From student data and intellectual property, to reputation and grant funding…higher education institutions are at risk if cybersecurity is not a foundational element in their operations.

This fall, more than 20 million students returned to their college or university. Each student will walk on campus with at least three personal connected devices. At a university with roughly 40,000 students – that’s around 121,000 devices, not including all the sensors and devices across the campus that are school property. That’s 121,000+ opportunities for a security breach.

Hacking is getting increasingly more sophisticated, but let’s walk through a few simpler hypothetical scenarios. A hacker doesn’t need to be complex in his approach to do serious damage.

Scenario 1:

A 20-year-old walks into a coffee shop to work on a class paper. He places his book bag on the back of his chair, and his smart phone and laptop on the table. Then, he walks up to the counter to order his coffee. Someone sitting close to the table he just chose reaches over and takes his smart phone. The table neighbor now has the ability to access to his school email, school apps and the campus network. Easy as that.

Scenario 2:

A freshman – new to campus – is excited about this new experience. She is connected on five different social media platforms, including LinkedIn, Facebook, Twitter, Snapchat and Instagram. Each of her platforms contain a fully populated profile – from name, age and school, to birthday and relationships. She constantly posts, like most students do, and wants to stay connected to the university through apps. An app promoting to be focused on university events lures in the freshman. With one click, that malicious app now gives the hacker direct access to her profile and personal information. They now have the opportunity to act as the student, and therefore, the credibility they need to attack other students with malicious links and phishing scams.

Scenario 3:

A teacher is checking her email – an address provided by the university. An email comes across with a subject of “A Message from the Dean.” It seems like an email she should read, seeing as it’s from the head of the school. The “Dean” has included a link to more information – an “exciting announcement” that would impact the school year. That so-called “Dean” happens to be a hacker from across the globe, who used simple bait to lure that teacher into clicking on a malicious link, and a security breach trap.

Each of these instances can be detrimental to the school with potential risks, including:

  1. The compromise of sensitive student information, possibly leading to identity theft or credit card fraud
  2. A black mark on the school’s reputation – impacting trust and future enrollment
  3. The loss of intellectual property, particularly at research institutions
  4. Withdrawal of grant funding because of the inability to keep information secure

In this digital era, it’s never been more important for security to be at the heart of not only IT strategy, but business and mission strategy; especially in higher education. Effective security everywhere, including Security Services, from the network to the endpoint to the cloud, will allow institutions to protect their data and enable their digital education mission. It’s too late to wait for a security breach to think about a cybersecurity strategy after the fact. To get ahead of threats and best enable digital transformation of education, cybersecurity needs to be a core part of the overall strategy of the institution.

October is Cyber Security Awareness Month, and Cisco is a Champion Sponsor of this annual campaign to help people recognize the importance of cybersecurity. For the latest resources and events, visit cisco.com/go/cybersecuritymonth.


Larry Payne

Vice President, Sales

US Public Sector