Higher ed communications and cybersecurity
By Sharon Aschaiek | Oct. 17, 2018
October is Cyber Security Awareness Month, which spreads global awareness about digital crime and online safety. How much does this have to do with higher education and, specifically, your communications work? More than you might think.
Lately, we’ve seen universities and colleges increasingly become targets of cybercrime. A 2016 Michigan State University data breach exposed the personal information of 400,000 current and former students. Earlier this year, 76 universities in 14 countries had their networks infiltrated by hackers who stole unpublished research and intellectual property. Last year, MacEwan University was bilked out of $11.8 million by an email fraudster.
As this Deloitte article explains, with their open-access cultures, decentralized departmental/faculty control, many different types of users, and loads of sensitive and lucrative data, post-secondary schools are particularly appealing to cyber criminals.
Many attacks involve phishing – using fake school websites or phony personalized messages to trick people into giving up login or other private information. This opens the door to hackers installing ransomware, malicious software that blocks access to important data until they are paid.
“A lot of attackers are going after the weakest link, which is not computer infrastructure, but people,” says Ryan Duquette, founder and principal of Canadian IT security firm Hexigent Consulting. “Hackers are doing all these phishing attacks and using spoof email accounts, and it’s easy to be fooled.”
Security and communications
Higher education communicators interact with many different internal and external audiences, including faculty, staff, prospective students, current students, alumni, government and the public. Engagement with so many audiences across so many different messages increases the chance that one interaction could be an attack.
For this reason, Duquette says, communicators should be up on cybersecurity’s common risks and best practices to guide how they shape their messages and how they can identify potential threats.
“They need to stay current on the tactics hackers use to break into networks, and how to avoid being deceived,” Duquette says. He encourages marketing and communication staff to attend user awareness sessions held by their IT departments.
Controlling access
Communication departments need be discerning about how they grant employees access to different parts of the school’s networks, Duquette says. Should contract or junior staff or interns have as much access as long-term full-time and senior staff? Maybe new or temporary hires should be given short-term or as-needed access?
“Think carefully about who has access to what data, and why they need it,” Duquette says.
Spreading the word
By nature of their expertise, communicators can be useful in sharing the importance and how-to’s of cybersecurity with their school community. Duquette encourages communicators to support their central or departmental/faculty IT security teams in developing effective information campaigns for different user groups about being safe online.
Offsite usage
Most institutions have protocols for how staff use school computers off site, and communicators need to be aware of them. For example, if you use your work laptop at a coffee shop, should you use the shop’s Wi-Fi network? It’s safe to do so if you use a virtual private network, or VPN – a secure tunnel between two or more devices that protects your web activity against snooping and interference.
Duquette advises checking with your school or departmental IT security team about VPNs and password managers. More such tips can be found on Hexigent’s blog.
Leading the way
Ultimately, Duquette says, communicators can play a key role in influencing smart and responsible online behaviour at their institutions.
“The goal is to get security on the brain so that we can change behaviour,” Duquette says. “Communicators are well positioned to help lead the way, because they influence how so much messaging is structured, and that example will permeate throughout the school.”