A Cybersecurity Overview for University Board Members

“Cybersecurity” is the perfect buzzword. The amount of sensitive data vulnerable to hacking or phishing attempts grows by the day. The intricacy of methods used to compromise that data is increasing at a far faster rate than the development of effective countermeasures. High risk and high stakes have made the importance of the word abundantly clear. At the same time, addressing the issue of cybersecurity requires highly specialized knowledge. Thus, we get a buzzword; a word everyone knows they should be talking about, but no one knows what to say. Fully plumbing the depths of cybersecurity in a single blog article is a tall order. Instead, let’s keep it simple. We’re going to break down the need-to-knows of cybersecurity for university board members.

The Scope of Cybersecurity

There are a few core areas of cybersecurity. Information security (or infosec) refers to the security of sensitive info of a college board, college faculty, or students. While this can include all sensitive or confidential information, some of the most commonly targeted information is PII data. PII, or “personally identifiable information”, is any data point which can be used to identify an individual (such as names, credit card numbers, and government-issued IDs).

Network security refers to the security of a university’s computer network and the resources contained therein. Compromising a university’s network security often means compromising the security of information accessible by that network.

Disaster recovery refers to the procedures in place for recovering from a breach in cybersecurity. Of course, a breach in cybersecurity can be the direct result of a cyberattack. However, in the context of disaster recovery, breaches may also be the result of any natural disaster, IT equipment failure, or any incident which compromises the University’s digital infrastructure or the storage of data.

Application security refers to the security of web, native, and hybrid applications. Explaining the difference between the three types of application is tangential, but it’s important to know that an “app” isn’t just something you download on your phone. If you open your laptop and log into Gmail, you’re logging into a web app. The advanced functional capabilities of an app mean more sensitive data can be input, shared, stored, and compromised.

In short, any information that is shared or stored digitally is vulnerable to cyberattacks and must be protected by some form of cybersecurity.

Types of Cyberattack

There are many ways to breach a university’s cybersecurity. A malware attack occurs when dangerous software (such as a virus, spyware, or ransomware) manages to breach the defenses of a university’s computer network. Malware is often downloaded unknowingly when a user clicks on a suspicious link or file attachment.

Phishing refers to attempts to gain access to PII data by impersonating a reputable source. Board members should be particularly concerned with phishing attacks as they often have access to highly sensitive information. Gaining access to a board member’s passwords could easily compromise the information security of the university as a whole. Board members and c-suite executives are often targeted as the “reputable sources” hackers try to impersonate.

A man-in-the-middle attack occurs when hackers place themselves between a university’s computer network and the user. The hacker can collect passwords and other sensitive data as it is entered by the user.

These are just three of most common forms of cyberattack. However, the number of ways a university’s cyber defenses can be compromised is vast and nightmarish. Any device capable of connecting to the internet can be compromised. Cybersecurity experts recently discovered vulnerabilities which allow hackers to install malware onto a pacemaker. We hope that discussing the scope of cybersecurity and the nature of potential threats has given you a better understanding of why you should be talking about this buzzword in the boardroom. Now let’s dive into the steps university boards can take to address the issue.

Cybersecurity and University Boards

Cybersecurity is not an issue that a university board, alone, can handle. Boards need the expertise and guidance of cybersecurity veterans when implementing cyber defenses. But cybersecurity starts in the boardroom. Implementing strong defenses amongst a university’s board of directors provides a quick and relatively substantial win given what’s at stake. Directorpoint’s SOC II-compliant board portal with password control, data encryption, and user permissions makes it easy. Schedule a demo of our powerful, easy-to-use software today to learn how it’s helping universities make better decisions… across the board.

Posted in Blog and tagged , , , , , , .