From education to employment

Academic data is just like enterprise data – Take a lesson from the corporate world

Barry McMahon, Senior International Marketing Manager at LogMeIn

Is your data security passing the test?

With summer holidays in full swing, students are trying to avoid counting down the days until term starts again.

Universities on the other hand are already well in the preparations for a fresh intake of new and returning students.

Once the semester is in full swing, a university campus can have thousands of people – and all of their devices – accessing information, joining WiFi networks, sharing personal information and generally just crowding the network.

With all of this activity, it is only natural that the questions of password hygiene and data security arise.

With the proliferation of devices and the explosion of connected everything, institutions are now opening their networks to an endless variety of unsanctioned devices and apps, which exposes both the user and institution to newer security risks and is forcing them to question traditional security protocols.

For every app and every service there is a user name, and in the majority of cases, there is also a unique password. Passwords don’t tend to be high on a student’s list of security priorities and security teams are often seen as the bad guys for just doing their job. Their work is seen as a direct contradiction to the culture of openness and exploration that surrounds universities and academic institutions.

This reality for IT professionals puts what they know to be important – securing university data – at odds with their colleagues and students who are typically not happy to be tethered to any protocols that prevent creativity.  

The struggle to make the grade

Weak or reused credentials and an open attitude towards sharing passwords are far too common among students, which makes them a tough group to manage from an IT perspective.

Add to this the generational divide between the students and faculty, alongside the expectation of ubiquitous connectivity in every corner of campus, on every device they own, loaded with every app they deem useful to their academic and personal lives and it is a complicated situation.

It can be hard to grab their attention to have them focus on a topic like cybersecurity. There’s enough to learn and memorise as it is, and ultimately, cybersecurity is not going to directly impact their degree classification or research results.

Students, as millennials, grew up with the Internet and are usually less concerned about getting hacked. They are not nearly as diligent as others. They are young and relatively trusting, passing along information like logins more freely with others and sharing almost anything on social media.

A college’s population feels less beholden to IT than corporate employees do. They tend to feel intrinsically safe within their own special microcosm, and that sentiment bleeds over into cyberspace.

The reality is, however, that their data is a lucrative target for cybercriminals – the security and privacy of data is only as secure as the weakest link in the chain, and in higher education, there are lots of links to worry about.

Password managers provide an easy solution to this, storing multiple credentials in a secure ‘digital vault’. With an easy-to-use interface, they have the look and feel of modern day apps that students and faculty alike are so familiar with.

Academic data is just like enterprise data

An education network starts to look more corporate when you dig into the information it must protect. Admissions departments process financial aid applications, the bookstore holds credit card data, and the health centre manages personal health information. This is all valuable information that must be secured in order to protect personal data from cybercriminals.

Factor in other areas of the university community like research teams working on innovative projects creating valuable IP, and staff processing grades and academic records. All of a sudden, every bit and byte starts to seem as important as the rest and cybersecurity becomes a priority.

Given all the different types of data flowing through the network, universities and academic institutions are far from exempt from compliance.

Higher education is held to meet GDPR requirements around personal information of students and faculty as any private organisation is of its customers.

It’s no secret that weak and reused passwords are leading cause of data breaches. On top of this, university networks tend to be flatter and less segmented to keep them efficient and easier to manage. Fewer walls means a smooth path for malware to travel, often coming in through a hacked password, putting more vulnerable data at stake.

So the question remains, how can universities can take steps to ensure strong, private, unique passwords are used and networks don’t have easy points of access?

Take a lesson from the corporate world

A campus network deserves the same commercial tools as a corporate environment. Considering the population, what needs to be protected, and other unique challenges like budget and staff, it is clear to see that IT teams in higher education need specialist tools to protect their data – and that is where password managers come into play.

Whether managing accounts at the administrative level or providing tools for self-enrolment, password managers are a sure way to uphold security best practices and should at least be implemented as a first step to take control of security. The benefits provided are plentiful as students and faculty alike have an easy-to-use way of staying on top of their various login details while IT portals facilitate the central management of accounts.

As well as this, specific rules and initiatives, such as school sponsorships, exist to simplify campus-wide deployments, allowing students and staff to remain secure and productive, both on and off campus. 

However, having password management hygiene on the books doesn’t mean that it’ll get studied before the exam – especially when the exam takes the form of a phishing attack.

If you are going to place a number of sensible restrictions on end users who may have fewer sensibilities, you are going to drive them to the path of least resistance. They’ll cut corners and avoid making changes that are not enforced.

The key is to get to know the end user.

It is only by doing so that IT teams can confidently structure realistic programmes that are more likely to be followed, and easier to enforce.

Planning a security syllabus

There is never a bad time to address security issues, least of all at the start of an academic year. Given today’s climate of cyber-crime, it is vital that universities act or risk exposing themselves to cybercriminals.

Password managers enable you to do just that while embracing the culture of openness that the university community cherishes so much. 

Barry McMahon, Senior International Marketing Manager at LogMeIn

Related Articles

Promises, Possibilities & Political Futures…

Tristan Arnison discusses the main UK parties’ education policies for the upcoming election. While specifics vary, common themes emerge around curriculum reform, skills training, and…