IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Opinion: Cybersecurity Is a Marathon

Cybersecurity for schools and institutions has become increasingly critical with an onslaught of cyber attacks and growing dependence on technology. Securing networks and data is a process that requires careful planning.

Cyber Security Background Only
When we think of cybersecurity pre-COVID, during a pandemic and post-pandemic, there are a myriad strategies, practices and processes to consider. Since COVID-19 spread worldwide, the FBI reported a 300 percent increase in cyber crimes. Whatever aspect of cybersecurity you are considering, thinking of it as a marathon with many twists and turns can help you prepare for unexpected results. Proper preparation will help put you in the right frame of mind to proactively defend against data breaches, malware and exploitation. 

There are important lessons and metaphors we can learn from running a marathon to better develop and implement an effective cybersecurity plan. For example, in running, strategy and experience matter. You need to pace yourself, test yourself and train. Training and running are not a “one and done” proposition. Once you make the commitment to cybersecurity, you need to make it part of an enduring and well thought out plan. Let’s take a closer look.

Cybersecurity was important prior to the pandemic outbreak. It is even more critically important today and will continue to be an essential part of IT for the foreseeable future. Protecting our data and identity, monitoring, addressing potential cyber intrusions, and providing cybersecurity awareness training should be part of your entire tool set. There are five key ingredients which should be part of your cybersecurity marathon. They include:


Before implementing a solid cybersecurity plan, you should formulate a well thought out strategy. To experience a successful marathon, you cannot casually plan on running 26 miles and 385 yards with little preparation. A cybersecurity plan needs pre-planning which is carefully written and which lists your security policies, procedures and resolutions. Your plan should include assessing your current environment, monitoring your networks, determining what kind of data you have and how it should be protected. When analyzing your data, it should be classified as high, moderate or low risk. You will also need to determine who has access to the data, from what location and for how long.


Once you have firmed up your strategy, it is important to set the pace of your plan. As in a marathon, setting your pace too fast may get you out ahead of the pack early, but you may lose your stamina and fade too quickly during the race. In cybersecurity, pacing your implementation and ensuring your team and clientele are in sync with your plan is essential. The pace of malicious hackers is increasing at an alarming rate. The University of Maryland estimates hackers are attacking computers and networks every 39 seconds. Pacing and timing are crucial.

An effective plan cannot happen overnight. Your cybersecurity plan must include a multifactor authentication (MFA) component. Implementing MFA requires careful communications, education, training and a solid rollout plan. Timing your authentication rollout in sync with educational or business schedules will ensure successful adoption and minimize disruptions.


A successful cybersecurity plan requires a robust security awareness program. It needs to become part of your organizational culture. Training new employees and providing annual training is essential. New employees are the most susceptible to socially engineered attacks, with 60 percent of IT professionals citing recent hires as being at high risk, according to statistics collected by the cybersecurity company PurpleSec. Helping your end users to detect potential phishing emails, malware or ransomware attacks will protect individuals and your enterprise.

Creating training which is locally branded to your institution helps to personalize the user experience. Using in-person or virtual training sessions, especially during a pandemic, are effective strategies. Consider utilizing innovative, informative and entertaining short video segments. One good example of a successful video program on YouTube, The Cyber Zone, utilizes common movie themes and threads to engage the audience. Creative ways to strengthen your training activities will help you reach a successful finale. Be aware 95 percent of successful cyber attacks are the result of phishing scams, as reported by the email security platform Ironscales. Training is not a “one and done” proposition. It is a continual process.


As you steady your pace, a natural segue is to ensure you have effective communications. A common challenge for IT is to take complex concepts and terminology and distill them into an understandable form. Gearing up for a successful marathon may include communications from your trainer or coach. Hearing the crowd cheering you on can help energize and spur you on toward the finish line. The same is true when your constituents are metaphorically in your race to support, advocate and participate in your cybersecurity program. Do not rely merely on email communications to reach your target audiences. Consider using third-party email integration products, such as Mailchimp or Constant Contact, which can provide a much more graphically rich experience for your clients.

An important by-product of using email integrators is having access to robust analytical tools such as open rate, open time and click mapping. These will allow you to enhance and better target your cybersecurity communications. While they are highly effective tools, you may still only see a 50 percent open rate. This means the other 50 percent of your audience never opened your email. Using multiple communication outlets increases the reach of your message. Consider a variety of social media conduits to broaden your target for cyber communications.


As you stretch yourself to the finish line, you want to finish strong and reach your goal. When you first developed your cybersecurity plan, did you set precise and measurable objectives to ensure your success? For example, your stated objective might be to ensure each employee has completed cybersecurity training, or a 15 percent reduction of employees clicking on phishing emails. Setting these precise, measurable outcomes will help to quantify the degree of success of your cybersecurity plan.

The cost of cybersecurity will likely continue to increase. In 2021, global cybersecurity spending is estimated to be approximately $6 trillion, and by 2025 the number of IoT devices will reach 75 billion. As the world navigates the pandemic, and IT enterprises plan cybersecurity processes for the future, the race to be prepared has never been more important. Cybersecurity will touch and impact all of our devices. As you head to the finish line, remember to plan carefully and thoroughly. Your marathon may not be measured in miles and yards, but in years. Planning carefully now will help guarantee your future success as you approach your own finish line.

Jim Jorstad is Senior Fellow for the Center for Digital Education and the Center for Digital Government. He is a retired emeritus interim CIO and Cyber Security Designee for the Chancellor’s Office at the University of Wisconsin-La Crosse. He served in leadership roles as director of IT client services, academic technologies and media services, providing services to over 1,500 staff and 10,000 students. Jim has experience in IT operations, teaching and learning, and social media strategy. His work has appeared on CNN, MSNBC, Forbes and NPR, and he is a recipient of the 2013 CNN iReport Spirit Award. Jim is an EDUCAUSE Leading Change Fellow and was chosen as one of the Top 30 Media Producers in the U.S.