In recent years, cyberattacks on government entities have garnered a lot of headlines. Yet higher education has arguably seen the greatest increase in breaches. These actions can cost colleges and universities millions of dollars, put student, faculty, and staff data at risk, and undermine faith in the institution itself. In this article, we’ll explore recent incidents, examine why on-premises document management and process automation solutions are vulnerable, and suggest how cloud-based platforms can provide a stronger defense and peace of mind to higher, further, and K-12 education.
There have been several recent high-profile cyberattacks on colleges, universities, and local government departments. “A cyberattack caused St. Louis County to shut down some computer systems used to look up court cases, issue charges and process people in custody at the jail,” stated a September 2023 story in the St. Louis Post-Dispatch. The writer went on to quote County Executive Sam Page as saying, “The cost of even a temporary shutdown of county government far exceeds the investment we need to make in cybersecurity. And yesterday we thought a shutdown was where we were headed.”
Missouri is far from the only state subjected to such a security breach. The University of Michigan was without full internet access for two days following a cyberattack. “The incident comes weeks after the White House held a high-profile meeting with K-12 school administrators highlighting the need to protect schools against ransomware and other hacks ahead of the new school year,” stated a CNN news report. Later in the story, the writer revealed that “Lincoln College, a predominantly Black institution in central Illinois, was forced to close permanently last year after a cyberattack and the coronavirus pandemic crippled its finances.”
Getting Government Involved in Cybersecurity
The initiative this CNN article refers to is run by the US Department of Education, which convened a Government Coordinating Council (GCC) and will issue three briefs on the increasing prevalence and costs associated with cyberattacks. An August 2023 press release outlined five key elements:
- Enhancing Continuous Risk Management: Addressing the ever-evolving threat landscape by adopting a proactive approach to managing cybersecurity risks.
- Utilizing Analogies for Understanding: Leveraging lessons from physical world scenarios to comprehensively grasp and tackle cybersecurity challenges.
- Prioritizing and Implementing Mitigation Strategies: Identifying the most critical risks and applying effective mitigations such as multi-factor authentication, robust password policies, phishing prevention, and regular software updates.
- Building Resilience for Cyber Incidents: Developing and practicing cyber incident response plans to minimize the impact of potential cybersecurity breaches.
- Vendor Engagement for Enhanced Security: Encouraging vendors to invest in secure design principles, obtain cyber risk assurance certifications, and establish security vulnerability disclosure practices.
Bolstering Data Privacy with Cloud-Based Document Management
If schools and local governments are to withstand the more common and damaging impact of ransomware and other forms of cyberattacks, it’s not enough for federal organizations to take a stand. Colleges and universities, and state and local entities can also become more proactive by carefully scrutinizing their existing document management, workflow, and eForms solutions. If these are hosted on premises, there is an increased risk of firewalls being breached and user data becoming exposed to nefarious third parties.
In contrast, a cloud-based platform offers much more robust security features, redundant backups, and continuous uptime, whether an organization has one location or many – like a multi-campus university or school district. Instead of student, staff, and citizen data stored on local servers, all documentation is centralized and collated in a secure data center. These must conform to the latest security standards, such as NIST 800-53 for government entities and the Family Educational Rights and Privacy Act (FERPA) for schools, colleges, and universities.
Assessing Cybersecurity Expertise
When considering potential document management and process automation vendors, it’s vital to carefully examine their track records supporting the public sector. Ask each company to provide you with a detailed rundown of their cybersecurity protocols and to illustrate how it helps meet or surpass current regulatory mandates. Also request customer success stories and opportunities to connect with existing clients so you can better understand how a cloud-based document management and workflow system helped them effectively address data security concerns.
It's also worthwhile to seek out vendors with a dedicated security or data privacy team led by experts in the field. Employees who hold qualifications such as CISSP (Certified Information Systems Security Professional) have been through demanding training and evaluation processes that equip them with a standardized approach to data management and security. Combined with a cloud-based solution, such acumen ensures your users’ Sensitive Personally Identifiable Information (SPII) will stay safe and content will still be available in the event of a ransomware attack or other kind of cyberattack.
To help IT/IS administrators, executives, and leaders make more informed decisions about the next steps of their content management strategy, cybersecurity roadmap, and disaster recovery plan, Softdocs hosted a free webinar. Led by Tim Welsh, recently retired VP for Information Technologies at Kalamazoo Valley Community College, this informative roundtable discussion brought together a group of respected industry experts, thought leaders, and cybersecurity professionals to share their insights and experiences.
In this webinar, we covered:
- Understand the unique cybersecurity challenges in higher education and the role of cloud technologies in mitigating these risks
- Gain insights into effective deployment strategies and best practices to secure institutional data and maintain privacy using cloud services
- Learn about key regulatory compliance issues associated with cybersecurity in higher education and strategies for meeting these requirements in a cloud-based environment
- Consider the possible departmental and enterprise-wide impacts of AI in higher education
With the number of cyberattacks rising and the cost per incident soaring, colleges and universities cannot afford to sit back and hope their on-premises applications pass the test. Instead, they’d do well to migrate to the latest generation of cloud-based document management and workflow solutions, which offer industry-standard protection for content, data, and end users.
Want to tap into these benefits of a more secure solution for your organization? Contact us today!