Taking steps to stay safe online is a year-round effort, but every October—during National Cybersecurity Awareness Month—things are ramped up a notch. Individuals and organizations of all types stop to remind themselves about the importance of cybersecurity and of making sure that everyone has the resources they need to protect themselves online.
This is especially true on college campuses, where innovative, common-sense activities are improving cybersecurity and helping users—students, faculty, and staff—be smarter online. Like their counterparts in business or government, colleges and universities must address continuous, evolving threats; assure availability; keep personal data safe; and protect intellectual property. But they need to do so while maintaining environments that are as open as possible to foster creative teaching, learning, and engagement.
At UNCP, a culture of security leads the way
The University of North Carolina at Pembroke (UNCP) is nestled in the southeastern part of the state and serves a population of students that has been traditionally underserved. At UNCP, all students are encouraged to push through limitations of history or geography or economics to overcome what might otherwise be barriers to their success. (Read the full UNCP story here.) Security plays a vital role, and protecting users starts with a culture of security on campus.
Nancy Crouch, who served as UNCP’s associate vice chancellor for technology resources and chief information officer from 2015 to 2019, explains, “We are a small school with a very small IT team, yet we confront the same threats as much larger schools with much larger staffs. We all understand that education institutions are a tempting target, and bad actors are indiscriminate when it comes to identifying those with vulnerabilities.”
To help combat potential threats, UNCP requires training to build awareness among the school community, helping users understand that even a small school like UNCP is at risk. Educating users on the value of security empowers them to become a part of the solution when something goes wrong, Crouch adds.
Protecting university systems and users
Efforts to increase cybersecurity at UNCP began with a plan, including a careful assessment of the threat landscape to determine what technology would meet the university’s needs most effectively. Ultimately, UNCP chose solutions that would allow them to implement a comprehensive security portfolio over time and bring users along with them.
One UNCP investment is a security enterprise agreement, which assures cutting-edge security capabilities at a predictable cost. “We won’t have to prioritize security investments,” Crouch adds. “We’re able to think strategically about other elements of our architecture knowing that the security technology that protects it all is up to date.”
“Automation gave us back more hours in our day. Before we might receive 20 or more serious incident reports each morning; now, with automation, we receive one or two a week.”
—Don Bryant, CISO, The University of North Carolina at Pembroke
“We face an expansive threat landscape that spans everything from serious issues like ransomware, which can literally hold a campus hostage, to smaller challenges like phishing emails, which annoy users and take valuable time to remediate,” says Chief Information Security Officer Don Bryant.
Bryant and his team implemented the Cisco Security Portfolio—and found a few surprises along the way. “The first benefit we noticed after implementation was the increase in visibility. This was a blessing and a curse,” Bryant says. “We instantly noticed we had more issues than we thought we had, so it took more time to remediate than planned. Once we had a clean slate and began to take advantage of automation (such as that available with Cisco Firepower and Advanced Malware Protection), we were able to see the most significant threats and prioritize on issues like ransomware or banking trojans that have the potential to do the most damage, rather than spending time on the smaller ‘annoyances.’ Automation gave us back more hours in our day. Before we might receive 20 or more serious incident reports each morning; now, with automation, we receive one or two a week.”
UNCP CISO Don Bryant shared his best practices in this EDUCAUSE 2019 session: Small Team, Big Impact: How UNCP Built a Security Culture. Missed the event? Watch this Facebook Live recording.