Page 123 - Security Today, March 2020
P. 123
Ethics– zeroes in on individual responsibili- ties. It encourages students and staff to phys- ically secure laptops, register devices, install tracking software and meet minimum encryption standards for data security.
The second half of the guide delves into the Berkeley Data Responsibility and Stan- dards Guidelines, which protect the confi- dentiality and integrity of Berkeley Campus Data. In identifying data security as a shared responsibility, this section also includes information on Phishing: Suspicious Phone Calls, Texts, Emails, Ransomware: Malware Attacking Computer or Mobile Devices, and Security Basics: 101.
General Student Security Guides
Unlike the University of Northern Colorado and Berkeley, which offer comprehensive cybersecurity guides, other schools elect to wrap cybersecurity into an overall student
security guide that covers multiple facets of the student lifestyle.
The University of Rochester Off-Campus Guide details how students who rent hous- ing in the local community can stay safe and become good neighbors. The guide includes everything from how to find affordable housing close to campus to transportation and rules for partying. But it also includes useful information on how to protect lap- tops and other electronic devices from theft and hackers.
Similarly, the Residents’ Guide published by the University of the West of England is written to provide students with useful infor- mation about living in university accommo- dations and covers everything from dormi- tories to academic facilities to waste and recycling to safety.
Key Concepts to Include in Your School’s Guide
Having seen a few different variations of cybersecurity and in-campus security guide- lines from schools and universities, we can establish that there are certain concepts you cannot miss.
Start from the bottom: personal safety. Berkley’s security 101 is a great example of what core concepts both students and employees need to understand in order to establish a standard line of defense.
Without these basic security concepts, such as password hygiene, users become a direct risk that could potentially bypass any policy in place:
• Password hygiene
• Common phishing tactics • Anti-malware and other
security software
• Credential protection
• Scam detection
• Welcome to the campus security guide Create proper use guidelines for staff.
Faculty laptops and computers should uphold certain standards of use, too. By encouraging and limiting dangerous interac- tions, you can better isolate and secure the data and platforms your staff interacts with.
• Configure automatic lock-screens.
• Install an anti-theft / data protection tool. • Limit unnecessary software usage.
• Implement zero-trust browsing policies. • Instruct users on data handling.
Map data interactions and create poli-
cies. The educational industry handles pri- vate information and sensible data from both parents and students. From financial details, such as loans and payment information, to personal data, such as personal records, social security numbers and performance.
This data passes the hands of teachers, administrative employees, parents and third- party vendors who provide software plat- forms to manage them. All institutions should map these data points of origin, han- dlers and points of transference to ensure all responsible parties are informed of their obligations to this data.
Takeaways
Maybe it is time for your school to pull together a security guide. If you do, we rec- ommend that it addresses both personal responsibilities for educational devices and respect for the campus learning system that contains everyone’s personal data. After all, staying safe is both an individual and a school-wide effort.
Nicolas Poggi is the head of mobile research at Prey Inc.
By Nicolas Poggi
Creating School Cyber Rules
Campus security guides will help managers take care of their tech stack
MARCH/APRIL 2020 campuslifesecurity.com 37
Rawpixel.com/Shutterstock.com