Colleges and universities used to just have to focus on the academic, facilities, and geographical aspects of their institutions to maintain their attractiveness to students and faculty, both current and prospective. Today, it's an entirely different scenario. Security has made its way to the forefront over the last several years with the rise of hate crimes, mass shootings, and terrorism.
While there are common security threats among higher education environments, each and every campus has its own unique factors and considerations. Some campuses are rural, others are urban; some have boundaries, others don't. Some campuses are so large that they might as well be their own small cities, while others are small and secluded. Unfortunately, regardless of its attributes, every institution needs a security program that is comprehensive, flexible, and effective, and it doesn't just have to worry about its own community population, but outsiders as well.
Though developing a solid plan may seem daunting, taking common threads of already successful plans is a good start, with the hope that you never have to put the plan in action.
Addresses diverse dangerous situations and emergencies such as violence, natural disaster, hazardous chemical spills, and pandemic sickness.
Formal notification plan is in place at all times.
Formal emergency response plan is communicated throughout every level of an institution, from students to executive leadership. Response plans include immediate, short-term, and long-term actions.
Faculty and staff are thoroughly trained with the expectation of possibly having to assume a leadership role in case of an event.
Maintenance and engineering managers are involved due to their first-hand knowledge of facilities, buildings, what is working, what does not.
Continual assessment of buildings and facilities.
Regularly updated with continuous practice/drills of implementation and participation of all members of an institution's community. Post-drill follow-ups that outline the success or concerns about the plan.
If there is an actual incident, post-incident follow-up outlining the success or concerns about the event.
Utilization of advanced security technologies including video surveillance, access control pads, facial recognition programs, and mobile mass notification systems. Pertinent staff formally trained on these programs.
Ongoing prevention and awareness programs and campaigns for students and employees.
Specific security applications and computer programs and systems are not advertised within online job postings. [This is something that many institutions may not realize but is critically important.]
The above measures are a small part of an effective security plan because they only address physical threats. Other types of threats that are just as serious but can't be seen demand cybersecurity. When you consider all of the technology that is found on a typical higher education campus in today's world - smart phones, iPads, laptops, WiFi, access controls, smart cards, and other devices - you can begin to imagine the threats that are out there. It's no secret that campus environments are near-perfect targets for cybersecurity attacks. Sensitive data is abundant on college and university campuses, and hackers know it. According to PC Mag, they are primary targets of hackers, foreign governments, and organized crime rings.
1. Cloud Security
Accessing the cloud for applications and resources may be efficient but transferring highly sensitive information over global data centers opens colleges and universities up to a multitude of security risks.
2. Data Privacy
All higher education institutions have significant databases that are filled with personal information from health to financial records, demanding encryption to be a component of a secure system.
3. Personal Device Security
Most everyone has a smartphone and/or tablet these days, and limitless amounts of information are being transferred, exposing personal devices to a host of threats.
4. Access Permissions
While an institution wants its students and faculty to be able to access information when they need it, it also has to implement some level of permission, which can get tricky but is becoming increasingly necessary.
5. Phishing Attacks
Phishing is the act of using fraudulent emails that include a malicious link to get access to a device’s information. According to a Verizon report conducted this year, just under 1/3 of users were victims of phishing in 2015.
Beyond the above, there is social media, and we all know how much information is shared on Facebook, Instagram, SnapChat, and other popular platforms. These "social gatherings" are open books to hackers who are determined to get valuable information.
Implement policies that control access to computer networks and security systems. An example is encrypting student data, managing who can access the information, and blocking it from being downloaded to other devices.
Consider alternative ways to share information other than Dropbox and other applications to transfer records and sensitive information.
Execute additional measures beyond passwords, such as requiring answers to personal questions and fingerprint identification.
Ensure that all students, faculty, and staff utilize antivirus software programs and that these programs are consistently udpated.
Unfortunately, it is likely that security is going to continue being a critical challenge among higher education institutions. However, devising and implementing a strong plan is possible with careful consideration. Going beyond a formal plan, developing an environment where students, faculty, and staff are aware of what to look out for and are provided simple ways to express concerns can go a long way in maintaining a campus that is safe and comfortable for everyone.
Sources: Slait Consulting, U.S. Department of Education, University Business