Cybersecurity Awareness on the Rise in Higher Education

A name badge lanyard proudly displayed by a campus employee reads “Security Is Everyone’s Responsibility.” Messages such as these that inform computer users about their responsibilities and raise consciousness about Internet safety have been common on college and university campuses during October as part of National Cyber Security Awareness Month.

Krizi Trivisani, chief security officer at George Washington University, explained, “Technology alone cannot provide adequate information security. People, awareness, and personal responsibility are critical to the success of any information security program.” Trivisani’s comments came during an EDUCAUSE Live Webcast on Campus and National Approaches to Improving Cyber Security Awareness on October 6 that was designed to promote the awareness month and to equip college and university personnel to provide cybersecurity awareness programs for their campus communities.

The EDUCAUSE/Internet2 Computer and Network Security Task Force has been a catalyst for higher education’s cybersecurity awareness efforts. The task force is actively working to promote and coordinate improvements in information security across higher education. Efforts to improve cybersecurity awareness and raise the consciousness of administrators, faculty, and students have been a key component of the task force’s overall strategy.

“Although the IT leadership at institutions of higher education will play a significant role in security improvements, we should not underestimate the importance of everyone doing their part—from executives to the users of our campus information systems,” said Mark Luker, EDUCAUSE vice president. “Much like learning to drive a car, there are some fundamental rules of the road that every computer user should learn to follow to ensure their own safety and to protect others on the Internet.”

The National Cyber Security Alliance (NCSA), the public-private partnership behind the awareness month activities, has issued a set of “Top Ten Cyber Security Tips” that offer good advice to members of the higher education community. Although the NCSA’s tips were designed with home users and small businesses in mind, the universal tips apply equally well in academic environments.

“The complex, diverse computing environments in colleges and universities result in blended environments that are faced with many of the same issues confronted by businesses, Internet service providers, and home users,” said Jack Suess, CIO at University of Maryland, Baltimore County and cochair of the EDUCAUSE/Internet2 Computer and Network Security Task Force, at the launch event for National Cyber Security Awareness Month held at the National Press Club in late September. “Therefore, we are happy to join in partnership with the NCSA and others dedicated to promoting cybersecurity awareness in an effort to develop consistent and effective messages that will lead to the establishment of a culture of security in our homes, workplaces, schools, and academia.”

According to a research study by the EDUCAUSE Center for Applied Research (ECAR), only 30 percent of the institutions of higher education had a formal awareness program in 2003 when the survey was conducted. Institutions employ a number of techniques to get the message across to students, faculty, and staff, ranging from presentations to visual reminders, such as brochures, posters, postcards, and videos. The task force is working to increase the capacity of colleges and universities to promote awareness at their institutions. It recently compiled more than 150 examples of awareness materials developed by colleges and universities that will be distributed on a resource CD to all attendees at the EDUCAUSE Annual Conference during the week of October 18 and will be available upon request thereafter.

Shirley Payne, director of security coordination and policy at the University of Virginia, is part of a team of presenters who will provide a half-day seminar at the EDUCAUSE conference that will provide a guide to implementing an effective security education and awareness program. The goal of awareness programs, she explained, is to allow individuals to recognize IT security concerns and respond accordingly. She observed, “Security awareness programs must be meaningful and interactive. Like the Chinese Proverb says, ‘I hear and I forget. I see and I remember. I do and I understand.'”