Information security is the number one issue for higher education. As more leaders in the education system are becoming more aware of the risk arising with the use of the evolving technology, business practices and user expectations collide and do not protect the institutions resources like it use to (Roscorla, 2016). Some of the challenges in higher education include: phishing, user education, cloud security, high-profile information security, next-generation security, identity and access management, governance over data security and unsecured personal devices.
With phishing more emails are being sent than ever before. There has been a 23% increase in emails being sent with attachments (Roscorla, 2016). With that more and more employees are opening what seem to be a legitimate email. When it comes to user education, cybersecurity training has been put on hold due to all the other teaching, learning and long work hours of staff members (Roscorla, 2016). With the hold comes more potential to become vulnerable to malware and other related issues because staff members are not being educated on cybersecurity related issues. When it comes to cloud security, cloud computing works well in organizations but, when things are put into the cloud things become riskier than ever before (Roscorla, 2016). Allowing users to put information in the cloud not related to students or personal information can be a good start to being more secure and safe. When it comes high-profile information security strategies, when C-suite executives and other leaders do not put security on the top of their priority list they risk their organization become more vulnerable to attacks (Roscorla, 2016). When it comes to next-generation security technology planning, it is hard for institutions to become up-to-date on their security issues due to having limited resources (Roscorla, 2016). When it comes to identity and access management when there are systems put in place to help control who can access it and other restrictions that could help narrow down who did what and when (Roscorla, 2016). When it comes to governance over data security, institutions that are not centralized have a harder time control what goes on their network and their network traffic causing unknown occurrence and data breaches (Roscorla, 2016). When it comes to unsecured personal devices by allowing users (teachers, administrators and/or students) to bring in their own devices a campus cannot remain safe and secure because of the unknown on those systems (Roscorla, 2016).
Overall, when it comes to cyber challenges in education by teachers being over worked and having to attend tons of educational training not including cybersecurity training, cybersecurity training takes a back seat in education. Somehow and some way administrators and/or leaders of the educational system need to find a way to add cybersecurity training in the matrix of it all. Without it, end-users (instructors and administrators) are less knowledgeable about the new trends in cybersecurity so, the end-users (teachers and administrators) become more vulnerable to being hacked. By simply clicking on an attachment or link end-users are more susceptible to all sort of issues, making other systems on the network become riskier if they are not up-to-date or patched with current changes.
Resource:
Roscorla, T. (2016, May 18). 8 Cybersecurity Challengers Facing Education. Center for Digital Education. Retrieved from http://www.govtech.com/education/higher-ed/8-Cybersecurity-Challenges-Facing-Higher-Education.html
MillerOnCyber 