Virtual Armour Blue Logo
Cybersecurity Basics Every College & University Needs to Have in Place

Cybersecurity Basics Every College & University Needs to Have in Place

Andrew Douthwaite

May 21, 2020

Last updated September 27, 2022


  • Approximately 13% of all post-secondary institutions have been targeted by ransomware attacks.
  • Establishing consistent cybersecurity protocols for these institutions can be difficult because their faculty, staff, and students often have other priorities.
  • The older network infrastructure these institutions use can often be hacked more easily, especially when accessed by unsecured personal devices.
  • Post-secondary institutions looking for ways to improve their cybersecurity posture can backup their information, invest in redundant security tools, standardize all hardware and software they use, and create a disaster recovery plan.
  • It’s also vital to consider how the cybersecurity needs of an institution will grow over time. Working with cybersecurity professionals can help your organization make sure your current infrastructure is secure and create a plan for responsible, sustainable growth.

Institutions around the world rely on their networks to deliver courses, manage student schedules, tuition payments, and credentials, and handle the day to day activities of the entire institution.

According to a 2016 survey of nearly 20,000 companies, 13% of all post-secondary institutions have been targeted by ransomware attacks.

See also:

Unique Challenges College & University Institutions Face

User Education

Universities and colleges face a variety of unique networking and cybersecurity challenges, but one of the biggest barriers is in user education.

Faculty often work long hours, splitting their time between teaching students, conducting research, and writing papers, and students are typically focused on their studies and any paid work they need to take on to cover costs like tuition and living expenses. As such, cybersecurity training can often take a back seat.

To help ensure cybersecurity remains top of mind, institutions need to take steps to ensure both staff and students have training resources available and have the time they need to review these resources thoroughly. All staff and students should also know who they should contact if they encounter suspicious activities, and reporting potential threats should be as easy as possible.

Aging Network Infrastructure

Trying to keep an aging legacy network up to date with limited funds can make creating a seamlessly integrated solution difficult.

Unlike some businesses that might be able to roll out changes or adopt new technologies team by team, universities typically need to transfer all students, all teaching staff, or all non-teaching staff over all at once. Service disruptions are typically widely felt, particularly at a time when most learning is happening online.

As such, any changes will need to be considered carefully. By planning your network carefully and accounting for future growth, you can make it easier for your institution to upgrade and expand their network later on.

Unsecured Personal Devices

While some institutions may provide their teaching and non-teaching staff with laptops or phones, students are typically required to provide their own devices. Personal devices may not be secure, and each unsecured device is a potential entry point for malware or other cybersecurity attacks.

To help safeguard your network, even if some users bring their own devices, we suggest reviewing our blog post Keeping Your Network Secure in a “Bring Your Own Device” World.

Networking & Cybersecurity Basics

Cybersecurity Basics Every College & University Needs to Have in Place
The institution network is vital for creating a high-quality learning and teaching environment. A well planned, well-maintained network can make an institution stronger and better, while an out of date, poorly planned network could bring everything grinding to a halt. Cisco offers a comprehensive guide on setting up a new network on campus, but there are some other basic factors beyond configuration and design models that need to be considered:

Connectivity & Security

Network connectivity in the modern world is much more than access points spread out over a web of ethernet cables. Wi-Fi and cellular networks mean that people are more connected now than ever before and that connectivity expands beyond the offices and classrooms of your physical campus. Balancing the expectation and need for continuous connectivity with the need to keep your network secure is a design challenge that needs to be addressed.

You need to consider where data will be stored (physically on-site, physically off-site, or on the cloud), as well as what type of information should be accessible and who should be able to access it. You also need to consider the devices that will be accessing this information, from laptops to smartphones and ensure your servers are secure enough to protect that information without compromising connectivity and hindering operations.

Redundancy & Backups

Redundancy involves having backups for all mission-critical devices and data on your network, which is why even the smallest post-secondary institution should consider having at least two servers. Having two identical servers with identical configurations means that if one server is damaged or needs to be taken offline for maintenance, the entire network can be run off of the other server with minimal or even no disruption.

A good rule to follow is to have enough redundant parts, systems, and services in place that no part of the network will ever be down for more than an hour. If your organization hosts its own web servers, and absolutely cannot function without internet connectivity, then you should have a second connection in place. Having an extra switch, a backup router, and spare laptop on-site to troubleshoot any issues can help keep network disruptions to a minimum.

Standardizing Hardware & Software

Standardizing your hardware and software not only helps ensure the entire network runs smoothly, but can also reduce the amount of time and money spent on updates, repairs, and maintenance. Though you may not be able to standardize your entire network, you should consider conducting a full audit of your systems, software, and peripherals to determine which portions can be standardized.

Though certain executives or select departments may have special requirements if most of your staff can use the same make and model of laptop, the same word processing programs, and the same email programs, you can quickly and easily deploy hardware and software patches across your entire organization. This saves not only time, but also money as IT staff and other employees don’t need to waste time figuring out if the patch will work for them, finding alternative solutions, or troubleshooting machines that are patched incorrectly.

A Disaster Recovery Plan

Even if your post-secondary institution has a robust, up-to-date, and comprehensive cybersecurity plan, you need to plan for the worst. If you experience a cybersecurity incident, you need to have protocols in place to contain the threat, limit damage, and recover effectively.

Your plan needs to be comprehensive and cover all possible worst-case scenarios. This should include:

  • Provisions for backup power
  • What to do if the network or a server crashes
  • Determining how often data should be backed up, how it is backed up, and where those backups are stored.

As a general rule, important data should be backed up daily, and all data should be backed up at least once a week. All data should also be incrementally backed up on a daily basis so that any files that have been updated since the last weekly backup remain up to date. All backups should be securely stored off-site in case there is a building disaster such as a fire.

A comprehensive disaster recovery plan should cover not only a variety of potential scenarios (such as data breaches or ransomware attacks) but also be scalable so that you are prepared for building-wide disasters, department-wide disasters, institution-wide disasters, and municipality-wide disasters.

Planning for Future Growth

While it isn’t always possible to accurately anticipate how much your organization will grow, you should still make allowances for potential growth in your network design. When choosing a network configuration or server size, make sure the choice you make now can accommodate a reasonable level of growth in the future. You should conservatively factor in a growth rate of at least 20% per year, and include everything from switch ports to data backup systems in your plan.

Planning a network to suit your organization’s needs, both now and in the future, can be a daunting task. If you don’t have a qualified IT professional or team on staff, you may want to consider reaching out to an experienced third party for assistance.

Post Categories

Related Posts