#CyberSecurED: Building a Cyber-Ready Campus
Cybersecurity Experts Urge Communication Among IT Staff, Registrars, Staff
With October as Cyber Security Month, Pepe Carreras, Vice President of Education Solutions for the National Student Clearinghouse, recently led a panel discussion of national experts addressing cyberthreats facing educational institutions; how you can prepare for, respond to, and recover from a cyber incident; and the Clearinghouse’s commitment to student privacy and security.
A common theme amongst the panelists was the need for communication among IT staff, and the entire campus community, especially registrars.
“The cybercriminals, the hackers, they’re working in organized groups, they’re coordinating their recruiting, and we need to do the same thing,” said Brian Kelly, Director of the Cybersecurity Program, EDUCAUSE. “We need to work together on our campuses and across our institutions.”
Panelists emphasized that leaders should host regular discussions amongst stakeholders and create up-to-date policies that help institutions prepare, respond, and recover from cyberattacks.
“From the university or institutional perspective, ensuring that you’re providing your stakeholders with that clear and concise information about what steps they should take, the when and how, can really be the difference between creating calm after a cyberattack or sparking chaos,” said Monty McGee, Associate Director, Cyber Readiness Institute. “Additionally, after you’ve recovered from the attack, leaders should evaluate lessons learned and improve security policies and workforce training as necessary.”
Meanwhile, John Ramsey, Chief Information Security Officer for the National Student Clearinghouse, emphasized, “If you and your team do not have that relationship with your CIO and CISO, take that first step and make one. When something happens, that’s not the time to figure out what you should do. Don’t act alone, build those relationships.
“You know, we’re all here to help one another and protect your data. We all have a vested interest. Just remember that you’re not alone, start those relationships, and never hesitate to reach out to anybody now to ask those hard questions.”
The panelists also said that now was the time for all community members to be called to action, given human behavior’s enormous role in stopping cyberattacks.
“If you think of the U.S. Forestry Service, Smokey Bear, ‘only you can prevent wildfires’,” said Joseph Potchanant, Director, Member Services and Support, REN-ISAC. “What if we shifted that focus and think, only you can prevent phishing? It takes each one of us to click on that link to cause the problem. So, it really is all of our collective problem. And we are all the solutions.”
The National Student Clearinghouse, a nonprofit formed in 1993, is the trusted source for and leading provider of higher education verifications and electronic education record exchanges. We are scrupulous in our concern for student privacy and compliance with the Family Educational Rights and Privacy Act (FERPA), which protects students’ privacy rights in their education records.
If you and your team do not have that relationship with your CIO and CISO, take that first step and make one. When something happens, that’s not the time to figure out what you should do. Don’t act alone, build those relationships.
John Ramsey
Chief Information Security Officer, National Student Clearinghouse
Additional Resources: