Cyberthreats have become an increasingly difficult
threat to defend against, particularly on college campuses, where systems need
to be as open as possible for students. What makes it even more challenging for
higher-ed IT departments is that the end users are usually the biggest problem.
“I’m an old military guy—or I should say I’m a young
military guy—and one of the things I’ve learned is that security is as strong
as its weakest link,” Keith McIntose, vice president and chief information
officer (CIO) at the University of Richmond, Richmond, VA, said in an article for EducationDive. “You know, we use a chain analogy. It requires everyone who
is accessing information on our network—faculty, staff, and students—to be
security-aware.”
End users are most often the ones who either use
unsecure passwords or click on suspicious links, allowing hackers to gain
access. Students are natural targets, but staff and faculty who have access to
institutional and proprietary data can be a bigger risk.
The University of Dayton, Dayton, OH, has launched a
campaign to reinforce the idea that everything done on the Internet is a
potential security risk. The Dayton IT department runs regular phishing tests,
sends updates and warnings, and offers incentives and prizes to people who
participate in the program.
“Our
goal here is that this is no different than any athlete training for the
toughest competition,” said Thomas Skill, associate provost and CIO at Dayton.
“Every day, the bad guys out there are coming up with newer, better, smarter,
faster ways to trick us into doing stuff, so we’ve gotta be exercising every
day with our effort to understand when we can recognize a phish and when we
can’t, and we’re tracking all the data on what we’re doing here.”
