6 Ways to Improve Cyber Security and Internet Safety on Your Campus
Starting with these tips below as a framework can help structure your campus’ internet safety plan and flesh it out to meet your institution’s needs.
In today’s hyper-connected world, the propagation and maintenance of internet safety knowledge and protocol is now a vital part of how institutions need to operate. The threat of cyber attacks is becoming increasingly common and can result in devastating, costly breaches that have created irreversible damage and even shut the doors for many institutions over the last few decades.
If you are responsible for the safety of a campus, it is not just physical or natural emergencies you need to deal with. Cyber security and internet safety must be included in your protocols and strategies alongside more traditional security concerns.
The cyber security statistics are grim: 623 million ransomware attacks were reported worldwide in 2021, an increase of more than 100% over the previous year. The numbers of both attacks and damages are increasing. The consequences of a cyber attack can be severe. Depending on the type of attack and how successful it is, ramifications can include:
- Temporary or complete loss of access to computers, servers, networks, or digitally powered systems (including systems that operate keypad entries, lights, energy usage, and more)
- Data theft, compromise, alteration, tampering, or destruction
- Monetary (or other assets) loss due to hacking
- Sensitive information leaked to the public
…And potentially other harmful results as well.
Though the world of cyber aggression and cyber crimes changes constantly, there are a few basic forms of cyber crime activities that have been predominantly used over the past decade to compromise both individuals and institutions:
Phishing refers to using fake emails to either extract sensitive information (like passwords or identity information) or trick readers into clicking links or downloading and installing software that is actually harmful in nature. When targeting individuals, this might be an email made to look like that person’s bank or branded to mimic an institution with which that person has an account or membership.
When used against organizations, phishing might look like a forged email from another organization, member of staff, or supervisor asking for passwords or important information. Once the criminal has obtained that sensitive piece of information, it will often be used to break into accounts and steal or change data.
Ransomware and Malware refer to pieces of software that, once installed, create problems on a machine or network. They can range from software that allows someone to control the computer remotely to software that causes the machine to crash, or (in the case of ransomware) software that locks the owner out of their accounts or out of the machine itself and demands a ransom payment to regain access.
Data theft and espionage can either be visible or, in some more dubious cases, can happen without any knowledge that there has been a breach. Digital data monitoring or spying has taken place in some institutions’ networks or databases for years before the compromise was discovered, making it an especially dangerous type of cyber attack. Even if the breach is known right away, data theft can be a hugely expensive and costly problem and can endanger, in some cases, up to thousands of individuals’ sensitive data or information.
Though there are other types of cyber security attacks, these are some of the most common and should be well considered when implementing strategies to minimize the risk of cyber-attacks on your campus.
Important Steps to Protecting Your Campus Staff and Stakeholders
Instituting protocol to maintain campus internet safety can be a difficult, daunting task. It can be hard to know where to begin. Starting with these tips below as a framework can help you structure your campus’s internet safety plan and flesh it out to meet your institution’s needs.
1. Choose and Implement a Security Software
There are a few large-scale security software platforms that have been built for the type of digital infrastructure and reach that exists on a campus. Security software platforms can help formatively strengthen the internet security of a campus by monitoring internet use across all devices connected to campus networks; blocking known dangers or suspicious web properties from loading; and guarding against malware and ransomware installations.
2. Teach Internet Safety and Best Practice to Students and Staff
People who have never been taught the nature of a social engineering attack (a form of phishing) are the most susceptible to unknowingly giving information away to criminals when they experience one. To effectively maintain campus internet safety, it’s vitally important to provide educational materials about the nature of cyber security and common cyber threats for all stakeholders that will be using devices or accessing the internet on campus.
This might be a required presentation during orientation or onboarding, an informational video or webinar shown during the first week of the school year every year, posters on bulletin boards, or some other form of dissemination. How you deliver information about cyber security practices is not as important as the fact that you do deliver it somehow and make sure it’s accessible to those who need to know.
3. Identify Hardware and Location Access Risks
Though most cyber aggressions happen remotely over the internet, certain kinds are also implemented via physical access to hardware, servers, or devices themselves. From computers in student libraries to server rooms, digital equipment storage spaces, and IT access portals in offices, make sure you do a thorough assessment of your hardware risks in addition to software.
Tightening access, keeping equipment rooms locked, implementing auto-reset passwords and access codes and more can all contribute to keeping your campus safe from hardware hackers.
4. Develop a Risk Register
When designing security protocols, writing a risk register can be an extremely helpful exercise. A risk register is a list of all the ways that you might experience some kind of compromise or breach as well as the ramifications each one could cause. It sounds a little bit tedious, but it can actually create huge awareness of the potential problems your campus faces and helps you think through solutions and preventative methods without hopefully ever having to experience the risk in the first place. Risk registers help you prepare for the worst, head off threats, and develop action steps to mitigate problems when they arise.
5. Create and Disseminate Protocols for Use in Case of a Cyber Attack
Even though you have put time, energy, and work into heading off the risk of cyber-attacks as much as you possibly can, no amount of planning and preparation can completely mitigate the chance that a breach will one day take place. Part of this process must include outlining action steps and responsibilities in the case of a successful cyber attack or breach. And once you’ve developed this plan, it cannot sit in a drawer somewhere. It needs to be accessible, visible, and easily memorable for all who might have a part to play in enacting it.
If this includes more than faculty and staff (i.e. students or other stakeholders), it’s very important to make sure you share that information in places they would know to look for it in the case of a cyber security emergency.
6. Hire a Cyber Security Consultant or Assessor to Check Your Work
Sometimes it’s necessary to bring in professional expertise to make sure everything has been set up correctly. Whether you need help implementing and configuring your campus security software, want to have another eye look over your risk register or response protocol, or need someone to review all your actions and make sure you haven’t missed any holes in your internet security strategy, an external professional or consultancy can be the best option to make sure your plan is as bulletproof as possible.
Promoting High Levels of Cyber Safety Awareness and Practice on Your Campus
Campus internet security unfortunately isn’t something you can deal with once and then forget. It needs to be part of your living, breathing, regularly reexamined campus rhythms and know-how for all stakeholders on campus.
Sarah Daren has been a consultant for startups in multiple industries including health and wellness, wearable technology, nursing, and education.
Note: The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to, Campus Safety.
If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century
This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!