A New Way of Thinking about Information Security
By Raymond Perez
Cyber criminals have their sights set on colleges and universities. In the past decade, higher education has accounted for 17% of all reported data breaches, second only to the medical industry with 27%, according to Educause. Nationally, about 7% of all higher education institutions have had at least one data breach, and a third of those have had multiple breaches.
The threat of a cyber attack couldn't come at a more challenging time for community college leaders, who are trying to keep up with rapidly changing technology as their budgets and resources disappear at nearly the same pace. Yet for every new technology that's adopted, new security risks emerge, leaving institutions ever more vulnerable.
How Do You Keep Up with Technology Without Falling Behind in Security?
Many institutions rely on security software for protection, but this only addresses part of the problem. It doesn't take into account insider threats (such as intentional and accidental employee breaches) or physical threats (such as lost or stolen devices).
In an ideal world, the most effective way to protect your college would be to hire a chief information security officer who is responsible for implementing and monitoring technical, administrative, and physical safeguards. Unfortunately, most colleges can't afford this option so information security often ends up on the IT Department's already-full plate. Even those institutions that can afford to hire a chief information security officer are finding it difficult to recruit and retain talent due to a shortage of qualified cybersecurity professionals.
Introducing the Shared Chief Information Security Officer (CISO)
CampusWorks' Shared CISO is a collaborative service that gives institutions all the benefits of a chief information security officer without the cost of hiring one full-time. Since every institution has different security needs, this shared model allows participants to use only as much of the service as they require and pay accordingly.
CampusWorks’ Shared CISO is an experienced security-certified higher education professional who will work closely with your college's leadership and IT staff to assess, monitor, and improve the security of your computing systems, networks, and data and develop customized security plans and procedures for your unique computing environment. The Shared CISO has the ability to communicate and elevate information security concerns to your institution's leadership and understands the balance between providing IT security and giving your faculty, staff, and students the freedom to accomplish their work.
Is it Right for My Institution?
If you're wondering whether a Shared CISO is right for your institution, consider the following questions:
- Does your college have technical, administrative, and physical safeguards in place to prevent a data breach?
- Does your college have an Information Security Plan?
- Does your college have a culture of security awareness?
- Is someone responsible for monitoring and implementing security best practices?
If you've answered No or I don't know to any of these questions, it might be time to consider how a Shared CISO can serve as a trusted advisor who can help you strengthen your information security program so your college doesn't end up a statistic.
Byline: Raymond Perez is chief information security officer at CampusWorks, a strategic consulting firm dedicated to helping higher education institutions overcome the business and technological challenges that stand in the way of student success.