The use of data is exploding—particularly with the rise of the Internet of Things, which has brought more monitoring and control systems to campuses already overflowing with electronic devices and databases. “With all that connectivity comes risk,” emphasizes Gavin Leach, vice president for finance and administration at Northern Michigan University (NMU), Marquette. “The cybercriminals want your payroll data, your health-care records, and your student information.”
Protecting that confidential information and its supporting infrastructure requires a process aimed at preventing, detecting, and responding to technology-based attacks.
In their NACUBO 2017 Annual Meeting presentation, “Cybersecurity: Today’s Threats and Mitigations,” Leach and Jessica Dore, a principal in technology risk management at Rehmann, a consulting and financial services firm, offered these tips to enhance cybersecurity:
- Review how your campus manages data. Begin by identifying the most sensitive and valuable institutional data and their locations. Determine who should have access to specific data, via various control points—and who else may have access but shouldn’t.
- Protect your perimeter with both external and internal firewalls. Shut down any systems not currently in use, and restrict visitors to a separate campus network.
- Put in place both intrusion prevention and detection systems. Ensure that someone monitors the systems and responds immediately to alerts. Regularly conduct external vulnerability and penetration testing on your campus.
- If your institution has cybersecurity insurance, review the policy’s clauses. Payment of a claim, for instance, might depend on your institution adhering to a regular schedule of vulnerability testing.
- Regularly update security software. As a best practice, says Dore, ensure systems are patched every 30 days, with critical patches applied as soon as they become available.
- Develop a policy and written agreement regarding the use of personal mobile devices for institutional business. You might, for example, require the ability to remotely wipe all data from a device that is lost or stolen.
- Install privacy screens on computers located in public areas. “This cuts down on someone’s ability to ‘shoulder surf,’ or look over an employee’s shoulder to see a user ID or password,” Dore explains.
- Back up and encrypt data every day. Dore recommends transferring backup files off-site and testing them to ensure they can effectively restore systems should a ransomware attack occur.
- Strengthen password management. As an example, NMU encourages employees to use different passwords for work and personal computers. “Don’t allow people at your institution to use any of the most common passwords,” cautions Leach, “and make sure to change the default password whenever a vendor installs a new system.” When employees leave the institution or change positions, adds Dore, ensure they no longer can access information previously available as part of their responsibilities.
- Reduce the likelihood that human error will occur. In addition to educating employees about hackers’ tactics, revise your internal controls. NMU, for instance, no longer sends any hyperlinks from its payroll or help desk departments, so employees can’t be tricked into connecting to a bogus website. The university also changed its process for changing bank accounts, adding more verification steps for employees to follow.
Dore offers another suggestion: “Designate separate workstations for only wire transfers and banking, where no e-mail activity occurs,” she says, “so hackers can’t gain access through a back door.”
SUBMITTED BY Sandra R. Sabo, Mendota Heights, Minn., who covers higher education business issues for Business Officer.
CYBERCRIME AT A GLANCE
75%
Percent of data breaches perpetrated by people outside the affected organization.
29,611
Average number of records affected by a data breach in the United States.
$158
Average cost per lost or stolen record to recover from a data breach.
25%
Percent of data breaches arising from human error or carelessness.
66%
Percent of malware installed via malicious e-mail attachments.
81%
Percent of hacking-related breaches that leverage weak and/or stolen passwords.
123456
Most commonly used password.
Sources: Ponemon 2016 Cost of Data Breach Study; Verizon 2017 Data Breach Investigations Report
Tracking, budgeting for, and collaborating on energy solutions were common themes of several sustainability-focused sessions at the NACUBO 2017 Annual Meeting in Minneapolis. Following are a few session summaries.
Collaborating to Achieve STARS
More than 700 U.S. colleges and universities currently use AASHE’s Sustainability Tracking, Assessment, and Rating System (STARS) to gather data about campus sustainability performance that spans operations, academics, engagement, and planning and administration. While individual institutions may have different goals and outcomes in mind for their sustainability efforts, common themes for using the tool include engaging stakeholders, managing strategic priorities, and creating opportunities for continuous improvement that reduce an institution’s environmental impact while infusing the curriculum and research components with sustainability initiatives.
In the annual meeting session, “Collaborating to Achieve STARS: Why, What, How—Obstacles and Benefits,” Ruth Johnston, vice chancellor, planning and administration, for University of Washington Bothell, said STARS is helping UW show impact, keep sustainability at the top of institutional priorities, break down silos, track improvements, and build a community of sustainability managers and champions across campus locations. In doing so, the tool is also helping the university tell its story and enhance the culture of sustainability at UW. Related use of data for planning and decision making demonstrates transparency within the campus community, with peers, and with the public.
The value of STARS for Julie Feier, vice president of finance and administration and CFO, Western State Colorado University, Gunnison, is the ability to centralize sustainability data, knowledge, and efforts. This, in turn, is helping her institution better analyze efforts and assess strengths and weaknesses, as well as plan future projects and marketing efforts. According to Feier, STARS gives students, faculty, and staff immediate goals to work toward, the potential for interdisciplinary collaboration, and an accompanying sense of accomplishment.
Playing Out Budget Options
Trying to achieve consensus about deferred maintenance priorities can be tough. In the session, “Integrative Planning: Achieving Campus Resilience and Vitality Within Your Budget,” presenters explained that one way to break the ice on these difficult discussions is to play a game.
Attendees were introduced to Campus Resilience, a collaborative campus planning game, where each player assumes a different stakeholder’s role (student, faculty member, facilities director, business officer, sustainability coordinator) to plan campus development initiatives. The efforts must support the academic experience, while also balancing funding of sustainability projects and carbon neutrality goals with operational and deferred maintenance needs.
In effect, this game mimics the real competition for resources that every campus faces. It also encourages crossdivisional teams to collaborate on solutions and determine which priorities to tackle first. This integrated approach to planning for facilities also introduces resilience “wild cards”—for instance, unexpected weather events or accidents that disrupt or disable critical infrastructure for which players must re-examine spending priorities.
The game is available as a workshop led by Elizabeth Turner, campus planner, LHB Inc. (elizabeth@precipitatearch.com).
Collaboration on Savings
The myth that sustainability doesn’t offer a good payback has been debunked time and again.
Many colleges and universities have experienced firsthand the healthy financial returns that can result from investing in a range of energy projects and environmentally sustainable practices. That’s certainly been the case for Georgia Institute of Technology, Atlanta.
Steven Swant, Georgia Tech’s executive vice president for administration and finance, suggested in the session, “Collaborating to Achieve Sense and Sensibility,” that success in this arena often means having leaders identify the broader goals and then getting out of the way to allow others to be creative in the execution of those goals.
For many of these projects, a natural partnership will emerge among the business office, facilities, and sustainability personnel. Ensuring the process remains inclusive of different perspectives is likewise essential to success. For instance, the bottom line from a dollar perspective may be to reduce utility costs and deferred maintenance. From a people standpoint, it may be to improve the campus experience and community engagement. And, from an environmental standpoint, what’s most critical is the ability to meet compliance and health and safety requirements.
All perspectives are important and all impact the institution’s reputation. To facilitate successful campus sustainability projects requires, foremost, defining what return on investment means for you and your partners. Other components for success include articulating and communicating a shared vision and goals, translating strategy to tactics, and prioritizing data points without drowning in the data.
SUBMITTED BY Karla Hignite, New York City, contributing editor, Business Officer.
“Twenty-five percent of students experience depression, and 21 percent screen positive for an anxiety disorder. … To meet students’ mental health needs, there is a clear urgency to continue to gain understanding of the ever-changing mental health landscape on college and university campuses.”
—September 2017 webinar based on research findings of Healthy Minds Network, the Association for University and College Counseling Center Directors, and Kognito
Fast Fact
Study Abroad to Land a Job
At its Summit on Generation Study Abroad, in early October, the Institute of International Education (IIE) released a new report, Gaining an Employment Edge: The Impact of Study Abroad on 21st Century Skills and Career Prospects.
The survey analysis is based on responses from more than 4,500 U.S. college and university alumni at various stages of their careers, as well as in-depth interviews. IIE reports that the experience of studying abroad contributes to the development of transferrable skills and positive employment gains, with the impacts varying according to program characteristics, study destinations, and students’ goals.
Mergers as a Strategy
As colleges and universities look for ways to achieve greater efficiencies, mergers—once thought of as a last resort—should be proactively considered as part of an institution’s long-term strategy, according to new research by the TIAA Institute.
The report, Mergers in Higher Education: A Proactive Strategy for a Better Future, examines the operational decisions and implementation details that help make mergers effective. That said, the desire for cost savings or simply becoming a larger entity should not be the primary drivers of a merger. “The decision to consolidate or merge institutions is never easy and, at times, may be costly,” explains report co-author Ricardo Azziz, chief officer, academic health and hospital affairs, the State University of New York, “however, it is a critical tactic that many higher education leaders should consider when thinking about their school’s future.”
