Higher ed IT professionals say they alert the student body about data breaches, but students say that information is not communicated to them.
University IT teams have differing perspectives from the students they serve on the state of cybersecurity, according to a recently released infographic from CDW-G.
The IT solutions company surveyed 250 higher education IT professionals and 300 students, examining their views of cybersecurity and what students expect from their schools versus what IT professionals are able to deliver. The company released the infographic, “Securing Higher Education — It Takes Two,” at this year’s EDUCAUSE annual conference.
The most surprising statistic, according to Nicci Fagan, director of higher education at CDW-G, was that 91 percent of IT pros who experienced a data breach alerted students — but just 26 percent of students said they were aware of the attack.
Another glaring discrepancy showed that 82 percent of IT pros say they require students to engage in cybersecurity training at least once a year. However, only 35 percent of students said that was required of them.
“You have IT professionals on campus who are communicating this out to students on campus, but it’s not resonating,” Fagan said in an interview with EdScoop. “It comes down to making sure that we’re communicating through multiple channels and getting consistent feedback from the student body.”
Jordan Cohen, a student intern at CDW-G who currently attends Rutgers University, added that students get their news from multiple sources and on several platforms.
“I think there’s a major difference in channels that are being used in sending news, and channels that students are accustomed to receiving news,” Cohen said. “Rutgers does a great job of getting information out, but I think part of it is making sure they’re interacting with students — you’re not just putting it on the university website, you’re taking advantage of social media.”
Fagan said that along with shoring up communications strategies, colleges and universities also need to offer ongoing training for students and educate them about the type of cyberattacks that can occur and what they can do to minimize or prevent them.
“Just like you have students going through orientation every year … it should be part of the university’s communication plan in terms of how they’re addressing cybersecurity for their students and how students are taking accountability for their own cybersecurity,” she said.
Sixty percent of institutions have experienced a data breach in the last year, according to the research, and 29 percent have experienced data loss. The most common breaches were malware attacks, followed by phishing attempts and distributed denial-of-service (DDoS) attacks.
Fagan said IT professionals are trying to combat breaches through network segmentation and advanced threat protection, among other methods.
“Universities are relying on their solution provider to offer outside penetration testing or security assessments,” she said. “They’re getting someone else’s opinion on where they might have vulnerabilities and that can be very helpful to universities as well.”
CDW-G works with about 3,000 higher education institutions across the country, and the company is a frequent presence at EDUCAUSE.
“I think exactly what we’re talking about continues to be the No. 1 issue: information security and helping customers navigate the opportunities that are out there,” Fagan said, echoing what EDUCAUSE leaders also pinpointed as the top issue in higher ed IT today.
Cohen, a history major, said he is involved with cybersecurity efforts at his school and through CDW-G because it has a direct impact on him and his peers.
“What’s really interesting about cybersecurity is it’s really the new frontier,” he said. “We’ve advanced past the Wild West stage and now we’re looking at all the new ways technology affects our lives. It’s important to protect our data, and as more and more data is stored in the cloud, I think students care about that, and, personally, I do as well.”