Cyberthreats have become an increasingly difficult threat to defend against, particularly on college campuses, where systems need to be as open as possible for students. What makes it even more challenging for higher-ed IT departments is that the end users are usually the biggest problem.
“I’m an old military guy—or I should say I’m a young military guy—and one of the things I’ve learned is that security is as strong as its weakest link,” Keith McIntose, vice president and chief information officer (CIO) at the University of Richmond, Richmond, VA, said in an article for EducationDive. “You know, we use a chain analogy. It requires everyone who is accessing information on our network—faculty, staff, and students—to be security-aware.”
End users are most often the ones who either use unsecure passwords or click on suspicious links, allowing hackers to gain access. Students are natural targets, but staff and faculty who have access to institutional and proprietary data can be a bigger risk.
The University of Dayton, Dayton, OH, has launched a campaign to reinforce the idea that everything done on the Internet is a potential security risk. The Dayton IT department runs regular phishing tests, sends updates and warnings, and offers incentives and prizes to people who participate in the program.
“Our goal here is that this is no different than any athlete training for the toughest competition,” said Thomas Skill, associate provost and CIO at Dayton. “Every day, the bad guys out there are coming up with newer, better, smarter, faster ways to trick us into doing stuff, so we’ve gotta be exercising every day with our effort to understand when we can recognize a phish and when we can’t, and we’re tracking all the data on what we’re doing here.”