Ransomware and other types of cyberattacks are becoming more frequent, doing more damage, and getting more expensive. It’s hard to look at local or national news without seeing some college or university’s defenses have been breached and data privacy compromised. In a recent Softdocs webinar moderated by Scott Craig, Senior Vice President of Product & Strategy, a panel of industry experts gathered to discuss the latest safeguards to prevent cyberattacks and keep students’ information secure.
Cybersecurity is one of the most urgent issues in higher ed IT. Schools are among the top targets for attacks of this kind. In fact, 64 percent of colleges and universities were targeted by a ransomware attack in the last twelve months according to Higher Ed Dive, up from 44 percent in the previous period. The cost of each incident is increasing, with over half of institutions subjected to an attack paying to get their data back. The time it takes to remedy the situation and implement new protections is also trending upward. That’s why it’s essential for schools to seek solutions to help them comply with the latest data security mandates.
“We looked at our compliance with some of the regulations, such as FERPA, and how our backup system was set up,” said Vicki Hoskovec, Director of Information Technology at Iowa Western Community College, who decided to integrate Softdocs with Ellucian Colleague SaaS after replacing Perceptive Content.
“One of the reasons we moved to Softdocs is because our prior solution was on-premises, and by moving to a cloud solution, some the vendor helps ensure compliance. Softdocs is very focused on higher education, so we were comfortable with their security posture and all the processes and policies they have in place.”
Getting Leadership Support and Educating End Users
When a school’s IT/IS group starts looking for a cloud-based document management platform and other systems that will safeguard the privacy and integrity of student and staff data, it’s essential to get the full backing of campus executives.
“You have to get leadership’s buy-in,” Hoskovec said. “Without that support, you are just treading water and trying to keep up. But if your leadership understands the value of your cybersecurity plan, and if everyone is regularly communicating, including between employees, students, and vendors, that goes a long way.”
In addition to convincing leadership that cybersecurity is a top priority, colleges and universities would do well to also educate the end users about the basics of cyberattacks and keep them updated on best practices.
“Regular end-user training is so important because you can have the most secure network in the world, but if someone makes a bad decision or is unable to identify or verify where a phishing attack is coming from and you accidentally let somebody into the system, then they're in,” said Beth Pulliam, Director of ERP and Information Security at Rockingham Community College. “So we promote monthly cybersecurity training for all our full-time employees and require 100 percent participation. If you don't participate, you lose your network access. We haven’t had to cut anybody off yet, but we feel very strongly about that.”
Choosing a Secure Document Management Platform and a Proven Vendor
Many colleges and universities have legacy document management systems in place. While these provide some efficiencies over paper processes, they are outdated compared to the new cloud-based content management and workflow platforms. The latter offers more robust security protocols and protects user data in a secure data center that meets SOC 2 standards.
“We transitioned from ImageNow to Softdocs because we saw it as a more robust product that would allow us to do process automation much easier and quicker,” said Billy Gaston, Information Technology Services Director at Francis Tuttle Technology Center. “To combat cyberattacks, you need to collaborate with others, exchange knowledge, and partner with vendors like Softdocs, who will help you to pinpoint where to strategically place funding. That way you can get the best bang for your buck. We can’t do this alone when we’re dealing with foreign entities – we need each other.”
Picking the Right Vendor Partners
As important as it undoubtedly is to choose a document management and workflow platform that offers robust security features, it’s also key for schools to select a vendor that has a track record of successful deployments in higher education and a reputation for being a communicative and collaborative partner over the long haul. All the webinar attendees agreed that EDUCAUSE forums can offer guidance from other schools that have already been down the road of deploying a document management platform and other applications that advance the fight against cyberattacks.
“Make sure you're partnering with someone that will work with you,” said Cameron Armistead, CISSP, Cloud Operations Manager at Softdocs. “You shouldn’t simply sign a contract, move on, and never talk to your vendor ever again. You want to make sure on this security journey, we're all working together and fighting the same fight.”
If a school’s IT/IS team does its due diligence when vetting vendors and the software they provide, they’ll go a long way to ward off the cyberattack threat. It’s essential to keep an ear to the ground within the higher education market and the security space, as the landscape constantly shifts.
“You have to talk about the current threats, understand what the next bad thing is going to be, and try to stay one step ahead of that,” Pulliam said. “You can pay for a solution to help mitigate these vulnerabilities or you can pay the price of being unable to operate if the worst case happens. Making that investment will be the difference between being able to continue working or being dead in the water.”
To learn more about how Softdocs’ cloud-based content management systems can keep your school’s data protected and deliver continuous uptime, contact us today.