Turning a Core Competency into a Campus Culture of Cybersecurity: A Guide for Higher Ed -- Campus Technology

Administrative and Business

Turning a Core Competency into a Campus Culture of Cybersecurity: A Guide for Higher Ed

06/26/23

“Getting that buy-in isn’t just about protecting the institution. Because of the proliferation of technology, ease of internet access, AI, gaming culture, etc., it has now become a necessary level of preparation for employees in the workforce. Educating on this topic aligns directly with the core mission of a university.”

McAlmont said it is possible for an IHE to implement the foundational elements of a CSAT program even without adding expensive resources, if the institution’s IT staff has expertise in the most common and recent breaches and hacking attack vectors, and if the institution has an in-house or student development team to create the learning tools.

In a perfect world, every IHE would prioritize implementing a CSAT program that incorporates the “key parts of a successful educational methodology: something that is engaging, personalized, repetitive, and incorporates different learning styles,” McAlmont said. “A training program with regular touch-points that can reach a diverse set of learners where they are is the first step.”

He added that using brief examples from real-life cyber attacks as learning moments is a great tool for training.

“Learning that is relevant to an issue or experience and that clearly points out risks and benefits to the individual is also important,” McAlmont said. “Keeping the learning focused on creating new habits and positively changing behavior versus sending more punitive messages is also important.”

Finally, every IHE should have a CSAT program in place that is delivered to every member of the campus community, he said.

“That program shouldn’t be an annual training session, but rather structured with best educational practices in mind,” McAlmont explained. “That means campus IT security leaders should be communicating and training regularly, repetitively, and across different learning styles in order to engage learners so they can help protect networks.”

And every CSAT program should be complemented by simulated phishing campaigns, he added.

“Beyond implementing cybersecurity awareness training that works, IT security leaders must work with other campus leaders to convince the community that the training is necessary and valuable for everyone to help boost adoption.”

Learn more about Ninjio’s services at Ninjio.com or download the full guide.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].

E-Mail this page

Printable Format

Featured

Rubrik Upgrades Data Protection Platform for Speedier Threat Hunting

Data security specialist Rubrik is upgrading its data protection platform to allow for quicker recoveries in the familiar backup & recovery process.
Educause Horizon Report: Sustainability Pressures Lead to Increased Cybersecurity Risks

Educause recently released the 2024 Cybersecurity and Privacy Edition of its Horizon Report series, forecasting key trends, technologies, and practices shaping the future of cybersecurity and privacy in higher education.
Study: 1 in 10 AI Prompts Could Expose Sensitive Data

Nearly one in 10 prompts used by business users when interacting with generative artificial intelligence tools may inadvertently disclose sensitive data, according to a study released today by data protection startup Harmonic Security Inc.
Digital Leadership Must-Haves for 2025: A CDO's Picks

Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?