Today we welcome Mike Abbiatti, the executive direction of WCET and WICHE Vice President for Educational Technologies, to WCET Frontiers. Mike will discuss the term cybersecurity in higher education, why we should care about protecting privacy and data, and actions we can take to protect ourselves and our students from various data attacks.
Thank you Mike for bringing these important issues into the light!
Look for more from WCET in the upcoming months regarding privacy and data protection in higher education!
Enjoy this post,
The term “Cybersecurity” has multiple meanings and associated connotations throughout the Higher Education community. To the technical community, visions of hardware, software and specific technical skills take center stage. In administration, Cybersecurity means enormous risks and costs associated with internal and external threats that impact students, faculty, staff, and donors. They must plan for the relatively new investments in cyber insurance and trained staff. To the faculty, cybersecurity means a specter that can be invoked by clicking on an unfamiliar (or seemingly familiar) link or attachment. Or by intentional sabotage by an unhappy employee or student. There is certainly more interpretation of the term Cybersecurity across our enterprise.
For the purpose of this blog post, I will dispatch with the term Cybersecurity and replace it with Privacy and Data Protection (PDP). After all, our community is in the business of providing access to curated content and credentials. We don’t prefer to delve into the infrastructure (that’s what IT folks do) and we aren’t impacted by the high level administrative issues……or are we? Is PDP so compartmentalized that we don’t need to worry about the topics addressed by IT and the institutional administration?
Why Should We Care about Privacy and Data Protection?
We are going great guns developing and distributing meaningful content all over the world! We are significantly responsible for bringing students of all ages, philosophies, localities, and backgrounds to the institution with every kind of technology known to man. The fact that technology moves from the home to the campus today is a great boon to technology-enhanced education, especially online delivery. So why should we care about Privacy and Data Protection?
Well, one needs only to do a few cursory (no pun intended) Google searches, or read some local news, one would see the risks that are inherent in what we do so well every day. Our programs are clearly in the center of PDP because we present ourselves as a lucrative target for cyberthieves, and we are not spending much time or resources on protecting our information from would-be wrong-doers.
We collectively assume that the role of technology is to enable higher education to lead the way into the future. Perhaps, the most unexpected and unregulated aspect of our progress is PDP. We are so proud of the mountain of data we collect on students, graduates, faculty, staff, donors, and potential donors, etc., we have overlooked the importance of having well thought-out and supported strategies that help us manage what we see today. We thereby have a much better chance of responding to challenges in the future. We would not expect less of our medical care, banking system or travel/transportation systems.
We are experiencing expensive ransomeware attacks, Denial of Service outages, theft of intellectual capital and attacks aimed at unsuspecting staff and students resulting in identity theft and all manner of undefined problems that seem to be on the increase in Education. It appears that the bad guys have the high ground at this point in history. The very open and trusting nature of our world has resulted in Higher Education being labeled as a Soft Target by law enforcement and the bad guys/girls.
Strategy and Actions to Protect Ourselves
Our current inability to protect our important information from bad actors can be mitigated by a clear Cybersecurity (or PDP) Strategy composed of three areas of responsibility operating together with a common vision.
First, we must accept the fact that our individual responsibility for protecting information is the foundation for success. We must educate ourselves about what to do, and what not to do to thwart and report both internal and external cyberthreats. The external hacker is not as dangerous as the internal employee threat. Furthermore, the internal threat is characterized by unintentional actions on behalf of good-intentioned employee that expose personal and organizational data to external criminals. Long-term costs are very high and increasing.
Second, teams and operational units in higher education who design and carry out projects must accept the responsibility to protect critical data. We must reject the old mindset that IT is responsible for such things. In our world, we are bringing more new users of digital infrastructure than any other campus unit. In my humble opinion, our organizations should be raising the flag, and helping lead the way forward in being sure Privacy and Data Protection are front and center.
Third, our organizational leadership must accept the responsibility to provide the policy framework and resources required to make the Cybersecurity Strategy successful. Financial and political (policy) support for an effective PDP environment are critical.
Ask These Questions. Take Some Action.
In summary, Privacy and Data Protection in technology-enhanced education, particularly online education, is a real challenge with real consequences for failing to recognize the threat(s).
I will leave you with two interesting questions:
- What is the cost of a data theft event in higher education? Remember, the cost is not totally measured in dollars.
- Secondly, who is responsible for PDP Strategy on your campus?
If you will take the time to answer these questions, then I predict your viewpoint on working with IT, and administrators to be sure each level of responsibility is active will change.
Technology-enhanced education is both a blessing and a curse. Let’s empower ourselves and our students to benefit from the blessing and minimize the curse. It takes the entire institutional team to accomplish this complex mission. The WCET membership represent the tip of the sword in this ongoing battle.
Executive Director, WICHE Cooperative for Educational Technologies
WICHE Vice President for Educational Technologies