UCDA : connecting, inspiring, and supporting a creative community in education
page header

Get Defensive:

How to reduce your school’s exposure to cyberattacks

by Bill Stamats

From JBS and the Colonial Pipeline, to Des Moines Area Community College, recent security incidents demonstrate that cyberattacks can happen to organizations of all types and sizes.

Specifically, the recent breach at Des Moines Area Community College (DMACC) shuttered in-person learning for four days. Online classes are still suspended as of this writing. Though the college is confident that no student or faculty information has been compromised, students are worried that the disruption could delay course completion time, transfers, and other logistics.

In order to learn more about how schools can defend against this growing threat, I spoke with Bill Barthel, Technical Integration Manager at Stamats. Here are Bill’s top five suggestions on how college and universities can minimize their exposure to cyberattack:

1. Make Security a Priority

Firstly, developing a strong and resilient security environment starts at the very top. School leadership can work together to:

Build awareness: Use faculty and staff workshops to raise awareness and promote a sense of personal responsibility in strong organizational security.

Train: Educate all employees on the basics of front-line security best practices. Cover topics such as phishing scams, password strength, and how deceptive social engineering can be used to hack vulnerable login information.

Test: Validate your training efforts with periodic testing. For example, how do employees respond to phishing emails or messages with suspicious links? What training topics need to be reinforced?

2. Properly Resource Network Security

Additionally, guarding against cyberattacks requires a dedicated in-house team or a capable external partner. Take a critical look at the resources (time, money, and expertise) currently devoted to network security. Are they enough? What vulnerabilities can be eliminated with additional resources?

3. Use the Tools Available

Every tool contributes to your school’s collective cybersecurity. Accordingly, conduct an audit to ensure that antivirus software and all operating systems are up to date and that VPNs and firewalls are functioning properly.

4. Develop Clear Policies and Procedures

Formalize the defenses you have in place by establishing clear security policies and procedures such as:

  • Requiring all devices that access your college/university’s network to be equipped with antivirus protection and data encryption tools
  • Banning the importation of new data or software via USB and similar portable media
  • Requiring that all new employees go through network security training
  • Strengthening network password requirements and requiring regular password updates
  • Limiting network access based on faculty/staff job requirements
  • Ensuring that all files are backed up frequently
  • Developing a detailed disaster recovery and communication plan

5. Stay Flexible

In summary, hackers are innovative, constantly developing new tools and tricks to exploit vulnerable networks. In response, schools’ security plans need to be nimble, responsive, and adaptive. It’s particularly important to review training topics frequently to ensure front-line defenses stay informed and vigilant.

As executive vice president of Stamats, Bill Stamats works to ensure that every product and service Stamats provides meets their high standards of excellence, delivers measurable results, and helps their clients stay ahead of the competition.