Of all the IT challenges in higher education, cybersecurity is at the top of the list. As cyberattacks become more sophisticated and targeted, phishing emails are more difficult to detect. End users are increasingly clicking on phishing links and discarding warnings designed to help protect them. The risks of providing credentials to nefarious hackers can be catastrophic for the individual and for your enterprise. While corporate cyberattacks have been in the headlines, academic institutions possess a treasure trove of important data, identities, sensitive financial information, Social Security numbers and private research.
Today, there are many defensive software and hardware tools available to thwart cyberattacks, but equally important are having strategies to create effective communications, information and awareness. These strategies can cost little — or are free — but can yield impressive dividends and create a proactive first line of defense. End users can become confident in protecting themselves and their data from aggressive phishing, spamming, and ransomware attacks.
While end users are beginning to recognize the dangers of cyberattacks, many do not fully understand security risk, how to protect themselves from data theft, and how to spot phishing attacks. To protect your institution, it’s important to change your campus cybersecurity culture to ensure people are safe, informed, and secure. Having an effective communications and awareness program is an important first step. How do you start?
First, ensure you have an internal communications group within your IT organization. This could be one person or a small team of individuals who understand technology. Their task is to take the complex and make it easy to understand. Clarity, brevity and engaging narratives are essential.
Click maps can track what your users are clicking on within your email. This information allows you to fine-tune and optimize your messages, and provides insight into how well your messages penetrate their intended population, creating a road map for the best time to send a well-designed email, with enhanced readability.
IT units typically communicate through digital conduits such as email, websites and social media, with the ability to reach your intended audience 24/7. However, it’s also important to utilize analog print communications and targeted face-to-face training and presentations. In developing your strategy, investing effort into targeted groups, where the problem is the greatest, will have the greatest impact. For example, the prime time for hackers to send phishing emails to educational institutions is at the start of the fall semester. It’s natural for freshmen to click on these links if they have not yet been indoctrinated into your anti-phishing IT messaging. However if your sophomore class is clicking on phishing links, then you should prioritize your communications toward these two groups.
Creating a culture that fosters collective awareness and understanding of cybersecurity depends on the active engagement of students, staff and administration. A successful cyberawareness campaign requires active engagement from all groups. Communications from university administrators can stress the importance of data security from the top down. Uniformity in engaging faculty helps to spread the message to their peers. Communicating with university support staff helps reinforce the responsibilities of faculty and the awareness of staff themselves in being vigilant in protecting colleagues from cyberattacks. Communicating cybersecurity risks to students helps them realize the potential of being quarantined from access to technology resources, as well as their personal risks. Analyzing specific student groups who may have clicked on nefarious links and provided their credentials will help target your messaging. Engaging each sector of your campus helps increase your collective defensive shield against cyberattacks and provides a defense against phishing and spamming.
Understanding and knowing when to target communications is an essential strategy for your plan. Relying on posting research for social media can be helpful. For example, on Facebook, Thursday at 1 p.m. is the best time to post. On Twitter, Thursday at noon is the optimal time, and on Instagram, Monday is the best day. There are some exceptions based on day and time, but understanding the trends in optimal posting can be helpful. You can learn more about these ideal posting times by reading the article Best Times to Post on Social Media: A Complete Guide by Alex York.
All five of these strategies combined provide an important first line of defense against cyberattacks. Keeping our end users safe, informed and secure will help many institutions proactively thwart many attacks today and in the near future.
Jim A. Jorstad is the director of IT-client services at the University of Wisconsin-La Cross.