Security

How to Get Vital Cybersecurity Messages to Resonate in Higher Ed

Students and IT pros aren’t always on the same page when it comes to data protection.

Twitter

Nicci is the director of Central and Eastern U.S. higher education sales for CDW•G.

Higher education IT professionals want — and need — to keep students informed about cybersecurity breaches and loss prevention, but the message may not be getting through, according to a CDW survey of 250 IT staff and 300 students.

Here’s one example of the disconnect: 82 percent of IT pros say they require students to take cybersecurity training at least once a year. But only 35 percent of students said they are aware of that requirement.

Similarly, 91 percent of IT pros who have experienced a data breach say that they shared this news with the student body on their campuses, yet just 26 percent of students were aware that their colleges had experienced an issue in the past year.

SIGN UP: Get more news from the EdTech newsletter in your inbox every two weeks!

Security Is a Growing Concern for Higher Ed

We all know that the education sector has become a progressively more popular target for cyberattacks. Compared to other industries, it saw one of the largest increases in data breaches — 103 percent, with a more than 4,000 percent increase in the number of affected records — between the last half of 2016 and the first six months of 2017, according to a report from Gemalto.

CDW’s survey reports that 60 percent of colleges and universities have experienced a data breach in the past year, and 29 percent of those institutions actually lost data. The three most common forms of intrusion were malware, phishing attempts and distributed denial of service attacks.

To be fair, college students do seem to recognize that a threat exists. Nearly three-quarters expressed concern about their institution’s ability to protect both student data and institutional data.

Yet it appears that many students may underestimate, or may not fully understand, the role they can play in protecting information. Seventy-six percent of students say they have engaged in risky online behavior, such as using publicly available Wi-Fi, visiting questionable websites or opening messages from unknown senders, while they were connected to the university’s network.

Improved Information Sharing Can Close the Communication Gap

Together, these findings suggest that simply providing periodic updates and making cybersecurity instruction available to students may not be enough to reduce the risk of data loss.

To successfully strengthen network security, institutions must find ways to ensure that important information both reaches and resonates with students — an outcome that many colleges seem to be struggling to achieve. In the CDW survey, only 25 percent of students say they consider their institution’s cybersecurity training and education efforts to be very effective.

To engage users, some colleges are adopting a more interactive approach to cybersecurity awareness. University of Massachusetts Amherst students, for example, can photograph themselves posing behind a giant cutout of a fish that declares they won’t be the catch of the day, or they can create a digital poster reminding others to avoid using their name in passwords. Students are encouraged to share the images on social media.

Each year, Texas A&M University’s Division of Information Technology creates a game to encourage students, faculty and staff to test their IT safety expertise. Last year’s version, available online or as a location-based mobile device experience, incorporated information about Texas A&M traditions. University students and employees who completed the game received a free towel, iced coffee or frozen yogurt.

Initiatives like these are great examples of creative responses to a persistent problem, and they work because they make communication between IT and campus users more engaging than a standard e-newsletter. Other institutions might achieve success by asking students for guidance. What do they think would be most effective in closing the gap between IT’s perception of communication about IT security and their own?

Given what’s at stake, it’s well worth the time to find solutions that work for your campus — IT pros and students alike.

This article is part of EdTech: Focus on Higher Education’s UniversITy blog series. Please join the discussion on Twitter by using the #UniversITy hashtag.