expertise and an openness to change.
Teamwork Is Key to Tech Implementation in Higher Ed
Focusing on innovation challenges the norm in a positive way.
I learned this firsthand as a technology buyer at Arizona State University, a school that has topped U.S. News and World Report innovation rankings for seven years running. I made an effort to avoid spending money on products that would just sit on a shelf, something IT execs call “shelfware.” It also became clear that purchasing technology without security was irresponsible, and ineffective at stopping breaches. We created a plan to fully fund both the technology and the expertise for any initiative we wanted to pursue.
LEARN MORE: Universities share lessons learned from ransomware attacks.
When bringing in a new service, it isn’t enough to just buy the tools, or to only hire staff without providing them the tech they need to do their jobs. Schools must commit to both: best-in-class security technology and people to implement, operationalize and enhance these tools as required.
At ASU, we implemented an IT rationalization initiative: Each year, we went through a list of every asset with a security implication, no matter where in the organization it existed. We followed these assets closely to ensure security features were implemented, and each year we revisited these crucial questions:
- Why do we have this software?
- What can we do to fully implement the licenses we have?
- Do we need more people to support this product?
- Do we need this technology?
- What do we need that we don’t have?
This type of process can give schools a broad view of security across the organization and allow them to adjust strategy as their needs and tooling evolve. It isn’t possible without the right products and expertise, which is exactly what today’s colleges and universities need to strengthen defenses.
As institutions continue to face security threats, funding technology without proper protection is a recipe for disaster. Colleges need security tools and trained staff to defend against advanced attacks.
READ MORE: What’s new in SIEM for higher ed InfoSec teams?
Tips for IT Teams Working to Secure Higher Ed Institutions
Creating a culture of cybersecurity awareness is essential to every university’s success. Within that risk-based approach — and the governance and architecture conversations that go along with it — a few key recommendations continue to prove invaluable as we build and maintain capable, effective security teams.
- Refocus your tech funding. Colleges and universities sometimes lack resources to acquire technology and build out enterprise-grade security strategies. Create an IT rationalization initiative with your team and examine the products you’re using. Are there opportunities to use open-source products instead of paid software? Is there space to reallocate existing funds to a tool that would provide greater value?
- Be ready to act. If an incident occurs, the only thing you can control is your response. Organizations are largely judged not by the attacker’s actions but by how they respond to a crisis. Put together an incident response plan; it is the most important step you can take as a security leader.
- Protect your identities. Secure service and admin accounts with multifactor authentication and adopt a zero-trust approach in which you verify the user to access key systems and resources. Ensure that only known entities can connect to your school’s environment.
- Practice good security hygiene. Ensure software is properly configured, eliminate unnecessary software and stay up to date with the latest patches. Sometimes, adopting software that’s easier to maintain is the best path to proper security hygiene.
- Control remote access. Avoid exposing server message blocks and remote desktop protocol ports to the internet and restrict the use of remote access tools. Controlling remote access is a comparatively simple precaution, but it continues to be an area where schools and universities could improve.
Higher education institutions face more cyberattacks than some other industries but often have less funding to fight them. There are many cybersecurity resources and experts offering advice for anyone in the education space seeking to learn more about improving their security posture and responding to attacks.